========================3个可疑网站===========================

显示全部楼层 · 发表于 2008-7-27 18:51:24

hxxp://www.jsahvc.edu.cn/xsk/index.asp
hxxp://v.freefl.info/f/ilink.html
hxxp://games.enet.com.cn/download/D1020031119002.html

感谢百战百胜友情提供

显示全部楼层 · 发表于 2008-7-27 19:03:17

费尔全部拦截

显示全部楼层 · 发表于 2008-7-27 19:12:14

第一个

第二个无法打开

第三个

第一和第三就是UUSE和微软的access的漏洞溢出攻击

[ 本帖最后由 huai168an 于 2008-7-27 19:14 编辑 ]

显示全部楼层 · 发表于 2008-7-27 19:32:24

http://www.misss360.cn/versionff.swf
http://www.misss360.cn/versionie.swf
http://www.xdownl.cn/mm.exe
http://www.7o7o7o.cn/www/UUUpgrade.ini
http://v.freefl.info/f/i28.swf
http://v.freefl.info/f/i47.swf
http://v.freefl.info/f/i16.swf
http://v.freefl.info/f/i45.swf
http://v.freefl.info/f/i64.swf
http://v.freefl.info/f/i115.swf
http://sa.xccxcxcxcxcx.cn/win.css
http://xxxxxxxxxxxxxxxxxxxx.org.cn/14.exe
http://xxxxxxxxxxxxxxxxxxxx.org.cn/xl.exe
http://tw.us.tw/us.exe
http://xxxxxxxxxxxxxxxxxxxx.org.cn/Acc.exe
http://flash.w3cpublic.cn/f/sw.exe

显示全部楼层 · 发表于 2008-7-27 19:42:01

[oo]
t1=20080723
e1=http://www.intaroo.net/sa01.exe
t2=20080723
e2=http://www.intaroo.net/sa02.exe
t3=20080723
e3=http://www.intaroo.net/sa03.exe
t4=20080723
e4=http://www.intaroo.net/sa04.exe
t5=20080723
e5=http://www.intaroo.net/sa05.exe
t6=20080723
e6=http://www.intaroo.net/sa06.exe
t7=20080723
e7=http://www.intaroo.net/sa07.exe
t8=20080723
e8=http://www.intaroo.net/sa08.exe
t9=20080723
e9=http://www.intaroo.net/sa09.exe
t10=20080723
e10=http://www.intaroo.net/sa10.exe
t11=20080723
e11=http://www.intaroo.net/sa11.exe
t12=20080723
e12=http://www.intaroo.net/sa12.exe
t13=20080723
e13=http://www.intaroo.net/sa13.exe
t14=20080723
e14=http://www.intaroo.net/sa14.exe
t15=20080723
e15=http://www.intaroo.net/sa15.exe
t16=20080723
e16=http://www.intaroo.net/sa16.exe
t17=20080723
e17=http://www.intaroo.net/sa17.exe
t18=20080723
e18=http://www.intaroo.net/sa18.exe
t19=20080723
e19=http://www.intaroo.net/sa19.exe
t20=20080723
e20=http://www.intaroo.net/sa20.exe
t21=20080723
e21=http://www.intaroo.net/sa21.exe
t22=20080723
e22=http://www.intaroo.net/sa22.exe
t23=20080723
e23=http://www.intaroo.net/sa23.exe
t24=20080723
e24=http://www.intaroo.net/sa24.exe
t25=20080723
e25=http://www.intaroo.net/sa25.exe
t26=20080723
e26=http://www.intaroo.net/sa26.exe
t27=20080723
e27=http://www.intaroo.net/sa27.exe
t28=20080723
e28=http://www.intaroo.net/sa28.exe
t29=20080723
e29=http://www.intaroo.net/sa29.exe
t30=20080723
e30=http://www.intaroo.net/sa30.exe
t31=20080723
e31=http://www.intaroo.net/mz.exe

显示全部楼层 · 发表于 2008-7-27 19:43:01

显示全部楼层 · 发表于 2008-7-27 20:00:58

McAfee监控报了第二个地址　　JS/Exploit-BO

显示全部楼层 · 发表于 2008-7-27 20:01:07

C:\Documents and Settings\Administrator\桌面\jss02.exe
   --> Object
      [1] Archive type: RSRC
      --> Object
      [DETECTION] Is the TR/Agent.vro Trojan
[NOTE]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\桌面\jss03.exe'
C:\Documents and Settings\Administrator\桌面\jss03.exe
   [DETECTION] Is the TR/PSW.Online.Osh.2 Trojan
[NOTE]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\桌面\jss04.exe'
C:\Documents and Settings\Administrator\桌面\jss04.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\桌面\jss05.exe'
C:\Documents and Settings\Administrator\桌面\jss05.exe
   [DETECTION] Is the TR/PSW.Online.bin Trojan
[NOTE]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\桌面\jss06.exe'
C:\Documents and Settings\Administrator\桌面\jss06.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\桌面\jss09.exe'
C:\Documents and Settings\Administrator\桌面\jss09.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\桌面\jss08.exe'
C:\Documents and Settings\Administrator\桌面\jss08.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\桌面\jss01.exe'
C:\Documents and Settings\Administrator\桌面\jss01.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\桌面\jss07.exe'
C:\Documents and Settings\Administrator\桌面\jss07.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\桌面\jss10.exe'
C:\Documents and Settings\Administrator\桌面\jss10.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\桌面\jss11.exe'
C:\Documents and Settings\Administrator\桌面\jss11.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\桌面\jss12.exe'
C:\Documents and Settings\Administrator\桌面\jss12.exe
   [DETECTION] Is the TR/PSW.OnLineGa.aqq Trojan
[NOTE]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\桌面\jss13.exe'
C:\Documents and Settings\Administrator\桌面\jss13.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\桌面\jss14.exe'
C:\Documents and Settings\Administrator\桌面\jss14.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\桌面\jss15.exe'
C:\Documents and Settings\Administrator\桌面\jss15.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\桌面\jss16.exe'
C:\Documents and Settings\Administrator\桌面\jss16.exe
   [DETECTION] Is the TR/PSW.OnLin.aklo.2 Trojan
[NOTE]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\桌面\jss17.exe'
C:\Documents and Settings\Administrator\桌面\jss17.exe
   [DETECTION] Is the TR/Spy.Agent.dhh Trojan
[NOTE]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\桌面\jss18.exe'
C:\Documents and Settings\Administrator\桌面\jss18.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\桌面\jss19.exe'
C:\Documents and Settings\Administrator\桌面\jss19.exe
   [DETECTION] Is the TR/PSW.OnL.BJ.24576 Trojan
[NOTE]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\桌面\jss20.exe'
C:\Documents and Settings\Administrator\桌面\jss20.exe
[DETECTION] Is the TR/PSW.OnlineGames.YYE.8 Trojan
[NOTE]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\桌面\jss21.exe'
C:\Documents and Settings\Administrator\桌面\jss21.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\桌面\jss22.exe'
C:\Documents and Settings\Administrator\桌面\jss22.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\桌面\jss23.exe'
C:\Documents and Settings\Administrator\桌面\jss23.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\桌面\jss24.exe'
C:\Documents and Settings\Administrator\桌面\jss24.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\桌面\jss25.exe'
C:\Documents and Settings\Administrator\桌面\jss25.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\桌面\jss26.exe'
C:\Documents and Settings\Administrator\桌面\jss26.exe
   [DETECTION] Is the TR/PSW.OnL.BJ.24576 Trojan
[NOTE]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\桌面\jss27.exe'
C:\Documents and Settings\Administrator\桌面\jss27.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\桌面\jss28.exe'
C:\Documents and Settings\Administrator\桌面\jss28.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\桌面\jss29.exe'
C:\Documents and Settings\Administrator\桌面\jss29.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\桌面\jss30.exe'
C:\Documents and Settings\Administrator\桌面\jss30.exe
   [DETECTION] Is the TR/PSW.Online.tdy Trojan
[NOTE]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\桌面\jss31.exe'
C:\Documents and Settings\Administrator\桌面\jss31.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\桌面\jss32.exe'
C:\Documents and Settings\Administrator\桌面\jss32.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\桌面\jss33.exe'
C:\Documents and Settings\Administrator\桌面\jss33.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\桌面\jss34.exe'
C:\Documents and Settings\Administrator\桌面\jss34.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE]    The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\桌面\jss35.exe'
C:\Documents and Settings\Administrator\桌面\jss35.exe
   [DETECTION] Is the TR/Undef.I Trojan
[NOTE]    The file was deleted!

显示全部楼层 · 发表于 2008-7-27 21:42:46

老东西

显示全部楼层 · 发表于 2008-7-28 01:11:12

2008-7-28 1:10:59 Kernel File 'G:\v\sw.exe' was sent to ESET for analysis.

[已鉴定] ========================3个可疑网站===========================

回复 6楼 ck893210 的帖子