用迅雷看视频逮的

显示全部楼层 · 发表于 2008-10-2 16:36:13

用迅雷看看打开前几天的观看历史，重新看一部影片时抓的，看来这病毒无处不在啊

[ 本帖最后由 edwardcl 于 2008-10-2 16:40 编辑 ]

显示全部楼层 · 发表于 2008-10-2 16:41:30

http://www.virustotal.com/analis ... 687e6a4d9f6d0e366c4
Antivirus Version Last Update Result
AhnLab-V3 2008.10.2.0 2008.10.02 -
AntiVir 7.8.1.34 2008.10.02 HTML/IFrame.800
Authentium 5.1.0.4 2008.10.02 -
Avast 4.8.1248.0 2008.10.01 VBS:Obfuscated-gen
AVG 8.0.0.161 2008.10.01 Exploit
BitDefender 7.2 2008.10.02 Trojan.JS.IFrame.ACN
CAT-QuickHeal 9.50 2008.10.01 -
ClamAV 0.93.1 2008.10.02 -
DrWeb 4.44.0.09170 2008.10.02 -
eSafe 7.0.17.0 2008.10.01 -
eTrust-Vet 31.6.6121 2008.10.02 -
Ewido 4.0 2008.10.01 -
F-Prot 4.4.4.56 2008.09.30 -
F-Secure 8.0.14332.0 2008.10.02 -
Fortinet 3.113.0.0 2008.10.02 -
GData 19 2008.10.02 Trojan.JS.IFrame.ACN
Ikarus T3.1.1.34.0 2008.10.02 Virus.VBS.Obfuscated
K7AntiVirus 7.10.479 2008.10.01 -
Kaspersky 7.0.0.125 2008.10.02 -
McAfee 5396 2008.10.02 -
Microsoft 1.4005 2008.10.02 -
NOD32 3488 2008.10.02 JS/TrojanDownloader.Iframe.NBM
Norman 5.80.02 2008.10.01 -
Panda 9.0.0.4 2008.10.02 -
PCTools 4.4.2.0 2008.10.01 -
Prevx1 V2 2008.10.02 -
Rising 20.63.62.00 2008.09.28 -
SecureWeb-Gateway 6.7.6 2008.10.02 Script.IFrame.800
Sophos 4.34.0 2008.10.02 -
Sunbelt 3.1.1668.1 2008.09.24 -
Symantec 10 2008.10.02 -
TheHacker 6.3.0.9.098 2008.10.01 -
TrendMicro 8.700.0.1004 2008.10.02 -
VBA32 3.12.8.6 2008.10.02 -
ViRobot 2008.10.1.1402 2008.10.02 -
VirusBuster 4.5.11.0 2008.10.01 -
TO KL

显示全部楼层 · 发表于 2008-10-2 16:43:24

File bbb______.rar received on 10.02.2008 10:40:57 (CET)
Antivirus	Version	Last Update	Result</TD
AhnLab-V3	2008.10.2.0	2008.10.02	-</TD
AntiVir	7.8.1.34	2008.10.02	HTML/IFrame.800</TD
Authentium	5.1.0.4	2008.10.02	-</TD
Avast	4.8.1248.0	2008.10.01	VBS:Obfuscated-gen</TD
AVG	8.0.0.161	2008.10.01	Exploit</TD
BitDefender	7.2	2008.10.02	Trojan.JS.IFrame.ACN</TD
CAT-QuickHeal	9.50	2008.10.01	-</TD
ClamAV	0.93.1	2008.10.02	-</TD
DrWeb	4.44.0.09170	2008.10.02	-</TD
eSafe	7.0.17.0	2008.10.01	-</TD
eTrust-Vet	31.6.6121	2008.10.02	-</TD
Ewido	4.0	2008.10.01	-</TD
F-Prot	4.4.4.56	2008.09.30	-</TD
F-Secure	8.0.14332.0	2008.10.02	-</TD
Fortinet	3.113.0.0	2008.10.02	-</TD
GData	19	2008.10.02	Trojan.JS.IFrame.ACN</TD
Ikarus	T3.1.1.34.0	2008.10.02	Virus.VBS.Obfuscated</TD
K7AntiVirus	7.10.479	2008.10.01	-</TD
Kaspersky	7.0.0.125	2008.10.02	-</TD
McAfee	5396	2008.10.02	-</TD
Microsoft	1.4005	2008.10.02	-</TD
NOD32	3488	2008.10.02	JS/TrojanDownloader.Iframe.NBM</TD
Norman	5.80.02	2008.10.01	-</TD
Panda	9.0.0.4	2008.10.02	-</TD
PCTools	4.4.2.0	2008.10.01	-</TD
Prevx1	V2	2008.10.02	-</TD
Rising	20.63.62.00	2008.09.28	-</TD
SecureWeb-Gateway	6.7.6	2008.10.02	Script.IFrame.800</TD
Sophos	4.34.0	2008.10.02	-</TD
Sunbelt	3.1.1668.1	2008.09.24	-</TD
Symantec	10	2008.10.02	-</TD
TheHacker	6.3.0.9.098	2008.10.01	-</TD
TrendMicro	8.700.0.1004	2008.10.02	-</TD
VBA32	3.12.8.6	2008.10.02	-</TD
ViRobot	2008.10.1.1402	2008.10.02	-</TD
VirusBuster	4.5.11.0	2008.10.01	-</TD

Additional information
File size: 667 bytes
MD5...: 3df28e753160ad020d0e632f6f7b444c
SHA1..: 20cf7bcaf22f873e58037fbe13d70e32fb3a05d0
SHA256: 86acd0b5dd9f9528ee778bedf18967b5f7c602c3bdd05a9d4cdd2c3aa8c6cde0
SHA512: 5843e4e00f49f878b9d5ad1bab16e025f5130f5444a1ad37385769c609cde356 efa2d689e8c54e7a1d38a2e22e31d83303ac814fd0702221975dd14e8459e1de
PEiD..: -
TrID..: File type identification RAR Archive (83.3%) REALbasic Project (16.6%)
PEInfo: -

显示全部楼层 · 发表于 2008-10-2 16:48:35

Virus: Trojan.JS.IFrame.ACN (Engine A)
Datei: 病毒[1].rar

显示全部楼层 · 发表于 2008-10-2 17:07:48

ＶＴ上的铁壳引擎是不是许久没更新了？

已解决的威胁数:
Backdoor.Graybird
类型: 异常
风险: 高 (高隐蔽性，高清除，高性能，高隐私)
类别: 病毒
状态: 完全解决
-----------
1 文件
c:\users\core\desktop\vnet.rar - 已删除

[ 本帖最后由 wjhstu-VxG 于 2008-10-2 17:09 编辑 ]

显示全部楼层 · 发表于 2008-10-2 17:59:51

需要源地址
不过看样应该是报对了

Log is generated by FreShow.
[unknown]
[frame]flash.htm
[frame]14.htm
[frame]office.htm
[frame]xx.htm
[frame]lz.htm
[frame]re10.htm
[frame]re11.htm
[script]http://s46.cnzz.com/stat.php?id=971308&web_id=971308

显示全部楼层 · 发表于 2008-10-2 18:04:13

SOPHOS竟然不报

显示全部楼层 · 发表于 2008-10-2 18:05:40

呵呵，应该是网上现在泛滥的那个，zmjjjyy。

显示全部楼层 · 发表于 2008-10-2 22:53:38

Hello,

aa1.htm_ - Trojan-Downloader.JS.Iframe.wp

New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.

Please quote all when answering.

--
Best regards, Andrey Ladikov
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

显示全部楼层 · 发表于 2008-10-2 23:10:37

C:\Documents and Settings\Administrator\桌面\病毒.rar>>病毒\aa1.htm Script.SoftExploit.d 病毒还未处理

[病毒样本] 用迅雷看视频逮的

本帖子中包含更多资源