ftfashion.com 挂马..

tanlimo

http://www.live322.cn/4561.swf
http://user1.hao752.cn/i115.swf

http://exe.wokaixin.com/014.exe
http://down.link5566.cn/down/ko.exe
http://www.pps900.cn/e.exe
http://n.gan360.com/0014.exe
http://down.link5566.cn/ko.exe
http://xia.iphone001.com/down/014.exe

Starting the file scan:

Begin scan in 'E:\4561.swf'
Begin scan in 'E:\i115.swf'
E:\i115.swf
  [0] Archive type: SWC
  --> Object
      [DETECTION] Contains detection pattern of the exploits EXP/Flash.Gen
      [NOTE]      The file was deleted!
Begin scan in 'E:\ko.exe'
E:\ko.exe
      [DETECTION] Is the Trojan horse TR/Downloader.Gen
      [NOTE]      The file was deleted!
Begin scan in 'E:\e.exe'
E:\e.exe
      [DETECTION] Is the Trojan horse TR/Killav.TY
      [NOTE]      The file was deleted!
Begin scan in 'E:\0014.exe'
E:\0014.exe
    --> Object
      [1] Archive type: OVL
      --> Object
          [DETECTION] Is the Trojan horse TR/Agent.qxb
      [NOTE]      The file was deleted!
Begin scan in 'E:\ko(1).exe'
E:\ko(1).exe
      [DETECTION] Is the Trojan horse TR/Downloader.Gen
      [NOTE]      The file was deleted!
Begin scan in 'E:\014.exe'
E:\014.exe
      [DETECTION] Is the Trojan horse TR/Hijacker.Gen
      [NOTE]      The file was deleted!
Begin scan in 'E:\014(1).exe'
E:\014(1).exe
      [DETECTION] Is the Trojan horse TR/Agent.BHQ
      [NOTE]      The file was deleted!

granthill

挂的太恐怖了
会不会死机啊？？

tanlimo

http://microgood.net/e.txt

[oo]
c0=http://219.129.239.130/soft00.exe
c1=http://219.129.239.130/soft01.exe
c2=http://219.129.239.130/soft02.exe
c3=http://219.129.239.130/soft03.exe
c4=http://219.129.239.130/soft04.exe
c5=http://219.129.239.130/soft05.exe
c6=http://219.129.239.130/soft06.exe
c7=http://219.129.239.130/soft07.exe
c8=http://219.129.239.130/soft08.exe
c9=http://219.129.239.130/soft09.exe
c10=http://219.129.239.130/soft10.exe
c11=http://219.129.239.130/soft11.exe
c12=http://219.129.239.130/soft12.exe
c13=http://219.129.239.130/soft13.exe
c14=http://219.129.239.130/soft14.exe
c15=http://219.129.239.130/soft15.exe
c16=http://219.129.239.130/soft16.exe
c17=http://219.129.239.130/soft17.exe
c18=http://219.129.239.130/soft18.exe
c19=http://219.129.239.130/soft19.exe
c20=http://219.129.239.130/soft20.exe
c21=http://219.129.239.130/soft21.exe

http://www.sony456.cn/dw.txt

2008-6-1=http://121.10.108.176/a1.exe
2008-6-1=http://121.10.108.176/a2.exe
2008-6-1=http://121.10.108.176/a3.exe
2008-6-1=http://121.10.108.176/a4.exe
2008-6-1=http://121.10.108.176/a5.exe
2008-6-1=http://121.10.108.176/a6.exe
2008-6-1=http://121.10.108.176/a7.exe
2008-6-1=http://121.10.108.176/a8.exe
2008-6-1=http://121.10.108.176/a9.exe
2008-6-1=http://121.10.108.176/a10.exe
2008-6-1=http://121.10.108.176/a11.exe
2008-6-1=http://121.10.108.176/a12.exe
2008-6-1=http://121.10.108.176/a13.exe
2008-6-1=http://121.10.108.176/a14.exe
2008-6-1=http://121.10.108.176/a15.exe
2008-6-1=http://121.10.108.176/a16.exe
2008-6-1=http://121.10.108.176/a17.exe
2008-6-1=http://121.10.108.176/a18.exe
2008-6-1=http://121.10.108.176/a19.exe
2008-6-1=http://60.190.114.61/a20.exe
2008-6-1=http://60.190.114.61/a21.exe
2008-6-1=http://60.190.114.61/a22.exe
2008-6-1=http://60.190.114.61/a23.exe
2008-6-1=http://60.190.114.61/a24.exe
2008-6-1=http://60.190.114.61/a25.exe
2008-6-1=http://60.190.114.61/a26.exe
2008-6-1=http://60.190.114.61/a27.exe
2008-6-1=http://60.190.114.61/a28.exe
2008-6-1=http://60.190.114.61/a29.exe


http://www.link5566.cn/ko.txt

[oo]
c0=http://down.link5566.cn/1.exe
c1=http://down.link5566.cn/2.exe
c2=http://down.link5566.cn/3.exe
c3=http://down.link5566.cn/4.exe
c4=http://down.link5566.cn/5.exe
c5=http://down.link5566.cn/6.exe
c6=http://down.link5566.cn/7.exe
c7=http://down.link5566.cn/8.exe
c8=http://down.link5566.cn/9.exe
c9=http://down.link5566.cn/10.exe
c10=http://down.link5566.cn/11.exe
c11=http://down.link5566.cn/12.exe
c12=http://down.link5566.cn/13.exe
c13=http://down.link5566.cn/14.exe
c14=http://down.link5566.cn/15.exe
c15=http://down.link5566.cn/16.exe
c16=http://down.link5566.cn/17.exe
c17=http://down.link5566.cn/18.exe
c18=http://down.link5566.cn/19.exe
c19=http://down.link5566.cn/20.exe
c20=http://down.link5566.cn/21.exe
c21=http://down.link5566.cn/22.exe
c22=http://down.link5566.cn/23.exe
c23=http://down.link5566.cn/24.exe
c24=http://down.link5566.cn/25.exe
c25=http://down.link5566.cn/26.exe
c26=http://down.link5566.cn/27.exe
c27=http://down.link5566.cn/28.exe
c28=http://down.link5566.cn/29.exe
c29=http://down.link5566.cn/30.exe

qigang

原帖由 tanlimo 于 2008-6-5 20:44 发表
http://www.live322.cn/4561.swf
http://user1.hao752.cn/i115.swf

http://exe.wokaixin.com/014.exe
http://down.link5566.cn/down/ko.exe
http://www.pps900.cn/e.exe
http://n.gan360.com/0014.exe
http: ...

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Trojan.Win32.Undef.gfd   
病毒： Trojan.Win32.Undef.hir   
病毒： Trojan.Win32.AntiAV.ai   

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.47.32

qigang

[oo]
c0=http://down.link5566.cn/1.exe
c1=http://down.link5566.cn/2.exe
c2=http://down.link5566.cn/3.exe
c3=http://down.link5566.cn/4.exe
c4=http://down.link5566.cn/5.exe
c5=http://down.link5566.cn/6.exe
c6=http://down.link5566.cn/7.exe
c7=http://down.link5566.cn/8.exe
c8=http://down.link5566.cn/9.exe
c9=http://down.link5566.cn/10.exe
c10=http://down.link5566.cn/11.exe
c11=http://down.link5566.cn/12.exe
c12=http://down.link5566.cn/13.exe
c13=http://down.link5566.cn/14.exe
c14=http://down.link5566.cn/15.exe
c15=http://down.link5566.cn/16.exe
c16=http://down.link5566.cn/17.exe
c17=http://down.link5566.cn/18.exe
c18=http://down.link5566.cn/19.exe
c19=http://down.link5566.cn/20.exe
c20=http://down.link5566.cn/21.exe
c21=http://down.link5566.cn/22.exe
c22=http://down.link5566.cn/23.exe
c23=http://down.link5566.cn/24.exe
c24=http://down.link5566.cn/25.exe
c25=http://down.link5566.cn/26.exe
c26=http://down.link5566.cn/27.exe
c27=http://down.link5566.cn/28.exe
c28=http://down.link5566.cn/29.exe
c29=http://down.link5566.cn/30.exe

qianwenxiang

很强大 我开马桶跑了进去 然后死机..

hj5abc

比较夸张..

冷冷

继东方卫士后的一大毒窝

sbbdms

将前面所有作者提供的产物打包在一起，痛不欲生。。。。

不过有点收获，卡巴漏2启发1，TO KL