卡饭论坛's Archiver



newlight 发表于 2007-11-7 15:13

卡饭论坛有病毒吗?

我可是菜菜,对病毒一无所知,但下午一上论坛,我的FS就报病毒,发现显示两个可疑地址,而且论坛字体比平时要大,我把地址用hosts给屏蔽了,但情况依旧。
一个是:aaa。520ping。com
另一个:P.mm.nn。yahoo。com
到底是怎么回事啊,请高手指点![:12:] [:12:]

[[i] 本帖最后由 newlight 于 2007-11-7 15:18 编辑 [/i]]

luan 发表于 2007-11-7 16:19

不是论坛的问题

nealee 发表于 2007-11-7 20:14

没发现病毒啊 ~~~
   偶上一直都很好的~[:14:]

魂飞仙 发表于 2007-11-7 21:43

一直没有啊...会不会搞错了[:09:]

theone 发表于 2007-11-8 02:52

回复 1楼 newlight 的帖子

newlight,可能不是论坛的问题,能够截图予以说明吗?
比如报毒的具体信息

newlight 发表于 2007-11-8 09:55

抱歉,刚才我刚还原了系统,P.mm.NN.YAHOO.COM在左下角出现是什么意思啊
现在论坛字体不大了。
还原前我查了进程,请高手帮我看看。

Logfile of HijackThis v1.99.1
Scan saved at 9:30:51, on 2007-11-8
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DeviceNotice.exe
D:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
D:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
D:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\Explorer.EXE
D:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\dmwz\eSafeV2\eSafe_Certificate.exe
D:\user\Ad munch\AdMunch.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\F-Secure\Anti-Virus\fssm32.exe
D:\Program Files\F-Secure\Common\FAMEH32.EXE
D:\Program Files\F-Secure\Common\FNRB32.EXE
D:\Program Files\F-Secure\Anti-Virus\fsqh.exe
D:\Program Files\F-Secure\Common\FIH32.EXE
D:\Program Files\F-Secure\FSAUA\program\fsaua.exe
D:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
D:\Program Files\F-Secure\FSGUI\fsguidll.exe
D:\Program Files\F-Secure\Anti-Virus\fsav32.exe
D:\user\Thunder\Program\Thunder5.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\user\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "d:\Program Files\F-Secure\Common\FSM32.EXE" / -nosplash
O4 - HKLM\..\Run: [F-Secure TNB] "D:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [eSafeCertInit] C:\Program Files\dmwz\eSafeV2\eSafe_Certificate.exe -m
O4 - HKLM\..\Run: [Ad Muncher] D:\user\Ad munch\AdMunch.exe /bt
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Block frame with Ad Muncher - [url]http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=P439S555&id=menu_ie_frame[/url]
O8 - Extra context menu item: Block image with Ad Muncher - [url]http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=P439S555&id=menu_ie_image[/url]
O8 - Extra context menu item: Block link with Ad Muncher - [url]http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=P439S555&id=menu_ie_link[/url]
O8 - Extra context menu item: Don't filter page with Ad Muncher - [url]http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=P439S555&id=menu_ie_exclude[/url]
O8 - Extra context menu item: Report page to the Ad Muncher developers - [url]http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=P439S555&id=menu_ie_report[/url]
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://D:\PROGRA~1\OFFICE11\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: d:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\f-secure\fsps\program\fslsp.dll
O15 - Trusted Zone: jhoa.gov.cn
O23 - Service: eSafe DeviceNotification service (DeviceNotice) - DMWZ Science&Technology Co.,Ltd - C:\WINDOWS\system32\DeviceNotice.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - D:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\Program Files\F-Secure\Common\FSMA32.EXE

newlight 发表于 2007-11-8 10:05

昨天打开论坛后,我的FS就报临时文件夹中有病毒,我只好把临时文件清理了。

可能如二楼所言,是我的电脑感染了病毒吧,只不过说论坛有病毒,真不好意思,谁让我是菜菜一个呢。[:xi8:]

[[i] 本帖最后由 newlight 于 2007-11-8 10:07 编辑 [/i]]

windiscoming 发表于 2008-7-17 23:02

我的也是这样,登录卡饭论坛卡巴斯基报木马,我把它拒绝了。卡饭论坛字体变大!
楼主不要老是怀疑自己错了。
卡饭论坛检查一下自己!
论坛可能被植入木马,尽快解决。

gonewild 发表于 2008-7-17 23:06

病毒样本区倒是有一堆病毒[:xi35:] [:xi36:]

DistanceLove 发表于 2008-7-18 02:25

样本区里病毒很多。
上卡饭从来没报毒过。浏览器是opera。

cbz107 发表于 2008-7-18 12:00

[quote]原帖由 [i]windiscoming[/i] 于 2008-7-17 23:02 发表 [url=http://bbs.kafan.cn/redirect.php?goto=findpost&pid=4146263&ptid=153523][img]http://bbs.kafan.cn/images/common/back.gif[/img][/url]
我的也是这样,登录卡饭论坛卡巴斯基报木马,我把它拒绝了。卡饭论坛字体变大!
楼主不要老是怀疑自己错了。
卡饭论坛检查一下自己!
论坛可能被植入木马,尽快解决。 [/quote]
[:06:] 问题是卡饭上使用卡巴的这么多人,又有使用别的杀软的,还有主机入侵防御系统的HIPS等等都没有发现。

klovecui 发表于 2008-7-18 12:24

红伞没有报过。EQ也说提过。应该不是论坛的问题。请LZ给点图看看

hum 发表于 2008-7-18 22:38

卡饭里有很多病毒[:14:]
[url]http://bbs.kafan.cn/thread-212963-1-1.html[/url]
每天几百个

页: [1]

Powered by Discuz! Archiver 6.1.0  © 2001-2007 Comsenz Inc.