close
77遊樂新世界首頁又被植入新惡意程式,請各位小心囉!
進入首頁之後,
有下面的行為:
[Added Process]
//執行之後,會發生應用程式錯誤
[DLL Injection]
C:\Documents and Settings\Administrator\Local Settings\Temp\svchost.Exe
C:\WINDOWS\system32\msnfile.dll
C:\WINDOWS\winntf.dll
//上面檔案會注入某些執行程序
[Added service]
NAME: winntf
FILE: C:\WINDOWS\winntf.bat
[ Added BHO]
{F93CB274-12A2-489E-9DB6-BAAF492448D0}-C:\WINDOWS\system32\msnfile.dll
[Added file]
C:\Documents and Settings\Administrator\Local Settings\Temp\32.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\33.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\svchost.Exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\coca[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\images[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\top[1].exe
C:\mp.exe
C:\WINDOWS\system32\msnfile.dll
C:\WINDOWS\system32\msnfile.exe
C:\WINDOWS\winntf.bat
C:\WINDOWS\winntf.dll
注意:似乎下載的檔案會變化(可能檔名或檔案大小),如果這樣的話,防毒軟體就比較難偵測它們。
進入首頁之後,
有下面的行為:
[Added Process]
//執行之後,會發生應用程式錯誤
[DLL Injection]
C:\Documents and Settings\Administrator\Local Settings\Temp\svchost.Exe
C:\WINDOWS\system32\msnfile.dll
C:\WINDOWS\winntf.dll
//上面檔案會注入某些執行程序
[Added service]
NAME: winntf
FILE: C:\WINDOWS\winntf.bat
[ Added BHO]
{F93CB274-12A2-489E-9DB6-BAAF492448D0}-C:\WINDOWS\system32\msnfile.dll
[Added file]
C:\Documents and Settings\Administrator\Local Settings\Temp\32.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\33.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\svchost.Exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\coca[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\images[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\top[1].exe
C:\mp.exe
C:\WINDOWS\system32\msnfile.dll
C:\WINDOWS\system32\msnfile.exe
C:\WINDOWS\winntf.bat
C:\WINDOWS\winntf.dll
注意:似乎下載的檔案會變化(可能檔名或檔案大小),如果這樣的話,防毒軟體就比較難偵測它們。
全站熱搜
留言列表