瑞星卡卡安全论坛

首页 » 技术交流区 » 恶意网站交流 » 【已解决】网站被挂了木马,求助各位
梁文忠 - 2009-9-28 22:34:00
公司网站www.fszide.cn 被挂了木马,在在程序中找不到木马的代码,这个就是木马的地址,www.musicmobi.com.cn,

求助各大哥,小弟感谢啦!!

用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; InfoPath.1)
梁文忠 - 2009-9-29 8:32:00
各位帮忙一下啦····
networkedition - 2009-9-29 8:42:00
的确是被挂马了,不是找到恶意链接地址了嘛,就是那个地址,不过被加密了:kaka6:

Log is generated by FreShow.
[wide]http://www.fszide.cn/
    [script]http://%6D%75%73%69%63%6D%6F%62%69%2E%63%6F%6D%2E%63%6E
        [frame]http://jdok.9966.org/dszq/2.htm
            [frame]http://8lz4.cn/x2/xx.html
                [frame]http://8lz4.cn/x2/Td14.htm
                    [script]http://8lz4.cn/x2/14.js
                        [object]http://d.fgddx.com/xx/x2.css
                    [script]http://8lz4.cn/x2/15.js
                    [script]http://8lz4.cn/x2/17.js
                    [script]http://8lz4.cn/x2/16.js
                    [script]http://8lz4.cn/x2/18.js
                [frame]http://8lz4.cn/x2/yt.htm
                [frame]http://8lz4.cn/x2/td09.htm
                [frame]http://8lz4.cn/x2/yut.htm
            [script]http://tongji.linezing.com/1240663/tongji.js
    [script]http://%6E%65%77%73%72%65%61%63%68%2E%63%6E
    [script]http://%73%70%6F%72%74%74%6F%64%61%79%2E%63%6E
    [script]http://%74%68%65%73%74%6F%70%2E%63%6F%6D%2E%63%6E
    [script]http://%78%74%72%61%64%65%73%2E%63%6F%6D%2E%63%6E
    [script]http://%79%61%6F%4C%69%68%75%69%2E%63%6E
    [script]http://%73%70%6F%72%74%73%62%61%79%2E%63%6E
    [script]http://%74%68%65%73%6F%6E%2E%63%6F%6D%2E%63%6E
    [script]http://%79%61%6F%4C%69%68%75%69%2E%63%6E
    [script]http://%73%70%6F%72%74%73%62%61%79%2E%63%6E
    [script]http://%74%68%65%73%6F%6E%2E%63%6F%6D%2E%63%6E
    [script]http://www.fszide.cn/inc/flashobject.js
    [script]http://%6D%75%73%69%63%6D%6F%62%69%2E%63%6F%6D%2E%63%6E
    [script]http://%6E%65%77%73%72%65%61%63%68%2E%63%6E
    [script]http://%73%70%6F%72%74%74%6F%64%61%79%2E%63%6E
    [script]http://%74%68%65%73%74%6F%70%2E%63%6F%6D%2E%63%6E
    [script]http://%78%74%72%61%64%65%73%2E%63%6F%6D%2E%63%6E
    [script]http://%79%61%6F%4C%69%68%75%69%2E%63%6E
    [script]http://%73%70%6F%72%74%73%62%61%79%2E%63%6E
    [script]http://%74%68%65%73%6F%6E%2E%63%6F%6D%2E%63%6E
    [script]http://%79%61%6F%4C%69%68%75%69%2E%63%6E
    [script]http://%73%70%6F%72%74%73%62%61%79%2E%63%6E
    [script]http://%74%68%65%73%6F%6E%2E%63%6F%6D%2E%63%6E
    [frame]http://www.fszide.cn/conn/scrollpro2.asp
    [script]http://%6D%75%73%69%63%6D%6F%62%69%2E%63%6F%6D%2E%63%6E
    [script]http://%6E%65%77%73%72%65%61%63%68%2E%63%6E
    [script]http://%73%70%6F%72%74%74%6F%64%61%79%2E%63%6E
    [script]http://%74%68%65%73%74%6F%70%2E%63%6F%6D%2E%63%6E
    [script]http://%78%74%72%61%64%65%73%2E%63%6F%6D%2E%63%6E
    [script]http://%79%61%6F%4C%69%68%75%69%2E%63%6E
    [script]http://%73%70%6F%72%74%73%62%61%79%2E%63%6E
    [script]http://%74%68%65%73%6F%6E%2E%63%6F%6D%2E%63%6E
    [script]http://%79%61%6F%4C%69%68%75%69%2E%63%6E
    [script]http://%73%70%6F%72%74%73%62%61%79%2E%63%6E
    [script]http://%74%68%65%73%6F%6E%2E%63%6F%6D%2E%63%6E
夲號ヱ被ジ盜 - 2009-9-29 8:48:00
那三处全这样的东西











梁文忠 - 2009-9-29 13:55:00
怎么样子解决啊?/?
梁文忠 - 2009-9-29 13:56:00
求救了
networkedition - 2009-9-29 13:58:00
清除呀:kaka6: 二楼的分析日志都列出来了。网站源代码里查找清除
梁文忠 - 2009-9-29 13:59:00
找了源代码,,但是找不到!
networkedition - 2009-9-29 14:05:00
网站首页找不到下面这些::kaka2:
[script]http://%6D%75%73%69%63%6D%6F%62%69%2E%63%6F%6D%2E%63%6E
[script]http://%6E%65%77%73%72%65%61%63%68%2E%63%6E
    [script]http://%73%70%6F%72%74%74%6F%64%61%79%2E%63%6E
    [script]http://%74%68%65%73%74%6F%70%2E%63%6F%6D%2E%63%6E
    [script]http://%78%74%72%61%64%65%73%2E%63%6F%6D%2E%63%6E
    [script]http://%79%61%6F%4C%69%68%75%69%2E%63%6E
    [script]http://%73%70%6F%72%74%73%62%61%79%2E%63%6E
    [script]http://%74%68%65%73%6F%6E%2E%63%6F%6D%2E%63%6E
    [script]http://%79%61%6F%4C%69%68%75%69%2E%63%6E
    [script]http://%73%70%6F%72%74%73%62%61%79%2E%63%6E
    [script]http://%74%68%65%73%6F%6E%2E%63%6F%6D%2E%63%6E
[script]http://%6D%75%73%69%63%6D%6F%62%69%2E%63%6F%6D%2E%63%6E
    [script]http://%6E%65%77%73%72%65%61%63%68%2E%63%6E
    [script]http://%73%70%6F%72%74%74%6F%64%61%79%2E%63%6E
    [script]http://%74%68%65%73%74%6F%70%2E%63%6F%6D%2E%63%6E
    [script]http://%78%74%72%61%64%65%73%2E%63%6F%6D%2E%63%6E
    [script]http://%79%61%6F%4C%69%68%75%69%2E%63%6E
    [script]http://%73%70%6F%72%74%73%62%61%79%2E%63%6E
    [script]http://%74%68%65%73%6F%6E%2E%63%6F%6D%2E%63%6E
    [script]http://%79%61%6F%4C%69%68%75%69%2E%63%6E
    [script]http://%73%70%6F%72%74%73%62%61%79%2E%63%6E
    [script]http://%74%68%65%73%6F%6E%2E%63%6F%6D%2E%63%6E
    [script]http://%6D%75%73%69%63%6D%6F%62%69%2E%63%6F%6D%2E%63%6E
    [script]http://%6E%65%77%73%72%65%61%63%68%2E%63%6E
    [script]http://%73%70%6F%72%74%74%6F%64%61%79%2E%63%6E
    [script]http://%74%68%65%73%74%6F%70%2E%63%6F%6D%2E%63%6E
    [script]http://%78%74%72%61%64%65%73%2E%63%6F%6D%2E%63%6E
    [script]http://%79%61%6F%4C%69%68%75%69%2E%63%6E
    [script]http://%73%70%6F%72%74%73%62%61%79%2E%63%6E
    [script]http://%74%68%65%73%6F%6E%2E%63%6F%6D%2E%63%6E
    [script]http://%79%61%6F%4C%69%68%75%69%2E%63%6E
    [script]http://%73%70%6F%72%74%73%62%61%79%2E%63%6E
    [script]http://%74%68%65%73%6F%6E%2E%63%6F%6D%2E%63%6E
梁文忠 - 2009-9-29 14:13:00
是的,,找到的话,,我就直接清除了
networkedition - 2009-9-29 14:16:00
给你发短消息了。lz是站长嘛
梁文忠 - 2009-9-29 14:26:00
上传全部网站源码!谢谢啦。
因为附近太大了,图片删除
networkedition - 2009-9-29 14:31:00
已下载,为了安全附件我已删除。建议装arp防火墙试试。
梁文忠 - 2009-9-29 14:36:00
arp防火墙是不是要安装在主机上》/
那很麻烦了。要跟IDC联系了!
梁文忠 - 2009-9-29 14:37:00
谢谢楼主了。。
networkedition - 2009-9-29 14:37:00
lz网站服务器是托管的还是自己公司就有服务器:kaka2:
1
查看完整版本: 【已解决】网站被挂了木马,求助各位
© 2000 - 2024 Rising Corp. Ltd.