"申通快递"主页的计数器还是有问题的

hj5abc

早上第一次上它主页就被XX

firefox + noscript 上去无限打开标签页 关了后系统里的程序胡乱自启动 ..

但sreng和wsyscheck都没发现什么问题 也扫不出什么病毒.

但第二次上去就没事了.

orz.

[ 本帖最后由 hj5abc 于 2008-3-30 18:30 编辑 ]

Starting the file scan:
Begin scan in 'D:\yes.exe'
D:\yes.exe
      [DETECTION] Contains suspicious code HEUR/Crypted
      [INFO]      The file was moved to '4862775f.qua'!
Begin scan in 'D:\014.exe'
D:\014.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Delf.epw.1
      [INFO]      The file was deleted!
Begin scan in 'D:\bf.exe'
D:\bf.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Delf.epw.1
      [INFO]      The file was deleted!
Begin scan in 'D:\pps.exe'
D:\pps.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Delf.epw.1
      [INFO]      The file was deleted!
Begin scan in 'D:\lz.exe'
D:\lz.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Delf.epw.1
      [INFO]      The file was deleted!
Begin scan in 'D:\614.exe'
D:\614.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ppu
      [INFO]      The file was deleted!
Begin scan in 'D:\rl.exe'
D:\rl.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ppu
      [INFO]      The file was deleted!
Begin scan in 'D:\xl.exe'
D:\xl.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ppu
      [INFO]      The file was deleted!
Begin scan in 'D:\ad.cab'
D:\ad.cab
  [0] Archive type: CAB (Microsoft)
  --> ad.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ppu
      [INFO]      The file was deleted!
Begin scan in 'D:\001.exe'
D:\001.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO]      The file was deleted!

End of the scan: 2008年3月30日  19:18
Used time: 00:23 min
The scan has been done completely.
      0 Scanning directories
     11 Files were scanned
      9 viruses and/or unwanted programs were found
      1 Files were classified as suspicious:
      9 files were deleted
      0 files were repaired
      1 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      2 Files not concerned
      1 Archives were scanned
      0 Warnings
      0 Notes

[ 本帖最后由 Exia 于 2008-3-30 19:17 编辑 ]

28654621

费尔快累死了
        2008-3-30 18:30:13        JS.Decoder.v        病毒        Administrator        D:\Sandbox\Administrator\Software\drive\D\Program Files\Opera\profile\cache4\opr0200Q.htm        Realtime scan
        2008-3-30 18:30:13        HTML.SecretOut.c        可疑程序        Administrator        D:\Sandbox\Administrator\Software\drive\D\Program Files\Opera\profile\cache4\opr0200P.htm        Realtime scan
        2008-3-30 18:30:13        HTML.SecretOut.c        可疑程序        Administrator        D:\Sandbox\Administrator\Software\drive\D\Program Files\Opera\profile\cache4\opr0200O.htm        Realtime scan
        2008-3-30 18:30:13        JS.Decoder.v        病毒        Administrator        D:\Sandbox\Administrator\Software\drive\D\Program Files\Opera\profile\cache4\opr0200N.htm        Realtime scan
        2008-3-30 18:30:13        JS.WindowObject.Exploit.a        可疑程序        Administrator        D:\Sandbox\Administrator\Software\drive\D\Program Files\Opera\profile\cache4\opr0200M.htm        Realtime scan
        2008-3-30 18:30:13        JS.Decoder.v        病毒        Administrator        D:\Sandbox\Administrator\Software\drive\D\Program Files\Opera\profile\cache4\opr0200K.html        Realtime scan
        2008-3-30 18:30:13        HTML.IframeNoise.d        病毒        Administrator        D:\Sandbox\Administrator\Software\drive\D\Program Files\Opera\profile\cache4\opr0200J.html        Realtime scan
        2008-3-30 18:30:13        HTML.SecretOut.c        可疑程序        Administrator        D:\Sandbox\Administrator\Software\drive\D\Program Files\Opera\profile\cache4\opr0200I.htm        Realtime scan
        2008-3-30 18:30:13        JS.Decoder.v        病毒        Administrator        D:\Sandbox\Administrator\Software\drive\D\Program Files\Opera\profile\cache4\opr0200E.htm        Realtime scan
        2008-3-30 18:30:13        Script.HttpDownloader.i        病毒        Administrator        D:\Sandbox\Administrator\Software\drive\D\Program Files\Opera\profile\cache4\opr0200C.htm        Realtime scan
        2008-3-30 18:30:13        HTML.SecretOut.c        可疑程序        Administrator        D:\Sandbox\Administrator\Software\drive\D\Program Files\Opera\profile\cache4\opr02009.htm        Realtime scan
        2008-3-30 18:30:13        HTML.SecretOut.c        可疑程序        Administrator        D:\Sandbox\Administrator\Software\drive\D\Program Files\Opera\profile\cache4\opr02008.htm        Realtime scan
        2008-3-30 18:30:13        HTML.SecretOut.c        可疑程序        Administrator        D:\Sandbox\Administrator\Software\drive\D\Program Files\Opera\profile\cache4\opr02007.htm        Realtime scan
        2008-3-30 18:30:12        JS.Decoder.ai        病毒        Administrator        D:\Sandbox\Administrator\Software\drive\D\Program Files\Opera\profile\cache4\opr02006.htm        Realtime scan
        2008-3-30 18:30:10        HTML.IframeNoise.d        病毒        Administrator        D:\Sandbox\Administrator\Software\drive\D\Program Files\Opera\profile\cache4\opr02003.html        Realtime scan
        2008-3-30 18:30:10        HTML.SecretOut.c        可疑程序        Administrator        D:\Sandbox\Administrator\Software\drive\D\Program Files\Opera\profile\cache4\opr02001.htm        Realtime scan
        2008-3-30 18:30:10        HTML.SecretOut.c        可疑程序        Administrator        D:\Sandbox\Administrator\Software\drive\D\Program Files\Opera\profile\cache4\opr01ZZY.htm        Realtime scan
        2008-3-30 18:30:10        Script.HttpDownloader.y        病毒        Administrator        D:\Sandbox\Administrator\Software\drive\D\Program Files\Opera\profile\cache4\opr01ZZV.htm        Realtime scan
        2008-3-30 18:30:10        JS.Decoder.v        病毒        Administrator        D:\Sandbox\Administrator\Software\drive\D\Program Files\Opera\profile\cache4\opr01ZZT.html        Realtime scan
        2008-3-30 18:30:10        HTML.SecretOut.c        可疑程序        Administrator        D:\Sandbox\Administrator\Software\drive\D\Program Files\Opera\profile\cache4\opr01ZZS.htm        Realtime scan
        2008-3-30 18:30:10        HTML.SecretOut.b        可疑程序        Administrator        D:\Sandbox\Administrator\Software\drive\D\Program Files\Opera\profile\cache4\opr01ZZO.htm        Realtime scan
        2008-3-30 18:30:10        HTML.SecretOut.b        可疑程序        Administrator        D:\Sandbox\Administrator\Software\drive\D\Program Files\Opera\profile\cache4\opr01ZZN.htm        Realtime scan

wangjay1980

to kl

qigang

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Trojan.Win32.Undef.efz   

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.37.62

qigang

原帖由 tanlimo 于 2008-3-30 18:20 发表
这个地址时有时无而且还会自动改变：

现在是：


可能是服务器那边有arp

228740

228741


Log is generated by FreShow.
[wide]http://www.sto.cn
    [frame]http://www.555abc.com/yahoo/index.h ...

确实存在ARP。

allinwonderi

[Scanning : C:\Documents and Settings\All Users\Documents\Test]


C:\Documents and Settings\All Users\Documents\Test\x.rar<RAR>:x.exe<UPack>:x.exe<DLLRES>:res0.exe<UPack>:res0.exe <- Heur.RoundKick : No action



Scanned objects : 6

Infected objects : 1

挪威的冬天

信息        2008-03-30  22:48:15        您此次查毒清除了1个病毒                       
信息        2008-03-30  22:48:15        您此次查毒共查出1个病毒以及危险代码                       
信息        2008-03-30  22:48:15        您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件3个                       
信息        2008-03-30  22:48:15        金山毒霸主程序查毒过程结束，查毒方式：命令行查毒                       
病毒        2008-03-30  22:48:15        D:\Desktop\x.rar\x.exe        Win32.Troj.DownloadT.iv.69632        清除成功