瑞星卡卡安全论坛技术交流区恶意网站交流 http://www.krvkr.com/worm.htm此网求解密

1   1  /  1  页   跳转

[求助] http://www.krvkr.com/worm.htm此网求解密

http://www.krvkr.com/worm.htm此网求解密

hxxp://studftp.stut.edu.tw/~494j0905/index.htm 这个网
筛选出 hxxp://www.krvkr.com/worm.htm freshow时卡巴报毒 但是没发现挂马地址 求解 谢谢了
Log is generated by FreShow.
[wide]http://studftp.stut.edu.tw/~494j0905/index.htm
    [frame]http://www.krvkr.com/worm.htm
        [script]http://www.krvkr.com/js/general.js
            [object]http://www.searchnut.com/?domain=krvkr.com
        [frame]http://searchportal.information.com/?a_id=77321&domainname=krvkr.com&design_id=605
没找到挂马地址。。。。里面有些看似加密的没接出来

用户系统信息:Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10
分享到:
gototop
 

回复: http://www.krvkr.com/worm.htm此网求解密

你那个文件下载后打开这样
希望对你有帮助



按照上面图片的地址下载又成这个
我看着有加密的
你看看
<html>
<head>
<title>krvkr.com</title>
<script type="text/javascript" src="/js/general.js"></script>
<script type="text/javascript">
ChkRequestEnc('YToyMTp7aTowO3M6MTk6IjIwMDktMDYtMTEgMjI6NDc6MjciO2k6MTtzOjY6IjEwMDI5OCI7aToyO047aTozO3M6OTQ6Ik1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDYuMDsgV2luZG93cyBOVCA1LjE7IFNWMTsgLk5FVCBDTFIgMS4xLjQzMjI7IC5ORVQgQ0xSIDIuMC41MDcyNykiO2k6NDtzOjE6Ii8iO2k6NTtzOjEyOiI2MS4xNzkuMTI0LjIiO2k6NjtzOjE6IjMiO2k6NztzOjA6IiI7aTo4O3M6MDoiIjtpOjk7czowOiIiO2k6MTA7czowOiIiO2k6MTE7czowOiIiO2k6MTI7czoyOiIxNSI7aToxMztzOjk6ImtydmtyLmNvbSI7aToxNDtzOjc2OiJodHRwOi8vd3d3LnNlYXJjaG51dC5jb20vP2RvbWFpbj1rcnZrci5jb20mcmVnaXN0cmFyPTIxMEU0NjNBNUQmYWZmaWxpYXRlPWRwIjtpOjE1O3M6NToiNDAuMDAiO2k6MTY7czo0OiIwLjAwIjtpOjE3O3M6NDY6IlN1Ym5ldCB0ZW1wb3JhcmlseSBiYW5uZWQsIHN1c3BpY2lvdXMgdHJhZmZpYy4iO2k6MTg7TjtpOjE5O047aToyMDtOO30=');
</script>
<script type="text/javascript">
var fl = "cpx";
var u = "/" + fl + ".php";
u = u + "?enc=YToyMTp7aTowO3M6MTk6IjIwMDktMDYtMTEgMjI6NDc6MjciO2k6MTtzOjY6IjEwMDI5OCI7aToyO047aTozO3M6OTQ6Ik1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDYuMDsgV2luZG93cyBOVCA1LjE7IFNWMTsgLk5FVCBDTFIgMS4xLjQzMjI7IC5ORVQgQ0xSIDIuMC41MDcyNykiO2k6NDtzOjE6Ii8iO2k6NTtzOjEyOiI2MS4xNzkuMTI0LjIiO2k6NjtzOjE6IjMiO2k6NztzOjA6IiI7aTo4O3M6MDoiIjtpOjk7czowOiIiO2k6MTA7czowOiIiO2k6MTE7czowOiIiO2k6MTI7czoyOiIxNSI7aToxMztzOjk6ImtydmtyLmNvbSI7aToxNDtzOjc2OiJodHRwOi8vd3d3LnNlYXJjaG51dC5jb20vP2RvbWFpbj1rcnZrci5jb20mcmVnaXN0cmFyPTIxMEU0NjNBNUQmYWZmaWxpYXRlPWRwIjtpOjE1O3M6NToiNDAuMDAiO2k6MTY7czo0OiIwLjAwIjtpOjE3O3M6NDY6IlN1Ym5ldCB0ZW1wb3JhcmlseSBiYW5uZWQsIHN1c3BpY2lvdXMgdHJhZmZpYy4iO2k6MTg7TjtpOjE5O047aToyMDtOO30%3D";
var w = '690';
var h = '320';
var wV = 'scrollbars=no,resizable=yes,toolbar=no,' + 'menubar=no,status=no,location=no,height=' + h + ',width=' + w;
tW = window.open(u, "tWin", wV);
if (null !== tW)
{
tW.blur();
window.focus();
}
</script>

</head>
<frameset rows="100%,*" frameborder="no" border="0" framespacing="0">
  <!-- served Parked -->
  <frame src="http://www.searchnut.com/?domain=krvkr.com®istrar=210E463A5D&affiliate=dp">
<noframes>
<body bgcolor="#ffffff" text="#000000">
  <a href="http://www.searchnut.com/?domain=krvkr.com®istrar=210E463A5D&affiliate=dp">Click here to enter</a>.
</body>
</noframes>
</frameset>
</html>
最后编辑夲號ヱ被ジ盜 最后编辑于 2009-06-11 20:44:50
gototop
 

回复:http://www.krvkr.com/worm.htm此网求解密

奇怪的是 我啥也没有发现

毒霸也报了  -.-

我解密啥没有发现
gototop
 

回复:http://www.krvkr.com/worm.htm此网求解密

人都被判了.网站过期了.那几个可能是与弹窗有关.
gototop
 

回复:http://www.krvkr.com/worm.htm此网求解密

报的貌似是个横行一时的熊猫烧香呢   下面是诺顿报的      W32.Fujacks!html
奇怪了 啥也没发现 卡巴报的是Worm.Win32.Fujack.a 

为啥尼
gototop
 

回复 2F 夲號ヱ被ジ盜 的帖子

就是类似这堆貌似64加密的但还啥也结不出来
YToyMTp7aTowO3M6MTk6IjIwMDktMDYtMTEgMjI6NDc6MjciO2k6MTtzOjY6IjEwMDI5OCI7aToyO047aTozO3M6OTQ6Ik1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDYuMDsgV2luZG93cyBOVCA1LjE7IFNWMTsgLk5FVCBDTFIgMS4xLjQzMjI7IC5ORVQgQ0xSIDIuMC41MDcyNykiO2k6NDtzOjE6Ii8iO2k6NTtzOjEyOiI2MS4xNzkuMTI0LjIiO2k6NjtzOjE6IjMiO2k6NztzOjA6IiI7aTo4O3M6MDoiIjtpOjk7czowOiIiO2k6MTA7czowOiIiO2k6MTE7czowOiIiO2k6MTI7czoyOiIxNSI7aToxMztzOjk6ImtydmtyLmNvbSI7aToxNDtzOjc2OiJodHRwOi8vd3d3LnNlYXJjaG51dC5jb20vP2RvbWFpbj1rcnZrci5jb20mcmVnaXN0cmFyPTIxMEU0NjNBNUQmYWZmaWxpYXRlPWRwIjtpOjE1O3M6NToiNDAuMDAiO2k6MTY7czo0OiIwLjAwIjtpOjE3O3M6NDY6IlN1Ym5ldCB0ZW1wb3JhcmlseSBiYW5uZWQsIHN1c3BpY2lvdXMgdHJhZmZpYy4iO2k6MTg7TjtpOjE5O047aToyMDtOO30=');
无所谓了 就当悬疑案吧 ~~ 谢了~
gototop
 

回复 6F xiaoqiang305 的帖子

a:21:{i:0;s:19:"2009-06-11 22:47:27";i:1;s:6:"100298";i:2;N;i:3;s:94:"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)";i:4;s:1:"/";i:5;s:12:"61.179.124.2";i:6;s:1:"3";i:7;s:0:"";i:8;s:0:"";i:9;s:0:"";i:10;s:0:"";i:11;s:0:"";i:12;s:2:"15";i:13;s:9:"krvkr.com";i:14;s:76:"http://www.searchnut.com/?domain=krvkr.com®istrar=210E463A5D&affiliate=dp";i:15;s:5:"40.00";i:16;s:4:"0.00";i:17;s:46:"Subnet temporarily banned, suspicious traffic.";i:18;N;i:19;N;i:20;N;}

这个就是对base64解密 结果
gototop
 

回复: http://www.krvkr.com/worm.htm此网求解密

gototop
 
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT