宝鸡人事网

显示全部楼层 · 发表于 2008-12-3 11:32:02

Log is generated by FreShow.
[wide]http://www.bjrsrc.com/
[script]http://c.%6E%75clear3.com/css/c.js
      [frame]http://c.nuclear3.com/01/index.htm
         [frame]http://c.nuclear3.com/01/flash.htm
            [frame]http://c.nuclear3.com/01/i1.html
                  [script]http://c.nuclear3.com/01/swfobject.js
            [frame]http://c.nuclear3.com/01/f2.html
                  [script]http://c.nuclear3.com/01/swfobject.js
            [frame]http://c.nuclear3.com/01/i1.html
                  [script]http://c.nuclear3.com/01/swfobject.js
         [frame]http://c.nuclear3.com/01/cx.htm
            [object]http://www.google.com.50nb.com/01/Explore.exe
         [frame]http://c.nuclear3.com/01/06014.htm
            [object]http://www.google.com.50nb.com/01/Explore.exe
         [frame]http://c.nuclear3.com/01/ff.htm
            [object]http://www.google.com.50nb.com/01/Explore.exe
         [frame]http://c.nuclear3.com/01/xl.htm
            [object]http://www.zmjjjyy.cn/new/a53.css
         [frame]http://c.nuclear3.com/01/real10.htm
         [frame]http://c.nuclear3.com/01/real11.htm
            [object]http://www.google.com.50nb.com/01/Explore.exe
         [script]http://count1.51much.com/cnt.php?uid=UA-1-12042&style=icon
         [script]http://js.tongji.cn.yahoo.com/851924/ystat.js
[frame]http://www.bjrsrc.com/web/banner.asp?code=20&wi=467&hi=60
[frame]http://www.bjrsrc.com/asp/search_index.asp
[script]http://www.bjrsrc.com/inc/F-INDEX.JS
[script]http://c.%6E%75clear3.com/css/c.js
[script]http://c.%6E%75clear3.com/css/c.js
[script]http://c.%6E%75clear3.com/css/c.js
[script]http://c.%6E%75clear3.com/css/c.js
[script]http://c.%6E%75clear3.com/css/c.js
[script]http://c.%6E%75clear3.com/css/c.js
[script]http://c.%6E%75clear3.com/css/c.js
[script]http://c.%6E%75clear3.com/css/c.js
[script]http://c.%6E%75clear3.com/css/c.js
[script]http://c.%6E%75clear3.com/css/c.js
[frame]http://www.bjrsrc.com/web/banner.asp?code=21&wi=772&hi=88
[frame]http://www.bjrsrc.com/web/banner.asp?code=22&wi=770&hi=80
[script]http://c.%6E%75clear3.com/css/c.js
[script]http://c.%6E%75clear3.com/css/c.js
[script]http://c.%6E%75clear3.com/css/c.js
[script]http://c.%6E%75clear3.com/css/c.js
[script]http://c.%6E%75clear3.com/css/c.js
[script]http://c.%6E%75clear3.com/css/c.js
[script]http://c.%6E%75clear3.com/css/c.js
[script]http://c.%6E%75clear3.com/css/c.js
[script]http://c.%6E%75clear3.com/css/c.js
[script]http://c.%6E%75clear3.com/css/c.js
[script]http://c.%6E%75clear3.com/css/c.js
[script]http://c.%6E%75clear3.com/css/c.js
[script]http://c.%6E%75clear3.com/css/c.js
[script]http://c.%6E%75clear3.com/css/c.js
[script]http://c.%6E%75clear3.com/css/c.js
[script]http://c.%6E%75clear3.com/css/c.js
[script]http://c.%6E%75clear3.com/css/c.js
[script]http://c.%6E%75clear3.com/css/c.js
[script]http://c.%6E%75clear3.com/css/c.js
[script]http://c.%6E%75clear3.com/css/c.js
[script]http://www.bjrsrc.com/inc/floatleft_close.js
[script]http://www.bjrsrc.com/inc/floatright_close.js
[script]http://c.%6E%75clear3.com/css/c.js
[script]http://c.%6E%75clear3.com/css/c.js
[script]http://c.%6E%75clear3.com/css/c.js
[script]http://c.%6E%75clear3.com/css/c.js
[script]http://c.%6E%75clear3.com/css/c.js
[script]http://c.%6E%75clear3.com/css/c.js
[script]http://c.%6E%75clear3.com/css/c.js
[script]http://c.%6E%75clear3.com/css/c.js
[script]http://c.%6E%75clear3.com/css/c.js
[script]http://c.%6E%75clear3.com/css/c.js

显示全部楼层 · 发表于 2008-12-3 11:36:15

Access to the data has been denied!
Warning: A virus or unwanted program has been found in the HTTP Data.

Requested URL: http://www.google.com.50nb.com/01/Explore.exe
Information: Is the TR/Dropper.Gen Trojan

--------------------------------------------------------------------------------
Generated by AntiVir WebGuard 8.0.15.0, AVE 8.2.0.36, VDF 7.1.0.176

显示全部楼层 · 发表于 2008-12-3 14:50:45

微点拦截

显示全部楼层 · 发表于 2008-12-3 17:19:15

费尔拦截

显示全部楼层 · 发表于 2008-12-3 17:35:57

http://www.google.com.50nb.com/01/Explore.exe packed by UPX
>http://www.google.com.50nb.com/01/Explore.exe packed by BINARYRES
>>http://www.google.com.50nb.com/01/Explore.exe probably infected with DLOADER.Trojan
>>http://www.google.com.50nb.com/01/Explore.exe - archive BINARYRES
>>>http://www.google.com.50nb.com/01/Explore.exe/data001 - Ok
>>>http://www.google.com.50nb.com/01/Explore.exe/data002 - Ok
>>>http://www.google.com.50nb.com/01/Explore.exe/data003 packed by UPX
>>>>http://www.google.com.50nb.com/01/Explore.exe/data003 infected with Trojan.NtRootKit.1931
>>>http://www.google.com.50nb.com/01/Explore.exe/data004 - Ok

显示全部楼层 · 发表于 2008-12-3 22:52:05

之后好卡~`````````

008-12-03 22:41:09 创建文件    操作:阻止
进程路径:D:\Program Files\GreenBrowser\GreenBrowser.exe
文件路径:E:\Local Settings\Temporary Internet Files\Content.IE5\M90Z03SD\i[1].com
触发规则:所有程序规则->黑白名单->*.com

2008-12-03 22:41:09 创建文件    操作:阻止
进程路径:D:\Program Files\GreenBrowser\GreenBrowser.exe
文件路径:E:\Local Settings\Temporary Internet Files\Content.IE5\M90Z03SD\CAU34XI1.com
触发规则:所有程序规则->黑白名单->*.com

2008-12-03 22:41:12 创建文件    操作:阻止
进程路径:D:\Program Files\GreenBrowser\GreenBrowser.exe
文件路径:E:\Local Settings\Temporary Internet Files\Content.IE5\KP61IVG5\search[1].com
触发规则:所有程序规则->黑白名单->*.com

2008-12-03 22:41:12 创建文件    操作:阻止
进程路径:D:\Program Files\GreenBrowser\GreenBrowser.exe
文件路径:E:\Local Settings\Temporary Internet Files\Content.IE5\KP61IVG5\CA81UJWT.com
触发规则:所有程序规则->黑白名单->*.com

2008-12-03 22:41:54 加载库文件    操作:阻止
进程路径:D:\Program Files\GreenBrowser\GreenBrowser.exe
文件路径:C:\Program Files\Common Files\System\msadc\msadco.dll
触发规则:所有程序规则->禁止加载的库文件->*\msadco.dll

2008-12-03 22:41:54 加载库文件    操作:阻止
进程路径:D:\Program Files\GreenBrowser\GreenBrowser.exe
文件路径:C:\Program Files\Common Files\System\msadc\msadco.dll
触发规则:所有程序规则->禁止加载的库文件->*\msadco.dll

2008-12-03 22:42:13 修改文件    操作:允许
进程路径:D:\Program Files\Process Lasso\ProcessLasso.exe
文件路径:D:\Program Files\Process Lasso\processgovernor.exe
触发规则:应用程序规则->自动创建规则->D:\Program Files\Process Lasso\ProcessLasso.exe->D:\Program Files\Process Lasso\processgovernor.exe

2008-12-03 22:42:15 加载库文件    操作:阻止
进程路径:D:\Program Files\GreenBrowser\GreenBrowser.exe
文件路径:C:\Program Files\Common Files\System\msadc\msadco.dll
触发规则:所有程序规则->禁止加载的库文件->*\msadco.dll

2008-12-03 22:42:16 修改文件    操作:允许
进程路径:D:\Program Files\Process Lasso\ProcessLasso.exe
文件路径:D:\Program Files\Process Lasso\processgovernor.exe
触发规则:应用程序规则->自动创建规则->D:\Program Files\Process Lasso\ProcessLasso.exe->D:\Program Files\Process Lasso\processgovernor.exe

2008-12-03 22:42:18 修改文件    操作:允许
进程路径:D:\Program Files\Process Lasso\ProcessLasso.exe
文件路径:D:\Program Files\Process Lasso\processgovernor.exe
触发规则:应用程序规则->自动创建规则->D:\Program Files\Process Lasso\ProcessLasso.exe->D:\Program Files\Process Lasso\processgovernor.exe

2008-12-03 22:42:23 修改文件    操作:允许
进程路径:D:\Program Files\Process Lasso\ProcessLasso.exe
文件路径:D:\Program Files\Process Lasso\processgovernor.exe
触发规则:应用程序规则->自动创建规则->D:\Program Files\Process Lasso\ProcessLasso.exe->D:\Program Files\Process Lasso\processgovernor.exe

2008-12-03 22:43:08 加载库文件    操作:阻止
进程路径:D:\Program Files\GreenBrowser\GreenBrowser.exe
文件路径:C:\Program Files\Common Files\System\msadc\msadco.dll
触发规则:所有程序规则->禁止加载的库文件->*\msadco.dll

2008-12-03 22:44:04 加载库文件    操作:阻止
进程路径:D:\Program Files\GreenBrowser\GreenBrowser.exe
文件路径:C:\Program Files\Common Files\System\msadc\msadco.dll
触发规则:所有程序规则->禁止加载的库文件->*\msadco.dll

2008-12-03 22:44:54 加载库文件    操作:阻止
进程路径:D:\Program Files\GreenBrowser\GreenBrowser.exe
文件路径:C:\Program Files\Common Files\System\msadc\msadco.dll
触发规则:所有程序规则->禁止加载的库文件->*\msadco.dll

2008-12-03 22:46:03 加载库文件    操作:阻止
进程路径:D:\Program Files\GreenBrowser\GreenBrowser.exe
文件路径:C:\Program Files\Common Files\System\msadc\msadco.dll
触发规则:所有程序规则->禁止加载的库文件->*\msadco.dll

显示全部楼层 · 发表于 2008-12-4 02:38:29

2008-12-04 2:36:56 HTTP filter file http://www.google.com.50nb.com/01/Explore.exe a variant of Win32/TrojanDownloader.Agent.OMQ trojan connection terminated - quarantined CHINESE-GUNDAM\GUNDAM Threat was detected upon access to web by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
css下不来

[已鉴定] 宝鸡人事网

评分