查看: 3271|回复: 10
收起左侧

[已鉴定] 泛滥了-。-

 关闭 [复制链接]
秋叶濛濛
发表于 2008-5-31 00:57:00 | 显示全部楼层 |阅读模式
来源:卡卡安全社区

Log is generated by FreShow.
[wide]http://my.ziqu.com/bbs/665293/messages/74997.html
    [frame]http://my.ziqu.com/bbs/665293/messages/*.html
        [frame]http://pp.cool0.biz/bmw/am2.htm?02
            [frame]http://pp.cool0.biz/ax14.htm
                [object]http://dm.htifns.com.cn/vv.exe
            [frame]http://pp.cool0.biz/re10.htm
            [frame]http://www.tongji123.org/axfs.htm
                [object]http://dm.htifns.com.cn/vv.exe
                [object]http://www.tongji123.org/4561.swf
                    [object]http://www.tongji123.org/4562.swf(老朋友了 就不看了)
            [frame]http://pp.cool0.biz/axlz.htm
                [object]http://dm.htifns.com.cn/vv.exe
            [frame]http://pp.cool0.biz/re11.htm
                [object]http://dm.htifns.com.cn/vv.exe
        [script]http://ad.netsh.com/js/hp.js
            [script]http://smjs.allyes.com/sm.js
                [object]http://smcreative.allyes.com/smcreative/newff/flashpop2_div.js
                [object]http://smcreative.allyes.com/smcreative/newff/flashpop2.js


这两个不会解了...求教下

附样本:

vv.exe vv.rar (22.09 KB, 下载次数: 116)
秋叶濛濛
 楼主| 发表于 2008-5-31 00:59:39 | 显示全部楼层
附上               
[object]http://smcreative.allyes.com/smcreative/newff/flashpop2_div.js
[object]http://smcreative.allyes.com/smcreative/newff/flashpop2.js

解遍evel后的代码...求指点

function setCookie(name,value,expires){document.cookie=name+"="+escape(value)+"; expires="+expires.toGMTString()+"; path=/"}function getfocusepop(){if(temflag!=2){var pluto=opener;oPopup.show(screen.width-popwidth-toleftwid,screen.height-popheight-tobottomhei,popwidth,popheight)}else{oPopup.hide()}}if(window.Node){Node.prototype.removeNode=function(removeChildren){if(removeChildren)return this.parentNode.removeChild(this);else{var range=document.createRange();range.selectNodeContents(this);return this.parentNode.replaceChild(range.extractContents(),this)}}}function disdiv(){if(navigator.userAgent.indexOf("MSIE")>-1){oPopup.document.getElementById("hotson").removeNode(true);oPopup.hide();temflag=2}else{clearInterval(tttt);document.getElementById("hotson").removeNode(true);document.getElementById("imgcoltem").removeNode(true);document.getElementById("divnameimgdis").removeNode(true);document.getElementById("divname1").removeNode(true)}}function load100(){if(temloadyes==1){if(oPopup.document.getElementById("hotson").PercentLoaded()!=100){setTimeout('load100()',50)}else{creativeCookie();setTimeout('popshow()',50)}}else{setTimeout('popshow()',50)}}function creativeCookie(){if(!AllyesviewtvCookieVal)AllyesviewtvCookieVal=1;setCookie(tem11,AllyesviewtvCookieVal,AllyesviewtvExpDate)}function rand(num){return Math.floor(Math.random()*num)+1}var inteval="";var mytime="";function popshow(){if(popTop>920){}else if(popTop<=popheight){oPopup.show(screen.width-popwidth-toleftwid,screen.height,popwidth,popTop)}else if(popTop>popheight){inteval=window.setInterval("getfocusepop()",100)}popTop+=10;mytime=setTimeout("popshow();",flash_settimevalue)}var temopenflag=true;if(navigator.userAgent.indexOf("MSIE")>-1){var oPopup=window.createPopup()}if(!kuantongtitle){kuantongtitle="SmartCreative"}function movelook(){if(navigator.userAgent.indexOf("MSIE")>-1){var temscrolltop=temdocument.scrollTop;var temscrollleft=temdocument.scrollLeft}else{var temscrolltop=window.pageYOffset;var temscrollleft=window.pageXOffset}if(temmoveflag==1){var flash_left2006=temdocument.clientWidth-(popwidth+temleftdeff);var flash_top2006=temdocument.clientHeight-(popheight+temtopdeff);document.getElementById("divname1").style.top=flash_top2006+temscrolltop+"px";if(!document.getElementById("divname1")){document.getElementById("imgcoltem").removeNode(true);document.getElementById("hotson").removeNode(true);return}document.getElementById("divname1").style.left=flash_left2006+temscrollleft+"px";document.getElementById("divnameimgdis").style.top=(flash_top2006+tclosegify)+temscrolltop+"px";document.getElementById("divnameimgdis").style.left=(flash_left2006+popwidth-tclosegifx)+temscrollleft+"px"}else{var flash_left2006=temdocument.clientWidth-(popwidth+temleftdeff);var flash_top2006=temdocument.clientHeight-(popheight+temtopdeff);document.getElementById("divname1").style.top=flash_top2006+"px";if(!document.getElementById("divname1")){document.getElementById("imgcoltem").removeNode(true);document.getElementById("hotson").removeNode(true);return}document.getElementById("divname1").style.left=flash_left2006+"px";document.getElementById("divnameimgdis").style.top=(flash_top2006+tclosegify)+"px";document.getElementById("divnameimgdis").style.left=(flash_left2006+popwidth-tclosegifx)+"px"}}function dohtmlshow(){var openWinCode="";try{temopenflag=videoWin=window.open(openWinCode,"newwin","top="+winTop20060609191217+",left="+winLeft20060609191217+",height="+popheight+",width="+popwidth+",status=no,toolbar=no,menubar=no,location=no,resizable=0,scrollbars=0",false)}catch(e){temopenflag=false}if(temopenflag&&temopenflag!="null"){if(typeof(temopenflag["name"])=="string"){creativeCookie();try{temopenflag.document.write("<html>");temopenflag.document.writeln("<head>");temopenflag.document.writeln("<title>"+kuantongtitle+"</title>");temopenflag.document.writeln("<meta http-equiv='Content-Type' content='text/html; charset=gb2312'>");temopenflag.document.writeln("</head>");temopenflag.document.writeln("<script language=JavaScript>");temopenflag.document.writeln("var ie = "+ie+";");temopenflag.document.writeln("var fvarList = '"+parent.flash_var_list+"';");temopenflag.document.writeln("var flvadd = '"+flvadd+"';");temopenflag.document.writeln("var winLeft = '"+winLeft20060609191217+"';");temopenflag.document.writeln("var winTop = '"+winTop20060609191217+"';");temopenflag.document.writeln("var winWidth = '"+popwidth+"';");temopenflag.document.writeln("var winHeight = '"+popheight+"';");temopenflag.document.writeln("var toolbarHeight = '"+toolbarHeight20060609191217+"';");temopenflag.document.writeln("var toolbarWidth = '"+toolbarWidth20060609191217+"';");temopenflag.document.writeln("var winMove = '40';");temopenflag.document.writeln("var winInterval = "+flash_settimevalue+";");temopenflag.document.writeln("var srcHeight = '"+winLeft20060609191217+"';");temopenflag.document.writeln("var popheight = '"+popheight+"';");temopenflag.document.writeln("var bannerswfadd = '"+bannerswfadd+"';");temopenflag.document.writeln("var temclickadd = '"+temclickadd+"';");temopenflag.document.writeln("var ADFUSERBannerIDAllyes = '"+temclickadd+"';");temopenflag.document.writeln("var ADFHOSTBannerIDAllyes = '"+temadfhost+"';");temopenflag.document.writeln("var adftrack_ref = '"+adftrack_ref+"';");temopenflag.document.writeln("var targetflag = '_blank';");temopenflag.document.writeln("var stopflag = 'stop';");temopenflag.document.writeln("if(ie==true){var temietop=window.screenTop;var temieleft=window.screenLeft;}else{var temietop=window.screenY;var temieleft=window.screenX;}");temopenflag.document.writeln("var cmpWidth = temieleft - winLeft;");temopenflag.document.writeln("var cmpHeight = temietop - winTop;");temopenflag.document.writeln("var intervalHdl;");temopenflag.document.writeln("");temopenflag.document.writeln("var switchFlag = 0;");temopenflag.document.writeln("function fnEffect()");temopenflag.document.writeln("{");temopenflag.document.writeln("if(ie==true){var temietop=window.screenTop;}else{var temietop=window.screenY;}");temopenflag.document.writeln("   if (temietop < screen.height - parseInt(winHeight) - parseInt(toolbarHeight))");temopenflag.document.writeln("   {");temopenflag.document.writeln("    clearTimeout(intervalHdl);");temopenflag.document.writeln("    endWinTop = screen.height - toolbarHeight - winHeight - cmpWidth;");temopenflag.document.writeln("    endWinLeft = winLeft;");temopenflag.document.writeln("    return;");temopenflag.document.writeln("   }else");temopenflag.document.writeln("   {");temopenflag.document.writeln("   try{window.moveTo(winLeft, temietop - winMove);}");temopenflag.document.writeln("   catch(e) {}}");temopenflag.document.writeln("}");temopenflag.document.writeln("</scr"+"ipt>");temopenflag.document.writeln("<body leftmargin=0 topmargin=0 scroll=no>");temopenflag.document.writeln("<IFRAME name=frmdownload src=''style='display:none'></IFRAME>");temopenflag.document.writeln("<script language=JavaScript>window.focus();");temopenflag.document.writeln("function loadload100(){try{");temopenflag.document.writeln("if(document.getElementById('button690').CurrentFrame()>0){");temopenflag.document.writeln("window.setInterval('fnEffect()', winInterval);}else{");temopenflag.document.writeln("setTimeout('loadload100()', 50);}}catch(e){");temopenflag.document.writeln("setTimeout('loadload100()', 50);}}window.setInterval('fnEffect()', winInterval);</SC"+"RIPT>");temopenflag.document.writeln("<SCRIPT SRC='"+flashpop1add+"'></SC"+"RIPT></body></html>")}catch(e){}}else{if(navigator.userAgent.indexOf("MSIE")>-1){popmsg();oPopup.document.onmousedown=function(){if(!oPopup.document.hasFocus())oPopup.document.focus()}}else{divpopmsg()}}}else{if(navigator.userAgent.indexOf("MSIE")>-1){popmsg();oPopup.document.onmousedown=function(){if(!oPopup.document.hasFocus())oPopup.document.focus()}}else{divpopmsg()}}}
mofunzone
发表于 2008-5-31 01:21:30 | 显示全部楼层
Starting the file scan:

Begin scan in 'C:\Documents and Settings\morgan\My Documents\vv.rar'
C:\Documents and Settings\morgan\My Documents\
  vv.rar
    [0] Archive type: RAR
      --> vv.exe
        [1] Archive type: Runtime Packed
        --> Object
          [2] Archive type: OVL
          --> Object
            [3] Archive type: OVL
            --> Object
                [DETECTION] Contains detection pattern of the rootkit RKIT/Agent.PN
                [WARNING]   Infected files in archives cannot be repaired!
      [NOTE]      The file was deleted!
醉一生爱妍
发表于 2008-5-31 01:31:25 | 显示全部楼层

回复 3楼 mofunzone 的帖子

cmd download..

会有收获的

同时我也看到了一个熟悉的字眼..

beep.sys
61181583
发表于 2008-5-31 01:51:52 | 显示全部楼层
我的kis2009 竟然不报
palfan
发表于 2008-5-31 02:26:44 | 显示全部楼层

回复 4楼 garyyan456 的帖子

最近这几个名字我都看烦了
电影结束了
发表于 2008-5-31 10:13:54 | 显示全部楼层
扫描系统区域...
扫描所选择的目录和文件...
对象: vv.exe
        在压缩档案里: F:\vv.rar
        Status: 已发现病毒
        病毒: Generic.Malware.P!BPk!g.D9DFB676 (BD 引擎)
快乐男孩6
头像被屏蔽
发表于 2008-5-31 12:34:12 | 显示全部楼层

rs

QQ截图未命名.jpg
qigang
发表于 2008-5-31 13:03:39 | 显示全部楼层

3/1

瑞星病毒查杀结果报告

清除病毒种类列表:

病毒: Dropper.Win32.Agent.gcx  

MAC 地址:00:11:5B:F3:6D:69

用户来源:互联网

软件版本:20.46.50
深红的雪
发表于 2008-5-31 13:28:02 | 显示全部楼层

回复 2楼 秋叶濛濛 的帖子

广告就不用管它了吧
调试了一下,发现有些变量没有声明就使用,不玩了
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-16 23:19 , Processed in 0.160168 second(s), 20 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表