hxxp://www.51zxw.net/list.aspx?cid=19(挂马by:cchao21)

显示全部楼层 · 发表于 2009-9-2 22:31:39

hxxp://www.51zxw.net/list.aspx?cid=19

登录的时候网盾报了，不知道是不是挂了！大家给看看～～

[ 本帖最后由 cchao21 于 2009-9-2 23:14 编辑 ]

显示全部楼层 · 发表于 2009-9-2 22:34:33

原始 - http://www.51zxw.net/list.aspx?cid=19
扫描式跨站分析 - 原始 - http://www.dynamicdrive.com
扫描式跨站分析 - 原始 - http://movie.51zxw.net
扫描式跨站分析 - 原始 - http://pagead2.googlesyndication.com/pagead/show_ads.js

没发现，网盾报的什么

显示全部楼层 · 发表于 2009-9-2 23:14:08

挂马了。。。
关于:hxxp://www.51zxw.net/list.aspx?cid=19解密的日志(全体输出 -  51):

Level  0>http://www.51zxw.net/list.aspx?cid=19
Level  1>http://dve.xorg.pl/x.js?google_ad=92x32_ad
Level  2>http://kkaj.dns0755.net/cc/360.htm
Level  3>http://js.tongji.linezing.com/806392/tongji.js
Level  3>http://kkaj.dns0755.net/cc/aa.js
Level  4>http://kkaj.dns0755.net/cc/aa.htm
Level  5>http://kkaj.dns0755.net/cc/ff.html
Level  6>http://kkaj.dns0755.net/a/aaa.exe  ●
Level  5>http://kkaj.dns0755.net/cc/ie.html
Level  6>http://kkaj.dns0755.net/a/aaa.exe  ●
Level  3>http://kkaj.dns0755.net/cc/yt.htm
Level  4>http://kkaj.dns0755.net/cc/bf.htm
Level  5>http://kkaj.dns0755.net/cc/bf.js
Level  5>http://kkaj.dns0755.net/cc/2.css
Level  6>http://kkaj.dns0755.net/a/aa.exe  ●
Level  4>http://kkaj.dns0755.net/cc/of.htm
Level  5>http://kkaj.dns0755.net/cc/of.css
Level  6>http://kkaj.dns0755.net/a/aa.exe  ●
Level  4>http://kkaj.dns0755.net/cc/newlz.htm
Level  5>http://kkaj.dns0755.net/cc/newlz.css
Level  6>http://kkaj.dns0755.net/a/aa.exe  ●
Level  4>http://kkaj.dns0755.net/cc/office.htm
Level  5>http://kkaj.dns0755.net/cc/office.css
Level  6>http://kkaj.dns0755.net/a/aa.exe  ●
Level  4>http://kkaj.dns0755.net/cc/xie.htm
Level  5>http://kkaj.dns0755.net/cc/av2.swf
Level  5>http://kkaj.dns0755.net/cc/av3.swf
Level  5>http://kkaj.dns0755.net/cc/av1.swf
Level  6>http://kkaj.dns0755.net/a/aa.exe  ●
Level  4>http://kkaj.dns0755.net/cc/yt.js
Level  5>http://kkaj.dns0755.net/cc/4.htm
Level  6>http://kkaj.dns0755.net/cc/unescape
Level  6>http://kkaj.dns0755.net/cc/2.css
Level  7>http://kkaj.dns0755.net/a/aa.exe  ●
Level  5>http://kkaj.dns0755.net/cc/3.htm
Level  6>http://kkaj.dns0755.net/cc/3.css
Level  7>http://kkaj.dns0755.net/a/aa.exe  ●
Level  3>http://kkaj.dns0755.net/cc/iie.swf
Level  4>http://kkaj.dns0755.net/cc/WIN 9,0,16,0i.swf
Level  5>http://kkaj.dns0755.net/a/aa.exe  ●
Level  1>http://www.51zxw.net/inc/menu.jscharset=gb2312
Level  1>http://s71.cnzz.com/stat.php?id=520717&amp
Level  1>http://sighttp.qq.com/wpa.js?rantime=+math.random
Level  1>http://pagead2.googlesyndication.com/pagead/show_ads.js
Level  1>http://www.51zxw.net/bbs/dv_news.asp?getname=fid19
Level  1>http://www.51zxw.net/inc/pager.js
Level  1>http://www.51zxw.net/focus.swfflashvars=+vars+quality=highwidth=+
Level  1>http://www.51zxw.net/inc/popmenu.jscharset=gb2312
Level  1>http://www.51zxw.net/pic/cad2009gg.jpgborder=0alt=width=660height=69
Level  1>http://frm_login.aspxstyle=visibility:hidden
Level  1>http://www.51zxw.net/inc/head.js

日志由 Redoce2.0第41次修正版于 2009-9-2 23:13:35 生成。

显示全部楼层 · 发表于 2009-9-2 23:26:53

我rp又出问题了…

显示全部楼层 · 发表于 2009-9-2 23:34:25

To KL

显示全部楼层 · 发表于 2009-9-3 00:12:54

Hello,

aa.exe - Worm.Win32.AutoRun.avpz

At the moment this file is detected. Please update your antivirus bases.

Best regards, Ilya Tolstikhin
Virus analyst, Kaspersky Lab.

显示全部楼层 · 发表于 2009-9-3 00:33:27

2009-8-16 23:56:22 创建文件阻止
进程: c:\program files\maxthon\maxthon.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GHIJK9E3\aa[1].exe
规则: [应用程序组]病毒行为 -> [应用程序]* -> [文件]c:\documents and settings\administrator\local settings\temporary internet files\content.ie5\*; *.exe

2009-8-16 23:56:22 创建文件阻止
进程: c:\program files\maxthon\maxthon.exe
目标: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GHIJK9E3\CAQHSLOS.exe
规则: [应用程序组]病毒行为 -> [应用程序]* -> [文件]c:\documents and settings\administrator\local settings\temporary internet files\content.ie5\*; *.exe

[已鉴定] hxxp://www.51zxw.net/list.aspx?cid=19(挂马by:cchao21)