ESET id 验证网页被挂马

显示全部楼层 · 发表于 2008-10-3 21:00:31

显示全部楼层 · 发表于 2008-10-3 21:02:31

然后这东西应该下

http://61.164.118.208/new/new4.exe
http://61.164.118.208/new/new6.exe
http://61.164.118.208/new/new1.exe
http://61.164.118.208/new/new2.exe
http://61.164.118.208/new/new5.exe
http://61.164.118.208/new/new3.exe
http://61.164.118.208/new/new7.exe
http://61.164.118.208/new/new8.exe
http://61.164.118.208/new/new12.exe
http://61.164.118.208/new/new9.exe
http://61.164.118.208/new/new13.exe
http://61.164.118.208/new/new10.exe
http://61.164.118.208/new/new11.exe
http://61.164.118.208/new/new16.exe
http://61.164.118.208/new/new18.exe
http://61.164.118.208/new/new19.exe
http://61.164.118.208/new/new17.exe
http://61.164.118.208/new/new14.exe
http://61.164.118.208/new/new15.exe
http://219.129.239.112/new/new29.exe
http://219.129.239.112/new/new33.exe
http://219.129.239.112/new/new31.exe
http://219.129.239.112/new/new28.exe
http://219.129.239.112/new/new30.exe
http://219.129.239.112/new/new32.exe
http://219.129.239.112/new/new25.exe
http://219.129.239.112/new/new26.exe
http://219.129.239.112/new/new27.exe
http://219.129.239.112/new/new22.exe
http://219.129.239.112/new/new23.exe
http://219.129.239.112/new/new20.exe
http://219.129.239.112/new/new21.exe
http://219.129.239.112/new/new24.exe

以上纯属猜测，祥子帮忙看看

显示全部楼层 · 发表于 2008-10-3 21:07:06

congratulations

崩掉了不过还是能看出来万恶的jjyyzmj.cn ..
http://www.jjyyzmj.cn/mm.txt

显示全部楼层 · 发表于 2008-10-3 21:08:46

upload

显示全部楼层 · 发表于 2008-10-3 21:12:14

Begin scan in 'E:\Download\Virus\04.rar'
E:\Download\Virus\04.rar
E:\Download\Virus\04.rar
[0] Archive type: RAR
--> 2008-10-3___1198714.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
   --> 2008-10-3___1238138.exe
      [DETECTION] Is the TR/Dropper.Gen Trojan
   --> 2008-10-3___1358350.exe
      [1] Archive type: OVL
      --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the TR/Thief.OnLineGames.thhr Trojan
   --> 2008-10-3___1398655.exe
      [DETECTION] Is the TR/PSW.OnL.BJ.24576 Trojan
--> 2008-10-3___1429486.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
   --> 2008-10-3___1500904.exe
      [1] Archive type: OVL
      --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the TR/PSW.OnlineGames.ZWI Trojan
   --> 2008-10-3___1650219.exe
      [1] Archive type: OVL
      --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the TR/Thief.OnLineGames.thhr Trojan
   --> 2008-10-3___1667071.exe
      [1] Archive type: OVL
      --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the TR/PSW.OnlineGames.ZWI Trojan
--> 2008-10-3___2128964.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
   --> 2008-10-3___2266779.exe
      [1] Archive type: OVL
      --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the TR/PSW.OnlineGames.ZWI Trojan
--> 2008-10-3___2299835.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> 2008-10-3___2408238.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
   --> 2008-10-3___2565289.exe
      [1] Archive type: OVL
      --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the TR/Thief.OnLineGames.thhr Trojan
--> 2008-10-3___2624164.exe
   [DETECTION] Is the TR/Agent.BHQ Trojan
--> 2008-10-3___2672064.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> 2008-10-3___2726736.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> 2008-10-3___309439.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
   --> 2008-10-3___454027.exe
      [1] Archive type: OVL
      --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the TR/PSW.OnlineGames.ZWI Trojan
--> 2008-10-3___458842.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
   --> 2008-10-3___599587.exe
      [1] Archive type: OVL
      --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the TR/PSW.OnlineGames.ZWI Trojan
--> 2008-10-3___624250.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
   --> 2008-10-3___707698.exe
      [1] Archive type: OVL
      --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the TR/PSW.OnlineGames.tjox Trojan
--> 2008-10-3___806451.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> 2008-10-3___893614.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> 2008-10-3___95705.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
   --> a7.css
      [DETECTION] Is the TR/Spy.Gen Trojan
--> kclg.exe
   [DETECTION] Is the TR/PSW.QQpass.dcg.1 Trojan
[NOTE]    The file was deleted!

显示全部楼层 · 发表于 2008-10-3 21:57:17

显示全部楼层 · 发表于 2008-10-3 23:51:33

怎么没人测试下NOD阿？奇怪了

显示全部楼层 · 发表于 2008-10-3 23:54:26

这不是中天在线吗还以为你说官方网站

34 ALL
C:\Documents and Settings\GUNDAM\桌面\04.rar » RAR » 2008-10-3___1005856.exe - probably a variant of Win32/PSW.OnLineGames.NXI trojan
C:\Documents and Settings\GUNDAM\桌面\04.rar » RAR » 2008-10-3___1165064.exe - Win32/PSW.OnLineGames.NXI trojan
C:\Documents and Settings\GUNDAM\桌面\04.rar » RAR » 2008-10-3___1198714.exe - Win32/PSW.Agent.NIA trojan
C:\Documents and Settings\GUNDAM\桌面\04.rar » RAR » 2008-10-3___1238138.exe - Win32/PSW.Legendmir.NGG trojan
C:\Documents and Settings\GUNDAM\桌面\04.rar » RAR » 2008-10-3___1358350.exe - Win32/PSW.OnLineGames.NRD trojan
C:\Documents and Settings\GUNDAM\桌面\04.rar » RAR » 2008-10-3___1398655.exe - a variant of Win32/PSW.OnLineGames.NXI trojan
C:\Documents and Settings\GUNDAM\桌面\04.rar » RAR » 2008-10-3___1429486.exe - a variant of Win32/TrojanDropper.Agent.NMA trojan
C:\Documents and Settings\GUNDAM\桌面\04.rar » RAR » 2008-10-3___1500904.exe - Win32/PSW.OnLineGames.NRD trojan
C:\Documents and Settings\GUNDAM\桌面\04.rar » RAR » 2008-10-3___1650219.exe - Win32/PSW.OnLineGames.NRD trojan
C:\Documents and Settings\GUNDAM\桌面\04.rar » RAR » 2008-10-3___1667071.exe - Win32/PSW.OnLineGames.NRD trojan
C:\Documents and Settings\GUNDAM\桌面\04.rar » RAR » 2008-10-3___1975952.exe - probably a variant of Win32/PSW.Delf.NLZ trojan
C:\Documents and Settings\GUNDAM\桌面\04.rar » RAR » 2008-10-3___2103631.exe - a variant of Win32/PSW.OnLineGames.NXI trojan
C:\Documents and Settings\GUNDAM\桌面\04.rar » RAR » 2008-10-3___2128964.exe - Win32/PSW.Agent.NIA trojan
C:\Documents and Settings\GUNDAM\桌面\04.rar » RAR » 2008-10-3___2266779.exe - a variant of Win32/PSW.OnLineGames.NRD trojan
C:\Documents and Settings\GUNDAM\桌面\04.rar » RAR » 2008-10-3___2299835.exe - Win32/PSW.Agent.NIA trojan
C:\Documents and Settings\GUNDAM\桌面\04.rar » RAR » 2008-10-3___2408238.exe - a variant of Win32/PSW.OnLineGames.NRF trojan
C:\Documents and Settings\GUNDAM\桌面\04.rar » RAR » 2008-10-3___2559842.exe - a variant of Win32/PSW.OnLineGames.NXI trojan
C:\Documents and Settings\GUNDAM\桌面\04.rar » RAR » 2008-10-3___2565289.exe - Win32/PSW.OnLineGames.NRD trojan
C:\Documents and Settings\GUNDAM\桌面\04.rar » RAR » 2008-10-3___2624164.exe - a variant of Win32/PSW.OnLineGames.NRF trojan
C:\Documents and Settings\GUNDAM\桌面\04.rar » RAR » 2008-10-3___2660110.exe - probably a variant of Win32/PSW.OnLineGames.NXI trojan
C:\Documents and Settings\GUNDAM\桌面\04.rar » RAR » 2008-10-3___2672064.exe - a variant of Win32/PSW.OnLineGames.NRF trojan
C:\Documents and Settings\GUNDAM\桌面\04.rar » RAR » 2008-10-3___2726736.exe - Win32/PSW.Agent.NIA trojan
C:\Documents and Settings\GUNDAM\桌面\04.rar » RAR » 2008-10-3___309439.exe - a variant of Win32/PSW.OnLineGames.NRF trojan
C:\Documents and Settings\GUNDAM\桌面\04.rar » RAR » 2008-10-3___454027.exe - a variant of Win32/PSW.OnLineGames.NRD trojan
C:\Documents and Settings\GUNDAM\桌面\04.rar » RAR » 2008-10-3___458842.exe - a variant of Win32/TrojanDropper.Agent.NMA trojan
C:\Documents and Settings\GUNDAM\桌面\04.rar » RAR » 2008-10-3___599587.exe - a variant of Win32/PSW.OnLineGames.NRD trojan
C:\Documents and Settings\GUNDAM\桌面\04.rar » RAR » 2008-10-3___624250.exe - a variant of Win32/PSW.OnLineGames.NRF trojan
C:\Documents and Settings\GUNDAM\桌面\04.rar » RAR » 2008-10-3___707698.exe - Win32/PSW.OnLineGames.NRD trojan
C:\Documents and Settings\GUNDAM\桌面\04.rar » RAR » 2008-10-3___806451.exe - a variant of Win32/PSW.OnLineGames.NRF trojan
C:\Documents and Settings\GUNDAM\桌面\04.rar » RAR » 2008-10-3___888418.exe - a variant of Win32/PSW.OnLineGames.NXI trojan
C:\Documents and Settings\GUNDAM\桌面\04.rar » RAR » 2008-10-3___893614.exe - Win32/PSW.Agent.NIA trojan
C:\Documents and Settings\GUNDAM\桌面\04.rar » RAR » 2008-10-3___95705.exe - Win32/PSW.Agent.NIA trojan
C:\Documents and Settings\GUNDAM\桌面\04.rar » RAR » a7.css - Win32/Agent.OGF trojan
C:\Documents and Settings\GUNDAM\桌面\04.rar » RAR » kclg.exe - Win32/TrojanDownloader.Agent.OCS trojan

[ 本帖最后由 leonfg 于 2008-10-3 23:56 编辑 ]

显示全部楼层 · 发表于 2008-10-4 00:06:30

我的意思是看NOD进入这个网页的反应。LS的这个是生成物的测试

显示全部楼层 · 发表于 2008-10-4 00:08:32

原帖由 wangfeng66 于 2008-10-4 00:06 发表
我的意思是看NOD进入这个网页的反应。LS的这个是生成物的测试

NOD基本无视htm和js。不用试都知道

[病毒样本] ESET id 验证网页被挂马

回复 12楼 promised 的帖子

本帖子中包含更多资源

回复 14楼 qianwenxiang 的帖子

本帖子中包含更多资源