被挂了？

显示全部楼层 · 发表于 2008-4-15 01:42:58

被挂了？

可疑网址：ht tp://news.crsky.com/it/200804/19998.html

文件 01.rar 接收于 2008.04.14 19:15:16 (CET)
ht tp://www.virustotal.com/zh-cn/analisis/c854b99439ed7eb9b71f969934a8603e

全过~~

文件 002.rar 接收于 2008.04.14 19:25:23 (CET)
h ttp://www.virustotal.com/zh-cn/analisis/eb99ade7dc2b01f78dfbabc16eb85d9c

文件 003.rar 接收于 2008.04.14 19:29:35 (CET)
结果: 3/31 (9.68%)
ht tp://www.virustotal.com/zh-cn/analisis/0dd9fdc64f56d5e8ebff98e565df743d

反病毒引擎版本最后更新扫描结果
AhnLab-V3 2008.4.15.0 2008.04.14 -
AntiVir 7.6.0.85 2008.04.14 HTML/Dldr.Delf.5458
Authentium 4.93.8 2008.04.13 -
Avast 4.8.1169.0 2008.04.14 -
AVG 7.5.0.516 2008.04.14 JS/Downloader.Small
BitDefender 7.2 2008.04.14 -
CAT-QuickHeal 9.50 2008.04.14 -
ClamAV 0.92.1 2008.04.14 -
DrWeb 4.44.0.09170 2008.04.14 -
eSafe 7.0.15.0 2008.04.09 -
eTrust-Vet 31.3.5697 2008.04.14 -
Ewido 4.0 2008.04.14 -
F-Prot 4.4.2.54 2008.04.14 -
F-Secure 6.70.13260.0 2008.04.14 -
FileAdvisor 1 2008.04.14 -
Fortinet 3.14.0.0 2008.04.14 -
Ikarus T3.1.1.26 2008.04.14 -
Kaspersky 7.0.0.125 2008.04.14 -
McAfee 5272 2008.04.11 -
Microsoft 1.3408 2008.04.14 -
NOD32v2 3025 2008.04.14 -
Norman 5.80.02 2008.04.14 -
Panda 9.0.0.4 2008.04.14 -
Prevx1 V2 2008.04.14 -
Rising 20.40.02.00 2008.04.14 -
Sophos 4.28.0 2008.04.14 -
Sunbelt 3.0.1041.0 2008.04.12 -
TheHacker 6.2.92.277 2008.04.14 -
VBA32 3.12.6.4 2008.04.14 -
VirusBuster 4.3.26:9 2008.04.14 -
Webwasher-Gateway 6.6.2 2008.04.14 Script.Dldr.Delf.5458
附加信息
File size: 1810 bytes
MD5...: a246099205e7f0598cb91009470aafc3
SHA1..: c5f25baa32d4c35fdee04d539aa01701488b8ca3
SHA256: 189071d11713078a75219559c90350842cfbad8d9fafef96736f7bc2887c99ac
SHA512: df268eb9405230e6d2854799bf92970e93b90d43ce84fd4d734d29b48203468d
6422cc8a3f875c34ec20ed0336b3d02b617b4d07bd919a379fd652d7da483007
PEiD..: -
PEInfo: -
C:\Documents and Settings\小飞侠.net\桌面\样本\003.rar>>003\u[1].htm HTML.IframeNoise.d 病毒还未处理
C:\Documents and Settings\小飞侠.net\桌面\样本\01.rar>>01\3[1].gif JS.Decoder.v 病毒还未处理
C:\Documents and Settings\小飞侠.net\桌面\样本\002.rar>>002\1[3].gif JS.Decoder.v 病毒还未处理
费尔爆！

[ 本帖最后由小飞侠.net 于 2008-4-15 01:52 编辑 ]

显示全部楼层 · 发表于 2008-4-15 03:08:58

Hello,

1[3].gif_ - Trojan-Downloader.JS.Agent.brx,
3[1].gif_ - Exploit.HTML.IESlice.fp,
u[1].htm_ - Trojan-Downloader.JS.Agent.bry

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

Please quote all when answering.

--
Best regards, Yury Nesmachny
Virus analyst, Kaspersky Lab.

显示全部楼层 · 发表于 2008-4-15 05:29:44

Access to the data has been denied!
Warning: A virus or unwanted program has been found in the HTTP Data.

Requested URL: http://bbs.kafan.cn/attachment.php?aid=241320
Information: Contains detection pattern of the HTML script virus HTML/Dldr.Delf.5458

--------------------------------------------------------------------------------
Generated by AntiVir WebGuard 8.0.13.0, AVE 8.1.0.30, VDF 7.0.3.164

显示全部楼层 · 发表于 2008-4-15 07:44:31

这种性质的东西金山无悬念飘

显示全部楼层 · 发表于 2008-4-15 10:41:10

C:\Documents and Settings\haha\桌面\003.rar
  [0] Archive type: RAR
  --> 003\u[1].htm
   [DETECTION] Contains detection pattern of the HTML script virus HTML/Dldr.Delf.5458
   [NOTE]    A backup was created as '48371616.qua'  ( QUARANTINE )

显示全部楼层 · 发表于 2008-4-15 11:00:01

没发现？？

显示全部楼层 · 发表于 2008-4-15 12:59:17

回楼上~CRSKY已清除了

显示全部楼层 · 发表于 2008-4-15 15:43:38

The file '3[1].gif' has been determined to be 'CLEAN'.
The file '1[3].gif' has been determined to be 'CLEAN'.

显示全部楼层 · 发表于 2008-4-15 16:24:39

Log is generated by FreShow.
      [frame]http://u.cncz.us/new000.htm
         [frame]http://u.cncz.us/w/u.html
            [frame]http://u.cncz.us/w/1.gif
                  [object]http://d.5i6.info/d/614.exe
            [frame]http://u.cncz.us/w/7.gif
                  [object]http://d.5i6.info/d/r11.exe
            [frame]http://u.cncz.us/w/2.gif
                  [object]http://d.5i6.info/d/rl.exe
            [frame]http://u.cncz.us/w/3.gif
                  [object]http://d.5i6.info/d/bf.exe
            [frame]http://u.cncz.us/w/4.gif
                  [object]http://d.5i6.info/d/pps.exe
            [frame]http://u.cncz.us/w/5.gif
                  [object]http://d.5i6.info/d/lz.exe
            [frame]http://u.cncz.us/w/6.gif
                  [object]http://d.5i6.info/d/xl.exe

38323e5d6d131656d2ea0206b6f9bbdb 614.exe
38323e5d6d131656d2ea0206b6f9bbdb bf.exe
38323e5d6d131656d2ea0206b6f9bbdb lz.exe
38323e5d6d131656d2ea0206b6f9bbdb pps.exe
38323e5d6d131656d2ea0206b6f9bbdb r11.exe
38323e5d6d131656d2ea0206b6f9bbdb rl.exe
38323e5d6d131656d2ea0206b6f9bbdb xl.exe

都是一个东西

ess报Win32/TrojanDownloader.Small.NZS 特洛伊木马

显示全部楼层 · 发表于 2008-4-15 16:29:21

Starting the file scan:

Begin scan in 'E:\新建文件夹 (2)\614.exe'
E:\新建文件夹 (2)\614.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ppu
[NOTE] The file was deleted!

[已鉴定] 被挂了？