楼主: ouzhi1
收起左侧

[已鉴定] 迅雷主页好象给挂马了

 关闭 [复制链接]
tanlimo
发表于 2008-4-16 19:06:30 | 显示全部楼层

回复 10楼 ouzhi1 的帖子

这个地址有毒,不过在迅雷的主页上没发现这个地址

http://ww.baidu.com/new.cab
http://a.xx360.info/101/101.exe
http://a.xx360.info/102/102.exe
http://a.xx360.info/103/103.exe
http://a.xx360.info/104/104.exe
http://a.xx360.info/105/105.exe
.................................
http://a.xx360.info/120/120.exe


MD5值不同,但报的一样


ess扫描日志
病毒库版本: 3030 (20080416)
日期: 2008-4-16  时间: 19:18:50
已扫描的磁盘、文件夹和文件: G:\样本.rar
G:\样本.rar > RAR > 116.exe - Win32/Anilogo.F 蠕虫
G:\样本.rar > RAR > 115.exe - Win32/Anilogo.F 蠕虫
G:\样本.rar > RAR > 114.exe - Win32/Anilogo.F 蠕虫
G:\样本.rar > RAR > 113.exe - Win32/Anilogo.F 蠕虫
G:\样本.rar > RAR > 112.exe - Win32/Anilogo.F 蠕虫
G:\样本.rar > RAR > 111.exe - Win32/Anilogo.F 蠕虫
G:\样本.rar > RAR > 110.exe - Win32/Anilogo.F 蠕虫
G:\样本.rar > RAR > 109.exe - Win32/Anilogo.F 蠕虫
G:\样本.rar > RAR > 108.exe - Win32/Anilogo.F 蠕虫
G:\样本.rar > RAR > 107.exe - Win32/Anilogo.F 蠕虫
G:\样本.rar > RAR > 106.exe - Win32/Anilogo.F 蠕虫
G:\样本.rar > RAR > 101.exe - Win32/Anilogo.F 蠕虫
G:\样本.rar > RAR > 102.exe - Win32/Anilogo.F 蠕虫
G:\样本.rar > RAR > 105.exe - Win32/Anilogo.F 蠕虫
G:\样本.rar > RAR > 104.exe - Win32/Anilogo.F 蠕虫
G:\样本.rar > RAR > 120.exe - Win32/Anilogo.F 蠕虫
G:\样本.rar > RAR > 119.exe - Win32/Anilogo.F 蠕虫
G:\样本.rar > RAR > 118.exe - Win32/Anilogo.F 蠕虫
G:\样本.rar > RAR > 117.exe - Win32/Anilogo.F 蠕虫
已扫描的对象数: 19
发现的威胁数: 19
完成时间: 19:19:03  总扫描时间: 13 秒 (00:00:13)


[ 本帖最后由 tanlimo 于 2008-4-16 19:20 编辑 ]

样本.rar

339.61 KB, 下载次数: 66

qigang
发表于 2008-4-16 20:09:54 | 显示全部楼层
原帖由 ouzhi1 于 2008-4-16 19:02 发表
状态栏中显示在打开一个网页:ww.statvv.com/109/1.htm
就开迅雷主页有问题,其他正常。



Log is generated by FreShow.
[wide]http://ww.statvv.com/109/1.htm
    [object]http://ww.baidu.com/new.cab
    [frame]http://ww.statvv.com/109/14.htm
        [object]http://a.xx360.info/109/109.exe
    [frame]http://ww.statvv.com/109/real.htm
        [object]http://a.xx360.info/101/101.exe
    [frame]http://ww.statvv.com/109/lz.htm
        [object]http://a.xx360.info/102/102.exe
qigang
发表于 2008-4-16 20:10:30 | 显示全部楼层

20/19

原帖由 tanlimo 于 2008-4-16 19:06 发表
这个地址有毒,不过在迅雷的主页上没发现这个地址

http://ww.baidu.com/new.cab
http://a.xx360.info/101/101.exe
http://a.xx360.info/102/102.exe
http://a.xx360.info/103/103.exe
http://a.xx360.info/10 ...



瑞星病毒查杀结果报告

清除病毒种类列表:

病毒: Suspicious.Worm.Win32.Autorun.a

MAC 地址:00:11:5B:F3:6D:69

用户来源:互联网

软件版本:20.40.22
Exia 该用户已被删除
发表于 2008-4-16 20:13:24 | 显示全部楼层

回复 11楼 tanlimo 的帖子

Starting the file scan:

Begin scan in 'E:\新建文件夹 (2)\样本.rar'
E:\新建文件夹 (2)\样本.rar
  [0] Archive type: RAR
    --> 116.exe
          [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
    --> 115.exe
          [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
    --> 114.exe
          [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
    --> 113.exe
          [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
    --> 112.exe
          [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
    --> 111.exe
          [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
    --> 110.exe
          [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
    --> 109.exe
          [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
    --> 108.exe
          [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
    --> 107.exe
          [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
    --> 106.exe
          [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
    --> 101.exe
          [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
    --> 102.exe
          [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
    --> 105.exe
          [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
    --> 104.exe
          [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
    --> 120.exe
          [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
    --> 119.exe
          [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
    --> 118.exe
          [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
    --> 117.exe
          [DETECTION] Contains detection pattern of the worm WORM/Cekar.A
      [NOTE]      The file was deleted!


End of the scan: 2008年4月16日  20:14
Used time: 00:27 min

The scan has been done completely.

      0 Scanning directories
     20 Files were scanned
     19 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      1 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      1 Files not concerned
      1 Archives were scanned
      0 Warnings
      1 Notes
wangjay1980
发表于 2008-4-16 20:18:18 | 显示全部楼层
K
屏幕截图00041.png
508642017
发表于 2008-4-16 20:39:39 | 显示全部楼层
原帖由 ouzhi1 于 2008-4-16 18:24 发表
我的浏览器没问题吧,一开迅雷主页RealPlayer就闪了一下

那应该是有问题了
妮妮_
头像被屏蔽
发表于 2008-4-16 20:43:20 | 显示全部楼层
原帖由 ouzhi1 于 2008-4-16 18:24 发表
我的浏览器没问题吧,一开迅雷主页RealPlayer就闪了一下


针对realplayer的那个漏洞?????你的realplayer升级到最新版本了的吗?

不好意思,妮妮头晕。不过马上帮你试。
边缘vip
发表于 2008-4-16 20:46:21 | 显示全部楼层
N久没用IE了,一直用傲游
妮妮_
头像被屏蔽
发表于 2008-4-16 20:46:25 | 显示全部楼层
试验结果:

(1)迅雷主页无问题。

(2)上迅雷主页的时候,不会强行打开:ww.statvv.com/109/1.htm。

(3)ww.statvv.com/109/1.htm有问题。不过还没等FS有反应,就被费尔干掉了。


(4)有装realplayer,未见realplayer异常反应。不过realplayer是最新版本的,不知道老版本的那个漏洞会不会被攻击。

[ 本帖最后由 妮妮_ 于 2008-4-16 20:48 编辑 ]
ouzhi1
 楼主| 发表于 2008-4-16 21:53:26 | 显示全部楼层
现在上终于没事了~~~查不到是什么原因
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-11-15 02:12 , Processed in 0.100705 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表