发现一个网页木马，有胆的来试试：）

显示全部楼层 · 发表于 2007-3-22 19:58:39

我是驱逐舰+SNS没反映啊~~

显示全部楼层 · 发表于 2007-3-22 20:35:33

我的天啊!!!!我没打一个补丁..踩上去...IE窗口弹出N多..差点卡死..动都动不了..全靠我把网线拔了...要不然就死机了....还没动它结束..DR.WEB就报了10多个!!!!!!!!!!!!
做这个网站的人真的该死!!!!!!!!!!!

2-03-2007 19:57:22 [CL] C:\Documents and Settings\xpn\Local Settings\Temporary Internet Files\Content.IE5\C7IYS30J\haidao[1].exe\123.exe - infected with BackDoor.Pigeon.194
22-03-2007 19:57:22 [CL] C:\Documents and Settings\xpn\Local Settings\Temporary Internet Files\Content.IE5\C7IYS30J\haidao[1].exe - infected archive

22-03-2007 19:57:23 [CL] C:\DOCUME~1\xpn\LOCALS~1\Temp\svchost.exe\123.exe - infected with BackDoor.Pigeon.194
22-03-2007 19:57:23 [CL] C:\DOCUME~1\xpn\LOCALS~1\Temp\svchost.exe - infected archive

22-03-2007 19:58:39 [CL] C:\Documents and Settings\xpn\Local Settings\Temporary Internet Files\Content.IE5\C7IYS30J\haidao[1].exe - moved
22-03-2007 19:58:44 [CL] C:\DOCUME~1\xpn\LOCALS~1\Temp\svchost.exe - moved

22-03-2007 20:13:37 [CL] C:\Documents and Settings\xpn\Local Settings\Temporary Internet Files\Content.IE5\2PG5496L\theopenm[1].htm - infected with VBS.Psyme.239
22-03-2007 20:13:46 [CL] C:\Documents and Settings\xpn\Local Settings\Temporary Internet Files\Content.IE5\2PG5496L\theopenm[1].htm - deleted

22-03-2007 20:13:46 [CL] C:\Documents and Settings\xpn\Local Settings\Temporary Internet Files\Content.IE5\C7IYS30J\downloader[1].exe - infected with Trojan.DownLoader.14143
22-03-2007 20:13:46 [CL] C:\DOCUME~1\xpn\LOCALS~1\Temp\downloader.exe - infected with Trojan.DownLoader.14143

22-03-2007 20:13:53 [CL] C:\Documents and Settings\xpn\Local Settings\Temporary Internet Files\Content.IE5\C7IYS30J\downloader[1].exe - deleted
22-03-2007 20:13:54 [CL] C:\DOCUME~1\xpn\LOCALS~1\Temp\downloader.exe - deleted

22-03-2007 20:14:06 [CL] C:\Documents and Settings\xpn\Local Settings\Temporary Internet Files\Content.IE5\C7IYS30J\tianyaa[1].htm - infected with VBS.Psyme.239
22-03-2007 20:14:12 [CL] C:\Documents and Settings\xpn\Local Settings\Temporary Internet Files\Content.IE5\C7IYS30J\tianyaa[1].htm - deleted

22-03-2007 20:14:12 [CL] C:\Documents and Settings\xpn\Local Settings\Temporary Internet Files\Content.IE5\2PG5496L\lianli[1].htm - infected with VBS.Psyme.239
22-03-2007 20:14:13 [CL] C:\Documents and Settings\xpn\Local Settings\Temporary Internet Files\Content.IE5\2PG5496L\lianli[1].htm - deleted

22-03-2007 20:14:13 [CL] C:\Documents and Settings\xpn\Local Settings\Temporary Internet Files\Content.IE5\2PG5496L\zhen[1].htm - infected with VBS.Psyme.239
22-03-2007 20:14:14 [CL] C:\Documents and Settings\xpn\Local Settings\Temporary Internet Files\Content.IE5\2PG5496L\zhen[1].htm - deleted

22-03-2007 20:14:14 [CL] C:\Documents and Settings\xpn\Local Settings\Temporary Internet Files\Content.IE5\0DKNKHOT\set[1].htm - infected with VBS.Psyme.239
22-03-2007 20:14:15 [CL] C:\Documents and Settings\xpn\Local Settings\Temporary Internet Files\Content.IE5\0DKNKHOT\set[1].htm - deleted

22-03-2007 20:14:15 [CL] C:\Documents and Settings\xpn\Local Settings\Temporary Internet Files\Content.IE5\0DKNKHOT\minglang[1].htm - infected with VBS.Psyme.239
22-03-2007 20:14:15 [CL] C:\Documents and Settings\xpn\Local Settings\Temporary Internet Files\Content.IE5\0DKNKHOT\minglang[1].htm - deleted

22-03-2007 20:14:15 [CL] C:\Documents and Settings\xpn\Local Settings\Temporary Internet Files\Content.IE5\0DKNKHOT\mng[1].htm - infected with VBS.Psyme.239
22-03-2007 20:14:16 [CL] C:\Documents and Settings\xpn\Local Settings\Temporary Internet Files\Content.IE5\0DKNKHOT\mng[1].htm - deleted

22-03-2007 20:14:16 [CL] C:\Documents and Settings\xpn\Local Settings\Temporary Internet Files\Content.IE5\0DKNKHOT\miyu1[1].htm - infected with VBS.Psyme.239
22-03-2007 20:14:16 [CL] C:\Documents and Settings\xpn\Local Settings\Temporary Internet Files\Content.IE5\0DKNKHOT\miyu1[1].htm - deleted

22-03-2007 20:14:16 [CL] C:\Documents and Settings\xpn\Local Settings\Temporary Internet Files\Content.IE5\0DKNKHOT\bind_50077[1].htm - infected with VBS.Psyme.239
22-03-2007 20:14:17 [CL] C:\Documents and Settings\xpn\Local Settings\Temporary Internet Files\Content.IE5\0DKNKHOT\bind_50077[1].htm - deleted

22-03-2007 20:14:17 [CL] C:\Documents and Settings\xpn\Local Settings\Temporary Internet Files\Content.IE5\0DKNKHOT\165561[1].htm - infected with VBS.Psyme.239
22-03-2007 20:14:18 [CL] C:\Documents and Settings\xpn\Local Settings\Temporary Internet Files\Content.IE5\0DKNKHOT\165561[1].htm - deleted

22-03-2007 20:14:18 [CL] C:\Documents and Settings\xpn\Local Settings\Temporary Internet Files\Content.IE5\0DKNKHOT\cj[1].exe - infected with Trojan.PWS.Gamania

22-03-2007 20:14:18 [CL] C:\DOCUME~1\xpn\LOCALS~1\Temp\cj.exe - infected with Trojan.PWS.Gamania

22-03-2007 20:14:19 [CL] C:\Documents and Settings\xpn\Local Settings\Temporary Internet Files\Content.IE5\0DKNKHOT\cj[1].exe - deleted

22-03-2007 20:14:19 [CL] C:\DOCUME~1\xpn\LOCALS~1\Temp\cj.exe - deleted

22-03-2007 20:14:25 [CL] C:\Documents and Settings\xpn\Local Settings\Temporary Internet Files\Content.IE5\UJ676V2H\1238[1].exe - probably infected with DLOADER.Trojan
22-03-2007 20:14:25 [CL] C:\DOCUME~1\xpn\LOCALS~1\Temp\1238.exe - probably infected with DLOADER.Trojan
22-03-2007 20:14:27 [CL] C:\Documents and Settings\xpn\Local Settings\Temporary Internet Files\Content.IE5\UJ676V2H\1238[1].exe - deleted
22-03-2007 20:14:27 [CL] C:\DOCUME~1\xpn\LOCALS~1\Temp\1238.exe - deleted

显示全部楼层 · 发表于 2007-3-22 20:45:06

不打补丁，漏洞当然多啦

显示全部楼层 · 发表于 2007-3-22 21:11:11

bd拦了

显示全部楼层 · 发表于 2007-3-22 22:44:14

NOD 32:

Time Module Object Name Threat Action User Information
2007-3-22 22:39:32 IMON file http://59.34.197.239/theopenm.js JS/TrojanDownloader.Agent.CN trojan Connection terminated WWW-5688FBC3B6B\love dan
2007-3-22 22:39:28 IMON file http://59.34.197.239/theopenm.asp VBS/TrojanDownloader.Psyme.DB trojan Connection terminated WWW-5688FBC3B6B\love dan

再进就没有反应了。。。。

显示全部楼层 · 发表于 2007-3-22 23:48:49

我刚才又上了下，卡巴和费尔没反映是有过样本纪律免疫了还是没木马了啊

好想有啊，那样我的帖子人气就旺了啊

显示全部楼层 · 发表于 2007-3-23 00:39:28

进去一点反应都没有！

显示全部楼层 · 发表于 2007-3-23 17:45:02

哈，刚才又试验了，海是有毒，费尔报的哦。

[病毒样本] 发现一个网页木马，有胆的来试试：）

回复 #32 xpn282 的帖子