[已鉴定] 6

显示全部楼层 · 发表于 2008-6-9 00:03:58

http://wasdbd.cn/a/1.htm

http://wasdbd.cn/a/2.htm

http://wasdbd.cn/a/3.htm

http://wasdbd.cn/a/4.htm

http://wasdbd.cn/a/5.htm

http://aaa.awercom.com/fzl.htm

显示全部楼层 · 发表于 2008-6-9 00:15:36

内置(*)的过滤器匹配 — 移除带链接的图片，等等: //js.*.51.la*.js [http://wasdbd.cn/a/1.htm]
已阻止的「自动页面刷新」 [http://wasdbd.cn/a/1.htm]

显示全部楼层 · 发表于 2008-6-9 04:46:31

这是从哪里复制下来的日志

试了第一个，这个I/O啊

我本本的硬盘呐，狂转啊

显示全部楼层 · 发表于 2008-6-9 09:13:51

2008-6-9,9:10:45 [WARNING]  Suspicious file: Contains suspicious code HEUR/Crypted.E!
   [INFO] This reference is in all likelihood a false positive. Please send us this file for further analysis immediately.
  C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\K9MB4PMN\control_pic[1].jpg
   [INFO] No right to access the file.
2008-6-9,9:10:49 [WARNING]  Suspicious file: Contains suspicious code HEUR/Malware!
   [INFO] This reference is in all likelihood a false positive. Please send us this file for further analysis immediately.
  C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\K9MB4PMN\control_pic[1].jpg
   [INFO] The file will be copied to quarantine.
   [INFO] The file will be deleted.
2008-6-9,9:11:02 [WARNING] Contains suspicious code HEUR/HTML.Malware!
  C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QFABO7WR\fzl[1].htm
   [INFO] The file will be copied to quarantine.
   [INFO] The file will be deleted.
2008-6-9,9:11:09 [WARNING] Contains detection pattern of the exploits EXP/Flash.Gen!
  C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MZOJ2XMZ\WIN%209,0,47,0i[1].swf
   [INFO] The file will be copied to quarantine.
   [INFO] The file will be deleted.

显示全部楼层 · 发表于 2008-6-9 09:30:11

http://aaa.awerbiz.cn/aaa.exe
http://www.hhsnbn.cn/control_pic.jpg

复制代码

[ 本帖最后由 shery0000 于 2008-6-9 10:44 编辑 ]

显示全部楼层 · 发表于 2008-6-9 12:39:38

C:\Documents and Settings\Administrator\桌面\2.rar>>aaa.exe TrojanPSW.OnLineGames.wlu.kjdk 木马还未处理
C:\Documents and Settings\Administrator\桌面\2.rar>>control_pic.jpg TrojanPSW.OnLineGames.wlu.kjdk 木马还未处理

显示全部楼层 · 发表于 2008-6-9 12:48:29

金山毒霸 0

显示全部楼层 · 发表于 2008-6-9 14:46:20

包括那6个网页一起打包，共8个

8.rar (52.87 KB, 下载次数: 29)

显示全部楼层 · 发表于 2008-6-9 14:47:27

卡巴杀2漏6

已删除：木马程序 Trojan-PSW.Win32.OnLineGames.anxg 文件　: D:\软件\其它\v\k\8.rar/control_pic.jpg//PE_Patch//UPack//#//PE_Patch//UPack
已删除：木马程序 Trojan-PSW.Win32.OnLineGames.anxg 文件　: D:\软件\其它\v\k\8.rar/aaa.exe//PE_Patch//UPack//#//PE_Patch//UPack

TO KL

显示全部楼层 · 发表于 2008-6-9 14:47:52

原帖由 palfan 于 2008-6-9 04:46 发表
这是从哪里复制下来的日志

试了第一个，这个I/O啊我本本的硬盘呐，狂转啊

明显是adm的日志。。。。。。

[已鉴定] 6

回复 2楼 zenwalk 的帖子

回复 5楼 shery0000 的帖子