微客网被插入恶意代码

显示全部楼层 · 发表于 2008-5-21 11:42:54

消息来源：知道安全
Log is generated by FreShow.
[wide]http://www.webkey.cn/soft/soft_16/file_1412.html
[frame]http://www.webkey.cn/soft/soft_16/../foot.htm
      [frame]http://www.cieccoo.com/css/js/mm.htm
         [frame]http://www.cieccoo.com/css/js/baidu.html
            [object]http://www.cieccoo.com/css/js/calc.cab
         [frame]http://www.cieccoo.com/css/js/test.htm
            [object]http://www.cieccoo.com/css/js/vip.exe
         [script]http://www.cieccoo.com/css/js/script.js
            [ani]http://www.cieccoo.com/css/js//body.jpg
                  [object]http://www.hitech-industries.com/case/js/vip.exe
            [ani]http://www.cieccoo.com/css/js//title.jpg
                  [object]http://www.hitech-industries.com/case/js/vip.exe

Avk

对象: vip.exe
病毒: Trojan-Spy.Win32.Agent.pi (AVP引擎)
对象: calc.cab vip.exe
病毒: Trojan-Downloader.Win32.Delf.bnj (AVP引擎)
对象: 桌面.rar
路径: C:\Documents and Settings\Administrator\桌面

病毒: Trojan-Spy.Win32.Agent.pi, Trojan-Downloader.Win32.Delf.bnj (AVP引擎)

Dr.web

显示全部楼层 · 发表于 2008-5-21 11:57:25

dns failed

显示全部楼层 · 发表于 2008-5-21 12:07:50

Begin scan in 'C:\Documents and Settings\haha\桌面\桌面.rar'
C:\Documents and Settings\haha\桌面\桌面.rar
  [0] Archive type: RAR
  --> vip.exe
   [DETECTION] Is the Trojan horse TR/Spy.Agent.PI.77
--> calc.cab
   [1] Archive type: CAB (Microsoft)
   --> vip.exe
      --> Object
      [3] Archive type: RSRC
      --> Object
            [DETECTION] Is the Trojan horse TR/Dldr.Delf.bnj.13
   [NOTE]    A backup was created as '4862375d.qua'  ( QUARANTINE )

End of the scan: 2008年5月21日  12:07
Used time: 00:02 min

The scan has been done completely.

   0 Scanning directories
   4 Files were scanned
   2 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   0 files were deleted

显示全部楼层 · 发表于 2008-5-21 12:30:12

kv 1

显示全部楼层 · 发表于 2008-5-21 12:49:32

信息 2008-05-21  12:49:00 您此次查毒共查出2个病毒以及危险代码
信息 2008-05-21  12:49:00 您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件5个
信息 2008-05-21  12:49:00 金山毒霸主程序查毒过程结束，查毒方式：命令行查毒
病毒 2008-05-21  12:49:00 D:\Desktop\×àÃæ.rar\calc.cab\vip.exe Win32.PSWTroj.Delf.wt.99604 跳过，未处理
病毒 2008-05-21  12:49:00 D:\Desktop\×àÃæ.rar\vip.exe Win32.Troj.Agent.pi.291553 跳过，未处理

显示全部楼层 · 发表于 2008-5-21 13:01:55

TR/Spy.Agent.PI.77

显示全部楼层 · 发表于 2008-5-21 14:08:04

对象: vip.exe
路径: F:
Status: 已发现病毒
病毒: Trojan.Spy.Agent.PI (BD 引擎)
对象: vip.exe
在压缩档案里: F:\calc.cab
Status: 已发现病毒
病毒: Trojan.Downloader.Delf.BNJ (BD 引擎)

显示全部楼层 · 发表于 2008-5-21 15:30:13

ACCESS DENIED
The requested URL could not be retrieved

--------------------------------------------------------------------------------

While trying to retrieve the URL: http://bbs.kafan.cn/attachment.p ... 0a&t=1211354922

The folowing error was encountered:

The requested object is INFECTED. The following viruses Trojan-Spy.Win32.Agent.pi were found

Please contact your service provider if you feel this is incorrect.

--------------------------------------------------------------------------------

Generated Wed May 21 15:30:55 2008 by 卡巴斯基反病毒软件 7.0

显示全部楼层 · 发表于 2008-5-21 15:37:51

咖啡也能查杀的

显示全部楼层 · 发表于 2008-5-21 15:40:39

反病毒引擎	版本	最后更新	扫描结果
AhnLab-V3	2008.5.20.0	2008.05.21	-
AntiVir	7.8.0.19	2008.05.21	TR/Spy.Agent.PI.77
Authentium	5.1.0.4	2008.05.21	W32/Trojan.BPTR
Avast	4.8.1195.0	2008.05.21	Win32:Hupigon-BMV
AVG	7.5.0.516	2008.05.20	PSW.Agent.MHV
BitDefender	7.2	2008.05.21	Trojan.Spy.Agent.PI
CAT-QuickHeal	9.50	2008.05.19	Win32.Trojan-Spy.Agent.pi
ClamAV	0.92.1	2008.05.21	-
DrWeb	4.44.0.09170	2008.05.21	Trojan.MulDrop.9334
eSafe	7.0.15.0	2008.05.20	Win32.Agent.pi
eTrust-Vet	31.4.5808	2008.05.21	-
Ewido	4.0	2008.05.20	Logger.Agent.pi
F-Prot	4.4.2.54	2008.05.14	W32/Trojan.BPTR
F-Secure	6.70.13260.0	2008.05.21	Trojan-Downloader.Win32.Delf.bnj
Fortinet	3.14.0.0	2008.05.21	Spy/Agent
GData	2.0.7306.1023	2008.05.21	Trojan-Spy.Win32.Agent.pi
Ikarus	T3.1.1.26.0	2008.05.21	Trojan-Spy.Win32.Agent.vz
Kaspersky	7.0.0.125	2008.05.21	Trojan-Spy.Win32.Agent.pi
McAfee	5299	2008.05.20	Generic.dx
Microsoft	1.3520	2008.05.21	TrojanSpy:Win32/Agent.PI
NOD32v2	3115	2008.05.20	a variant of Win32/Regil
Norman	5.80.02	2008.05.20	-
Panda	9.0.0.4	2008.05.21	Trj/QQPass.AKL
Prevx1	V2	2008.05.21	Malicious Software
Rising	20.45.12.00	2008.05.20	Trojan.Spy.Win32.Agent.pi
Sophos	4.29.0	2008.05.21	Troj/AgenPi-Gen
Sunbelt	3.0.1123.1	2008.05.17	Trojan-Spy.Agent.PI
Symantec	10	2008.05.21	Trojan Horse
TheHacker	6.2.92.314	2008.05.20	Trojan/Spy.Agent.pi
VBA32	3.12.6.6	2008.05.20	Trojan-Spy.Win32.Agent.pi
VirusBuster	4.3.26:9	2008.05.20	Trojan.OnlineGames.Gen.47
Webwasher-Gateway	6.6.2	2008.05.21	Trojan.Spy.Agent.PI.77

[已鉴定] 微客网被插入恶意代码