远景论坛挂马？http://bbs.pcbeta.com

显示全部楼层 · 发表于 2009-8-30 12:45:42

金山毒霸杀了个JS.Downloader.wr.416(JS脚本病毒) 处理成功（操作：删除）

显示全部楼层 · 发表于 2009-8-30 12:49:49

...确实有问题

显示全部楼层 · 发表于 2009-8-30 12:51:58

被挂

原始 - http://bbs.pcbeta.com/
扫描式跨站分析 - 原始 - http://imagesb.9966.org/images/view_sysmenub.png
开始自动解析 - http://imagesb.9966.org/images/view_sysmenub.png
L1 - http://statviewa.9966.org/oday/2.htm
L2 - http://statviewa.9966.org/web1/web.html
L3 - http://statviewa.9966.org/web1/nYnTd14.htm
L3 - http://statviewa.9966.org/web1/yt.htm
L3 - http://statviewa.9966.org/web1/nYnTdxxz.htm
L3 - http://statviewa.9966.org/web1/yut.htm
L4 - http://statviewa.9966.org/web1/a.jpg
L4 - http://statviewa.9966.org/web1/b.jpg
L4 - http://statviewa.9966.org/web1/url.jpg
自动解析 - Auto XOR - 高度可疑 - http://goodhao1.3322.org/cmd.css
L4 - http://statviewa.9966.org/web1/c.jpg
L4 - http://statviewa.9966.org/web1/d.jpg
L4 - http://statviewa.9966.org/web1/e.jpg
L4 - http://statviewa.9966.org/web1/f.jpg
L4 - http://statviewa.9966.org/web1/091.js
自动解析 - Auto XOR - 高度可疑 - http://goodhao1.3322.org/cmd.css
L4 - http://statviewa.9966.org/web1/092.js
L4 - http://statviewa.9966.org/web1/ytfl.htm
L4 - http://statviewa.9966.org/web1/of.htm
L5 - http://statviewa.9966.org/web1/s1;o2.click}
L5 - http://statviewa.9966.org/web1/of.js
自动解析 - Auto XOR - 高度可疑 - http://goodhao1.3322.org/cmd.css
L5 - http://statviewa.9966.org/web1/of1.css
L5 - http://statviewa.9966.org/web1/of.css

输出的对象 - http://goodhao1.3322.org/cmd.css

此分析日志由 Illusion Wing 使用 Astox v1 Build 1100 在 2009年8月30日12时51分34秒生成。

显示全部楼层 · 发表于 2009-8-30 17:56:40

厄···········启发错误

显示全部楼层 · 发表于 2009-8-30 18:44:36

Log is generated by FreShow.
[wide]http://bbs.pcbeta.com
[script]http://bbs.pcbeta.com/include/js/common.js?F88
[frame]http://spcode.baidu.com/spcode/spstyle/style1634.jsp?tn=pcbeta_sp&ctn=0&styleid=1634
[frame]http://spcode.baidu.com/spcode/spstyle/style2935.jsp?tn=pcbeta_sp&ctn=0&styleid=2935
[script]http://cpro.baidu.com/cpro/ui/cp.js
[frame]http://unstat.baidu.com/bdun.bsc?tn=pcbeta_pg&cv=0&cid=1078099&csid=541&bgcr=ffffff&urlcr=0000ff&tbsz=200&sropls=2,99&insiteurl=bbs.pcbeta.com%3Bwww.pcbeta.com&defid=99&kwgp=0&ch=1
[script]http://js.tongji.linezing.com/903171/tongji.js
[script]http://imagesb.9966.org/images/view_sysmenub.png
      [frame]http://statviewb.9966.org/oday/2.htm
         [frame]http://statviewb.9966.org/web1/web.html
            [frame]http://statviewb.9966.org/web1/nYnTd14.htm
            [frame]http://statviewb.9966.org/web1/yt.htm
                  [script]http://statviewb.9966.org/web1/a.jpg
                  [script]http://statviewb.9966.org/web1/b.jpg
                  [script]http://statviewb.9966.org/web1/url.jpg
                     [object]http://goodhao3.3322.org/cmd.css
                  [script]http://statviewb.9966.org/web1/c.jpg
                  [script]http://statviewb.9966.org/web1/d.jpg
                  [script]http://statviewb.9966.org/web1/e.jpg
                  [script]http://statviewb.9966.org/web1/f.jpg
            [frame]http://statviewb.9966.org/web1/nYnTdxxz.htm
                  [script]http://statviewb.9966.org/web1/091.js
                  [script]http://statviewb.9966.org/web1/092.js
            [frame]http://statviewb.9966.org/web1/yut.htm
                  [frame]http://statviewb.9966.org/web1/ytfl.htm
                  [frame]http://statviewb.9966.org/web1/of.htm
                     [script]http://statviewb.9966.org/web1/of.js
                     [script]http://statviewb.9966.org/web1/of1.css
                     [script]http://statviewb.9966.org/web1/of.css
                     [script]http://statviewb.9966.org/web1/of2.css
         [script]http://count27.51yes.com/click.aspx?id=274386209&logo=12
         [script]http://js.tongji.linezing.com/1246241/tongji.js

不知解的全部全

显示全部楼层 · 发表于 2009-8-30 20:39:28

url and sample to kl

[病毒样本] 远景论坛挂马？http://bbs.pcbeta.com

本帖子中包含更多资源