[中毒] JS/Iframe.D病毒小雨傘一直偵測到

看板AntiVirus (防毒)作者geniusgod (華麗的貪婪人最美麗本性)時間17年前 (2008/12/10 13:54)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串1/1

PO文請使用下列格式並將有要求的檔案附上資料越詳細才有辦法了解情況並作適當處理 1.問題描述：請在下面說明碰到的中毒情形，越詳細越好(可貼圖說明)：只要ie一開小雨傘就會一直跳出顯示中毒其他程式則否現在msn似乎也會 2.掃毒報告：請先使用掃毒軟體執行全機掃描後將掃毒結果傳到置底空間如會掃描很久請最少掃描以下位置和防毒軟體顯示的中毒檔案位置： C:\Windows\System32 C:\Windows C:\Program Files 請盡可能提供掃毒報告，如無法掃描請務必註明，也可使用線上掃毒掃描報告線上掃毒使用方式請看精華區 C:\DOCUMENTS AND SETTINGS\BBXP\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ 現在這個資料夾以下開網頁小雨傘即會顯示在這資料夾下有病毒小雨傘全系統掃描並沒有掃到昨天有使用F-Secure Online Scanner 掃過以下是結果 Result: 71 malware found JS/Iframe.D (virus) C:\DOCUMENTS AND SETTINGS\BBXP\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ZUCZFT0X\ARTICLERANDOMEXP[1].HTM (Submitted) FILES\CONTENT.IE5\ZUCZFT0X\CAI115OY.HTM (Submitted) FILES\CONTENT.IE5\ZUCZFT0X\CAQX7LSW.HTM (Submitted) FILES\CONTENT.IE5\ZUCZFT0X\JS_FLAT_1_0[1].HTM (Submitted) FILES\CONTENT.IE5\QT5YNIHG\CA8F6LSZ.HTM (Submitted) FILES\CONTENT.IE5\QT5YNIHG\COUNTSIDEEXP[1].HTM (Submitted) FILES\CONTENT.IE5\QT5YNIHG\JS_FLAT_1_0[1].HTM (Submitted) FILES\CONTENT.IE5\QT5YNIHG\JS_FLAT_1_0[2].HTM (Submitted) FILES\CONTENT.IE5\QT5YNIHG\JS_FLAT_1_0[3].HTM (Submitted) FILES\CONTENT.IE5\QT5YNIHG\JS_FLAT_1_0[4].HTM (Submitted) FILES\CONTENT.IE5\Q56VUHWH\AUTHORBUTTONEXP[1].HTM (Submitted) FILES\CONTENT.IE5\Q56VUHWH\CA7G53J4.HTM (Submitted) FILES\CONTENT.IE5\Q56VUHWH\JS_FLAT_1_0[1].HTM (Submitted) FILES\CONTENT.IE5\Q56VUHWH\JS_FLAT_1_0[2].HTM (Submitted) FILES\CONTENT.IE5\Q56VUHWH\JS_FLAT_1_0[3].HTM (Submitted) FILES\CONTENT.IE5\Q56VUHWH\JS_FLAT_1_0[4].HTM (Submitted) FILES\CONTENT.IE5\Q56VUHWH\VLOG_PLAYER_PROCESS[3].HTM (Submitted) FILES\CONTENT.IE5\OZ17QUBH\ADSADCLIENT31[1].HTM (Submitted) FILES\CONTENT.IE5\OZ17QUBH\ADSADCLIENT31[2].HTM (Submitted) FILES\CONTENT.IE5\OZ17QUBH\ADSADCLIENT31[3].HTM (Submitted) FILES\CONTENT.IE5\OZ17QUBH\ADSADCLIENT31[4].HTM (Submitted) FILES\CONTENT.IE5\OZ17QUBH\ADSADCLIENT31[5].HTM (Submitted) FILES\CONTENT.IE5\OZ17QUBH\ADSADCLIENT31[6].HTM (Submitted) FILES\CONTENT.IE5\OZ17QUBH\ADSADCLIENT31[7].HTM (Submitted) FILES\CONTENT.IE5\OZ17QUBH\ADSADCLIENT31[8].HTM (Submitted) FILES\CONTENT.IE5\OZ17QUBH\ARTICLEDETAILCOUNTEREXP[1].HTM (Submitted) FILES\CONTENT.IE5\OZ17QUBH\CA416RW5.HTM (Submitted) FILES\CONTENT.IE5\OZ17QUBH\FGMULE_LIST[1].HTM (Submitted) FILES\CONTENT.IE5\OZ17QUBH\JS_FLAT_1_0[1].HTM (Submitted) FILES\CONTENT.IE5\OZ17QUBH\JS_FLAT_1_0[2].HTM (Submitted) FILES\CONTENT.IE5\OZ17QUBH\JS_FLAT_1_0[3].HTM (Submitted) FILES\CONTENT.IE5\OZ17QUBH\JS_FLAT_1_0[4].HTM (Submitted) FILES\CONTENT.IE5\OZ17QUBH\JS_FLAT_1_0[5].HTM (Submitted) FILES\CONTENT.IE5\OZ17QUBH\JS_FLAT_1_0[6].HTM (Submitted) FILES\CONTENT.IE5\OZ17QUBH\JS_FLAT_1_0[7].HTM (Submitted) FILES\CONTENT.IE5\OZ17QUBH\JS_FLAT_1_0[8].HTM (Submitted) FILES\CONTENT.IE5\KYUTIFJM\06014[1].HTM (Submitted) FILES\CONTENT.IE5\KYUTIFJM\FL[1].HTM (Submitted) FILES\CONTENT.IE5\KYUTIFJM\J[1].HTM (Submitted) FILES\CONTENT.IE5\ILCNY9CX\JS_FLAT_1_0[1].HTM (Submitted) FILES\CONTENT.IE5\ILCNY9CX\JS_FLAT_1_0[2].HTM (Submitted) FILES\CONTENT.IE5\ILCNY9CX\J[1].HTM (Submitted) FILES\CONTENT.IE5\6LYNYPAP\ADSADCLIENT31[2].HTM (Submitted) FILES\CONTENT.IE5\6LYNYPAP\I1[2].HTM (Submitted) FILES\CONTENT.IE5\6LYNYPAP\JS_FLAT_1_0[1].HTM (Submitted) FILES\CONTENT.IE5\6LYNYPAP\JS_FLAT_1_0[2].HTM (Submitted) FILES\CONTENT.IE5\6LYNYPAP\JS_FLAT_1_0[3].HTM (Submitted) FILES\CONTENT.IE5\53F311OM\AVATARBUTTONEXP[1].HTM (Submitted) FILES\CONTENT.IE5\53F311OM\CNT[1].HTM (Submitted) FILES\CONTENT.IE5\53F311OM\JS_FLAT_1_0[2].HTM (Submitted) FILES\CONTENT.IE5\53F311OM\JS_FLAT_1_0[3].HTM (Submitted) FILES\CONTENT.IE5\53F311OM\JS_FLAT_1_0[4].HTM (Submitted) FILES\CONTENT.IE5\53F311OM\JS_FLAT_1_0[5].HTM (Submitted) FILES\CONTENT.IE5\4SDRQ9YR\CAKXQFSZ.HTM (Submitted) FILES\CONTENT.IE5\4SDRQ9YR\JS_FLAT_1_0[1].HTM (Submitted) FILES\CONTENT.IE5\4SDRQ9YR\SHOWADS[2].HTM (Submitted) FILES\CONTENT.IE5\494H6DW1\JS_FLAT_1_0[1].HTM (Submitted) FILES\CONTENT.IE5\47U3QZID\ARTICLECALENDAREXP[1].HTM (Submitted) FILES\CONTENT.IE5\47U3QZID\JS_FLAT_1_0[1].HTM (Submitted) FILES\CONTENT.IE5\47U3QZID\JS_FLAT_1_0[2].HTM (Submitted) FILES\CONTENT.IE5\47U3QZID\JS_FLAT_1_0[3].HTM (Submitted) FILES\CONTENT.IE5\47U3QZID\JS_FLAT_1_0[4].HTM (Submitted) FILES\CONTENT.IE5\47U3QZID\JS_FLAT_1_0[5].HTM (Submitted) FILES\CONTENT.IE5\47U3QZID\JS_FLAT_1_0[6].HTM (Submitted) FILES\CONTENT.IE5\47U3QZID\LOGINBUTTONEXP[1].HTM (Submitted) FILES\CONTENT.IE5\47U3QZID\SHOWADFLASH[1].HTM (Submitted) FILES\CONTENT.IE5\47U3QZID\TOPNAVIGATIONBAREXP[1].HTM (Submitted) TrackingCookie.Doubleclick (spyware) System TrackingCookie.Yieldmanager (spyware) System W32/Packed_FSG.C (virus) C:\PROGRAM FILES\PDFKILLER\STAMPPDF-PW.EXE (Submitted) C:\PROGRAM FILES\PDFKILLER\PDFTOTIF\PDF2TIF-PW.EXE (Submitted) 掃完之後有用Panda線上掃毒掃過除了一些Serv-U或其他程式的破解檔就以下感覺檔案有問題 Trj/Downloader.MDW Virus/Trojan D:\system.dll 3.系統輔助分析軟體掃描報告：此處報告為需了解你系統內有何程式啟動和常駐所必須要的報告請將掃描結果上傳至置底空間，置底空間無法使用者請改用http://www.kotuha.com 使用方式： Combofix： http://reinfors.googlepages.com/Combofix.html Hijackthis： http://reinfors.googlepages.com/Hijackthis SRENG： http://reinfors.googlepages.com/SRENG.html 如無法使用網路請看精華區 1 - 8 使用方式 4.報告連結：請將掃描報告(log)貼於下方 (上面的全要) Combofix ： Hijackthis： SRENG ：掃毒報告：由於我只有開網頁的問題其他程式使用正常所以就沒有掃機碼如果各位前輩覺得有需要我再掃一次機碼麻煩各位幫忙<(_ _)> 謝謝 -- ◆══════════════════════════════════天══◆ ║你曾經看過流星雨嗎？／▃▃ kyc ／險 ║ ║那是非常美麗的景象，虛幻的光芒，如人一生。。　 ▂ ／。刀 ║ ║神醉夢迷，我很喜歡這個名字... 。~＼▂▂ 。／藏 ║ ║下一刻，我將連自己也遺忘；但這一刻，是屬於我的！／◢藏﹥01010。／ φby ║ ◆═══════════════════════。／ ||＼════。═kyc01010 -- ※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 140.115.65.214

[中毒] JS/Iframe.D病毒 小雨傘一直偵測到

[中毒] JS/Iframe.D病毒小雨傘一直偵測到