红伞防不住个盗号木马？？？？？？

will

Log is generated by FreShow.
[wide]http://www.xinnong.com/niu/hangqing/wow/10150.html
    [script]http://pagead3.googlesyndications.co.cc/data/backup/logo.gif
        [frame]http://www.97it.com.cn/a/kk.htm?hahakkkk
            [script]http://www.97it.com.cn/a/what.jpg
            [object]http://www.07073.com/t/w.rar

ankhyoyo

真是悲剧了  只是很不解将军令就这么脆弱么

幸福的猪猪

小红伞可以查杀此木马程序.

Start of the scan: 2010年1月25日  16:20

Starting the file scan:

Begin scan in 'D:\Downloads\w.exe'
D:\Downloads\w.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was deleted!


End of the scan: 2010年1月25日  16:20
Used time: 00:36 Minute(s)

The scan has been done completely.

      0 Scanned directories
      1 Files were scanned
      1 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      1 files were deleted
      0 Viruses and unwanted programs were repaired
      0 Files were moved to quarantine
      0 Files were renamed
      0 Files cannot be scanned
      0 Files not concerned
      0 Archives were scanned
      0 Warnings
      1 Notes

a256886572008

will

楼主这样修复系统：
1.重命名C:\Windows\System32\rpcss.dll为rpcss.dll.old
2.重命名C:\Windows\System32\t3rpcss.dll为rpcss.dll
3.搜索System32下大小为64KB（65536字节），MD5值为6B62FFB880F745B3A1E2198CC09D1C8C 的t39123.dll文件(这是个WOW盗号木马)，将其强制删除
4.将红伞更新至最新，扫描系统盘

Hopesky

关于:hxxp://www.xinnong.com/niu/hangqing/wow/10150.html解密的日志(全体输出 -  5):

Level  1>hxxp://www.xinnong.com/niu/hangqing/wow/10150.html
Level  1>hxxp://pagead3.googlesyndications.co.cc/data/backup/logo.gif
Level  1>hxxp://www.97it.com.cn/a/kk.htm?hahakkkk
Level  1>hxxp://www.97it.com.cn/a/what.jpg
Level  2>hxxp://www.07073.com/t/w.rar ●

By   XE鼓

钢铁侠

瑞星2010拦截，上图。

Hopesky

回复 17# 钢铁侠


    图挂

钢铁侠

回复 18# Hopesky
编辑了几次都挂了，总算好了，累死我了。

said411f

杯具呦~~
op攔截IP:222.35.140.235~~~~