超恶心的网站

Anycall-D908

http://www.haodoo.com/pics/animal/a28/b/20060这个臭网站,气死我啦!我这辈子没见过这么变态的,刚才打开他我的电脑基本就是处于半死机状态.NOD32狂弹警告窗口,我关了不下一百个警告还在继续弹.微点也不断提示,我以为重启动脑,竟然也给NOD32不断弹出的警告框拦住关不了机,只好按电源.
      重启电脑后以为找这个死网站算账,谁知道现在他竟然打不开!!!!!!!!!!啊!好气愤啊!!!
      我中毒的时候是在百度搜索"深海"的图片的时候中招的,太恐怖了,我简直有了阴影.

这些是微点处理的部分日志:
时间 处理结果 木马名称 木马进程名 木马文件创建者
2007-05-01 22:00:37 处理成功 未知间谍软件 C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\NEWINFO.BMP C:\WINDOWS\~TMP.TMP
2007-05-01 22:00:37 处理成功 未知间谍软件 C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\SYSTEM.2DT C:\WINDOWS\~TMP.TMP
2007-05-01 22:00:37 处理成功 未知间谍软件 C:\WINDOWS\~TMP.TMP C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
2007-05-01 21:55:54 处理成功 未知木马 C:\WINDOWS\SYSTEM32\IME\CSRSS.EXE C:\WINDOWS\~TEMP2538.EXE
2007-05-01 21:55:54 处理成功 Trojan.Win32.Panddos.o C:\DOCUMENTS AND SETTINGS\OUYANG\LOCAL SETTINGS\TEMP\SVCHCST.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
2007-05-01 21:55:54 处理成功 未知木马 C:\WINDOWS\~TEMP2538.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
2007-05-01 21:55:49 处理成功 Trojan.Win32.Panddos.o C:\DOCUMENTS AND SETTINGS\OUYANG\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\WT23KX6J\RUNDL132[1].EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

[ 本帖最后由 Anycall-D908 于 2007-5-1 22:45 编辑 ]

小邪邪

无法找到网页
您正在搜索的网页可能已经删除、更名或暂时不可用。

--------------------------------------------------------------------------------

请尝试下列操作：

如果您在“地址”栏中键入了网页地址，请检查其拼写是否正确。

打开 www.haodoo.com 主页，寻找指向所需信息的链接。
单击后退按钮尝试其他链接。
HTTP 404 - 无法找到文件
Internet 信息服务


--------------------------------------------------------------------------------

技术信息（支持个人）

详细信息：
Microsoft 支持

jxxfcwb

沙发～～嘿嘿

jxxfcwb

此网页打不开～～～

Anycall-D908

样本刚发上来了,麻烦大家分析下.超恶心的....NOD32哪里还有好几百的日志,我看得恶心了.贴上来的话更是不可能

小邪邪

Anycall-D908

原帖由 小邪邪 于 2007-5-1 22:50 发表

     原来你也会这样哦?我还以为只有我自己是这样呢!病毒真的好多,什么样的病毒都有.我还真没遇过这么恐怖的,奶奶的,五一节遇到这鬼东西,算我倒霉.

小邪邪

我这里现在再进去已经全无发现了，还没爽够就给没了，晕

moonsilver

瑞星杀了2个

mofunzone

Starting the file scan:

Begin scan in 'C:\Documents and Settings\morgan\My Documents\微点隔离的部分样本.rar'
C:\Documents and Settings\morgan\My Documents\
  微点隔离的部分样本.rar
    [0] Archive type: RAR
    --> н¨Îļþ¼Ð\CSRSS.EXE
        [DETECTION] Contains suspicious code HEUR/Crypted
        [WARNING]   Infected files in archives cannot be repaired!
    --> н¨Îļþ¼Ð\NEWINFO.BMP
        [DETECTION] Contains suspicious code HEUR/Malware
        [WARNING]   Infected files in archives cannot be repaired!
    --> н¨Îļþ¼Ð\RUNDL132[1].EXE
        [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Agent.FS.22 Backdoor server programs
        [WARNING]   Infected files in archives cannot be repaired!
    --> н¨Îļþ¼Ð\SVCHCST.EXE
        [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Agent.FS.22 Backdoor server programs
        [WARNING]   Infected files in archives cannot be repaired!
    --> н¨Îļþ¼Ð\SYSTEM.2DT
        [DETECTION] Contains signature of the dropper DR/Delphi.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> н¨Îļþ¼Ð\~TEMP2538.EXE
        [DETECTION] Contains suspicious code HEUR/Crypted
        [WARNING]   Infected files in archives cannot be repaired!
    --> н¨Îļþ¼Ð\~TMP.TMP
        [DETECTION] Contains signature of the dropper DR/Delphi.Gen
        [WARNING]   Infected files in archives cannot be repaired!
        [WARNING]   The file was ignored!


End of the scan: 2007年5月1日  08:08
Used time: 00:09 min

The scan has been done completely.

      0 Scanning directories
      8 Files were scanned
      7 viruses and/or unwanted programs were found
      3 classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
     -2 Files not concerned
      1 Archives were scanned
      8 Warnings
      0 Notes
      0 Hidden objects were found