8x 网页病毒脚本 kaba启发两个

显示全部楼层 · 发表于 2009-1-17 06:42:25

一个是自己发现的，另外5个是在某论坛找到的！（那个人还没上报，只是提示而已！）（ps. 6x to kaba kill)
kaba 启发一个！

在上传两个吧！（kaba 启发一个）

07.12压缩包 kaba 回复

fzl.htm_

No malicious code was found in this file.

ggff.htm_ - Trojan-Downloader.JS.Agent.dhs

[ 本帖最后由 FLogo 于 2009-1-17 09:15 编辑 ]

显示全部楼层 · 发表于 2009-1-17 06:57:33

扫描进行于：2009-1-16 23:57:11
扫描日志
NOD32版本 3772 (20090116) NT
命令行： D:\下载文件夹\TDDOWNLOAD.rar

日期： 16.1.2009 时间：23:57:16
已开启反隐藏功能.
已扫描的磁盘，文件夹及文件：D:\下载文件夹\TDDOWNLOAD.rar
D:\下载文件夹\TDDOWNLOAD.rar >>RAR >>TDDOWNLOAD\no.zip >>ZIP >>no.htm - JS/TrojanDownloader.Small.NBO 木马 - 是已删除对象的一部分
D:\下载文件夹\TDDOWNLOAD.rar >>RAR >>TDDOWNLOAD\sms.zip >>ZIP >>sms.htm - JS/Exploit.CVE-2008-2463 木马 - 是已删除对象的一部分
已扫描的文件数目：7
已发现的病毒数目：2
已清除病毒的文件数目：1
完成时间： 23:57:17 总扫描时间：1 秒 (00:00:01)

显示全部楼层 · 发表于 2009-1-17 08:17:13

Avira kill all!

显示全部楼层 · 发表于 2009-1-17 08:18:21

[DETECTION] Contains recognition pattern of the HTML/Malicious.ActiveX.Gen HTML script virus

显示全部楼层 · 发表于 2009-1-17 09:38:37

avast! kill all

显示全部楼层 · 发表于 2009-1-17 10:53:08

原帖由 kav2046 于 2009-1-17 08:17 发表
Avira kill all!

what does that "all" mean?

显示全部楼层 · 发表于 2009-1-17 13:20:52

中天的玩意。没什么稀奇的

显示全部楼层 · 发表于 2009-1-17 13:22:10

小夏又换avira 9.0了

显示全部楼层 · 发表于 2009-1-17 14:36:05

Start of the scan: 2009年1月17日  14:19
Starting the file scan:

Begin scan in 'C:\Documents and Settings\***\桌面\文件'
C:\Documents and Settings\***\桌面\文件\fzl.zip
[0] Archive type: ZIP
--> fzl.htm
   [DETECTION] Contains recognition pattern of the JS/Dldr.Agent.ctb Java script virus
[NOTE]    A backup was created as '49dd78f2.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\***\桌面\文件\ggff.zip
[0] Archive type: ZIP
--> ggff.htm
   [DETECTION] Contains recognition pattern of the HTML/Malicious.ActiveX.Gen HTML script virus
[NOTE]    A backup was created as '49d778df.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\***\桌面\文件\TDDOWNLOAD\fhhh.zip
[0] Archive type: ZIP
--> fhhh.html
   [DETECTION] Contains recognition pattern of the JS/Dldr.Agent.TC Java script virus
[NOTE]    A backup was created as '49d978e1.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\***\桌面\文件\TDDOWNLOAD\for.zip
[0] Archive type: ZIP
--> for.htm
   [DETECTION] Contains recognition pattern of the HTML/Silly.Gen HTML script virus
[NOTE]    A backup was created as '49e378e8.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\***\桌面\文件\TDDOWNLOAD\new.zip
[0] Archive type: ZIP
--> new.html
   [DETECTION] Contains recognition pattern of the HTML/IFrame.800 HTML script virus
[NOTE]    A backup was created as '49e878de.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
C:\Documents and Settings\***\桌面\文件\TDDOWNLOAD\sms.zip
[0] Archive type: ZIP
--> sms.htm
   [DETECTION] Contains recognition pattern of the JS/Dldr.Agent.afr Java script virus
[NOTE]    A backup was created as '49e478e6.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
----------------------------------------------------红伞S版(库升至最新V7.01.01.134版)杀6个。

上报红伞2个。
∞∞∞∞∞∞∞∞
File ID  Filename Size (Byte) Result
25234504  090117文件x2.rar 931 Byte OK
A listing of files contained inside archives alongside their results can be found below:

File ID  Filename Size (Byte) Result
25234361  no.htm  470 Byte  UNDER ANALYSIS
25234363  who.htm  623 Byte  UNDER ANALYSIS

显示全部楼层 · 发表于 2009-1-17 23:10:35

金山

病毒 2009-01-17 23:10:49 C:\Documents and Settings\Administrator\桌面\TDDOWNLOAD.rar\TDDOWNLOAD\fhhh.zip\fhhh.html JS.Downloader.vw.1211 清除成功
病毒 2009-01-17 23:10:48 C:\Documents and Settings\Administrator\桌面\07[1].12.zip\fzl.zip\fzl.htm JS.Downloader.zh.1199 清除成功

[病毒样本] 8x 网页病毒脚本 kaba启发两个

本帖子中包含更多资源

AntiVir Desktop

回复 4楼 zwl2828 的帖子