又一个被挂马了

显示全部楼层 · 发表于 2009-5-5 23:24:58

河南基础教研室的网站今天下午3点时要进去查下东西没想到小红伞狂报后用卡巴没反应晚上11点时再试卡巴有反应迅速啊哪位提取下样本
http://125.46.24.201/

[ 本帖最后由 lqhstar 于 2009-5-5 23:30 编辑 ]

显示全部楼层 · 发表于 2009-5-6 00:09:23

显示全部楼层 · 发表于 2009-5-6 00:18:20

URL TO KL

显示全部楼层 · 发表于 2009-5-6 01:24:32

咔嚓了他

显示全部楼层 · 发表于 2009-5-6 07:33:10

登陆就windows防火墙提示有外界连浏览器，阻止后浏览器关闭。。。

显示全部楼层 · 发表于 2009-5-6 09:39:24

如果是Vista的墙设置好了完全可以半裸上网

显示全部楼层 · 发表于 2009-5-6 09:58:13

我用IE8上了一點什么反應也沒啊，

......................................................
完了，不會已經掛了吧

（mcafee什么也沒報啊）

显示全部楼层 · 发表于 2009-5-6 10:00:05

关于:hxxp://wfew54.3322.org/a/cnzz.htm解密的日志(全体输出 - 29):

Level 1>http://wfew54.3322.org/a/yy.htm
Level 2>http://wfew54.3322.org/a/14.js
Level 3>http://wm5588.com/xh/windoss.css ●
Level 2>http://wfew54.3322.org/a/office.htm
Level 3>http://wfew54.3322.org/a/office.js
Level 4>http://wm5588.com/xh/windoss.css ●
Level 2>http://wfew54.3322.org/a/lz.htm
Level 3>http://wfew54.3322.org/a/lz.js
Level 2>http://wfew54.3322.org/a/02.htm
Level 3>http://wfew54.3322.org/a/set.js
Level 2>http://wfew54.3322.org/a/ip.htm
Level 2>http://wfew54.3322.org/a/ippp.htm
Level 2>http://wfew54.3322.org/a/qb.htm
Level 3>http://wfew54.3322.org/a/qb.js
Level 2>http://wfew54.3322.org/a/flash.htm
Level 3>http://wfew54.3322.org/a/fgg.html
Level 4>http://wfew54.3322.org/a/f28.swf ●
Level 4>http://wfew54.3322.org/a/f16.swf ●
Level 4>http://wfew54.3322.org/a/f115.swf ●
Level 4>http://wfew54.3322.org/a/f64.swf ●
Level 4>http://wfew54.3322.org/a/f47.swf ●
Level 4>http://wfew54.3322.org/a/f45.swf ●
Level 3>http://wfew54.3322.org/a/iggg.html
Level 4>http://wfew54.3322.org/a/i115.swf ●
Level 4>http://wfew54.3322.org/a/i64.swf ●
Level 4>http://wfew54.3322.org/a/i47.swf ●
Level 4>http://wfew54.3322.org/a/i45.swf ●
Level 4>http://wfew54.3322.org/a/i16.swf ●
Level 4>http://wfew54.3322.org/a/i28.swf ●

by 幸福的猪猪(不完全解密，打点的为病毒下载点，swf文件下载地址上报kaba！）

[ 本帖最后由幸福的猪猪于 2009-5-6 10:21 编辑 ]

显示全部楼层 · 发表于 2009-5-6 13:33:38

关于:hxxp://125.46.24.201/解密的日志(全体输出 -  34):

Level  0>http://125.46.24.201/
Level  1>http://121.205.88.233/wm/xx.js
Level  2>http://3b3.org/c.js
Level  3>http://wfew54.3322.org/a/a100.htm
Level  4>http://wfew54.3322.org/a/cnzz.htm
Level  5>http://wfew54.3322.org/a/office.htm
Level  6>http://wfew54.3322.org/a/office.js
Level  7>http://wm5588.com/xh/windoss.css  ●
Level  5>http://wfew54.3322.org/a/lz.htm
Level  6>http://wfew54.3322.org/a/lz.js
Level  5>http://wfew54.3322.org/a/02.htm
Level  6>http://wfew54.3322.org/a/set.js
Level  5>http://wfew54.3322.org/a/ip.htm
Level  5>http://wfew54.3322.org/a/ippp.htm
Level  5>http://wfew54.3322.org/a/qb.htm
Level  6>http://wfew54.3322.org/a/qb.js
Level  5>http://wfew54.3322.org/a/flash.htm
Level  6>http://wfew54.3322.org/a/fgg.html
Level  7>http://wfew54.3322.org/a/f115.swf  ●
Level  7>http://wfew54.3322.org/a/f64.swf  ●
Level  7>http://wfew54.3322.org/a/f47.swf  ●
Level  7>http://wfew54.3322.org/a/f45.swf  ●
Level  7>http://wfew54.3322.org/a/f28.swf  ●
Level  7>http://wfew54.3322.org/a/f16.swf  ●
Level  6>http://wfew54.3322.org/a/iggg.html
Level  7>http://wfew54.3322.org/a/i115.swf  ●
Level  7>http://wfew54.3322.org/a/i64.swf  ●
Level  7>http://wfew54.3322.org/a/i47.swf  ●
Level  7>http://wfew54.3322.org/a/i45.swf  ●
Level  7>http://wfew54.3322.org/a/i28.swf  ●
Level  7>http://wfew54.3322.org/a/i16.swf  ●
Level  8>http://wm5588.com/xh/windoss.css  ●
Level  5>http://wfew54.3322.org/a/yy.htm
Level  6>http://wfew54.3322.org/a/14.js

日志由 Redoce1.9第42次修正版于 2009-5-6 13:31:51 生成。

显示全部楼层 · 发表于 2009-5-6 13:37:28

12
C:\Documents and Settings\GUNDAM\桌面\TDDOWNLOAD.zip » ZIP » TDDOWNLOAD/f115.swf - SWF/Exploit.CVE-2007-0071 trojan
C:\Documents and Settings\GUNDAM\桌面\TDDOWNLOAD.zip » ZIP » TDDOWNLOAD/f28.swf - SWF/Exploit.CVE-2007-0071 trojan
C:\Documents and Settings\GUNDAM\桌面\TDDOWNLOAD.zip » ZIP » TDDOWNLOAD/f45.swf - SWF/Exploit.CVE-2007-0071 trojan
C:\Documents and Settings\GUNDAM\桌面\TDDOWNLOAD.zip » ZIP » TDDOWNLOAD/f47.swf - SWF/Exploit.CVE-2007-0071 trojan
C:\Documents and Settings\GUNDAM\桌面\TDDOWNLOAD.zip » ZIP » TDDOWNLOAD/f64.swf - SWF/Exploit.CVE-2007-0071 trojan
C:\Documents and Settings\GUNDAM\桌面\TDDOWNLOAD.zip » ZIP » TDDOWNLOAD/i115.swf - SWF/Exploit.CVE-2007-0071 trojan
C:\Documents and Settings\GUNDAM\桌面\TDDOWNLOAD.zip » ZIP » TDDOWNLOAD/i16.swf - SWF/Exploit.CVE-2007-0071 trojan
C:\Documents and Settings\GUNDAM\桌面\TDDOWNLOAD.zip » ZIP » TDDOWNLOAD/i28.swf - SWF/Exploit.CVE-2007-0071 trojan
C:\Documents and Settings\GUNDAM\桌面\TDDOWNLOAD.zip » ZIP » TDDOWNLOAD/i45.swf - SWF/Exploit.CVE-2007-0071 trojan
C:\Documents and Settings\GUNDAM\桌面\TDDOWNLOAD.zip » ZIP » TDDOWNLOAD/i47.swf - SWF/Exploit.CVE-2007-0071 trojan
C:\Documents and Settings\GUNDAM\桌面\TDDOWNLOAD.zip » ZIP » TDDOWNLOAD/i64.swf - SWF/Exploit.CVE-2007-0071 trojan
C:\Documents and Settings\GUNDAM\桌面\TDDOWNLOAD.zip » ZIP » TDDOWNLOAD/windoss.css - a variant of Win32/AntiAV.NAC trojan

[可疑文件] 又一个被挂马了

本帖子中包含更多资源

酷

本帖子中包含更多资源

本帖子中包含更多资源

回复 5楼 jhtl 的帖子

回复 1楼 lqhstar 的帖子

本帖子中包含更多资源

回复 8楼幸福的猪猪的帖子

[可疑文件] 又一个被挂马了

本帖子中包含更多资源

酷

本帖子中包含更多资源

本帖子中包含更多资源

回复 5楼 jhtl 的帖子

回复 1楼 lqhstar 的帖子

本帖子中包含更多资源

回复 8楼 幸福的猪猪 的帖子

回复 8楼幸福的猪猪的帖子