迅雷主页好象给挂马了

显示全部楼层 · 发表于 2008-4-16 19:06:30

这个地址有毒，不过在迅雷的主页上没发现这个地址

http://ww.baidu.com/new.cab
http://a.xx360.info/101/101.exe
http://a.xx360.info/102/102.exe
http://a.xx360.info/103/103.exe
http://a.xx360.info/104/104.exe
http://a.xx360.info/105/105.exe
.................................
http://a.xx360.info/120/120.exe

MD5值不同，但报的一样

ess扫描日志
病毒库版本: 3030 (20080416)
日期: 2008-4-16 时间: 19:18:50
已扫描的磁盘、文件夹和文件: G:\样本.rar
G:\样本.rar > RAR > 116.exe - Win32/Anilogo.F 蠕虫
G:\样本.rar > RAR > 115.exe - Win32/Anilogo.F 蠕虫
G:\样本.rar > RAR > 114.exe - Win32/Anilogo.F 蠕虫
G:\样本.rar > RAR > 113.exe - Win32/Anilogo.F 蠕虫
G:\样本.rar > RAR > 112.exe - Win32/Anilogo.F 蠕虫
G:\样本.rar > RAR > 111.exe - Win32/Anilogo.F 蠕虫
G:\样本.rar > RAR > 110.exe - Win32/Anilogo.F 蠕虫
G:\样本.rar > RAR > 109.exe - Win32/Anilogo.F 蠕虫
G:\样本.rar > RAR > 108.exe - Win32/Anilogo.F 蠕虫
G:\样本.rar > RAR > 107.exe - Win32/Anilogo.F 蠕虫
G:\样本.rar > RAR > 106.exe - Win32/Anilogo.F 蠕虫
G:\样本.rar > RAR > 101.exe - Win32/Anilogo.F 蠕虫
G:\样本.rar > RAR > 102.exe - Win32/Anilogo.F 蠕虫
G:\样本.rar > RAR > 105.exe - Win32/Anilogo.F 蠕虫
G:\样本.rar > RAR > 104.exe - Win32/Anilogo.F 蠕虫
G:\样本.rar > RAR > 120.exe - Win32/Anilogo.F 蠕虫
G:\样本.rar > RAR > 119.exe - Win32/Anilogo.F 蠕虫
G:\样本.rar > RAR > 118.exe - Win32/Anilogo.F 蠕虫
G:\样本.rar > RAR > 117.exe - Win32/Anilogo.F 蠕虫
已扫描的对象数: 19
发现的威胁数: 19
完成时间: 19:19:03 总扫描时间: 13 秒 (00:00:13)

[ 本帖最后由 tanlimo 于 2008-4-16 19:20 编辑 ]

显示全部楼层 · 发表于 2008-4-16 20:09:54

原帖由 ouzhi1 于 2008-4-16 19:02 发表
状态栏中显示在打开一个网页：ww.statvv.com/109/1.htm
就开迅雷主页有问题，其他正常。

Log is generated by FreShow.
[wide]http://ww.statvv.com/109/1.htm
[object]http://ww.baidu.com/new.cab
[frame]http://ww.statvv.com/109/14.htm
      [object]http://a.xx360.info/109/109.exe
[frame]http://ww.statvv.com/109/real.htm
      [object]http://a.xx360.info/101/101.exe
[frame]http://ww.statvv.com/109/lz.htm
      [object]http://a.xx360.info/102/102.exe

显示全部楼层 · 发表于 2008-4-16 20:10:30

原帖由 tanlimo 于 2008-4-16 19:06 发表
这个地址有毒，不过在迅雷的主页上没发现这个地址

http://ww.baidu.com/new.cab
http://a.xx360.info/101/101.exe
http://a.xx360.info/102/102.exe
http://a.xx360.info/103/103.exe
http://a.xx360.info/10 ...

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Suspicious.Worm.Win32.Autorun.a

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.40.22

显示全部楼层 · 发表于 2008-4-16 20:13:24

Starting the file scan:

Begin scan in 'E:\新建文件夹 (2)\样本.rar'
E:\新建文件夹 (2)\样本.rar
  [0] Archive type: RAR
--> 116.exe
      [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
--> 115.exe
      [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
--> 114.exe
      [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
--> 113.exe
      [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
--> 112.exe
      [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
--> 111.exe
      [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
--> 110.exe
      [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
--> 109.exe
      [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
--> 108.exe
      [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
--> 107.exe
      [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
--> 106.exe
      [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
--> 101.exe
      [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
--> 102.exe
      [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
--> 105.exe
      [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
--> 104.exe
      [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
--> 120.exe
      [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
--> 119.exe
      [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
--> 118.exe
      [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
--> 117.exe
      [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
   [NOTE]    The file was deleted!

End of the scan: 2008年4月16日  20:14
Used time: 00:27 min

The scan has been done completely.

   0 Scanning directories
   20 Files were scanned
   19 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   1 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   1 Files not concerned
   1 Archives were scanned
   0 Warnings
   1 Notes

显示全部楼层 · 发表于 2008-4-16 20:18:18

显示全部楼层 · 发表于 2008-4-16 20:39:39

原帖由 ouzhi1 于 2008-4-16 18:24 发表
我的浏览器没问题吧，一开迅雷主页RealPlayer就闪了一下

那应该是有问题了

显示全部楼层 · 发表于 2008-4-16 20:43:20

原帖由 ouzhi1 于 2008-4-16 18:24 发表
我的浏览器没问题吧，一开迅雷主页RealPlayer就闪了一下

针对realplayer的那个漏洞？？？？？你的realplayer升级到最新版本了的吗？

不好意思，妮妮头晕。不过马上帮你试。

显示全部楼层 · 发表于 2008-4-16 20:46:21

N久没用IE了，一直用傲游

显示全部楼层 · 发表于 2008-4-16 20:46:25

试验结果：

（1）迅雷主页无问题。

（2）上迅雷主页的时候，不会强行打开：ww.statvv.com/109/1.htm。

（3）ww.statvv.com/109/1.htm有问题。不过还没等FS有反应，就被费尔干掉了。

（4）有装realplayer，未见realplayer异常反应。不过realplayer是最新版本的，不知道老版本的那个漏洞会不会被攻击。

[ 本帖最后由妮妮_ 于 2008-4-16 20:48 编辑 ]

显示全部楼层 · 发表于 2008-4-16 21:53:26

现在上终于没事了~~~查不到是什么原因

[已鉴定] 迅雷主页好象给挂马了

回复 10楼 ouzhi1 的帖子

20/19

回复 11楼 tanlimo 的帖子