朱銘美術館首頁有惡意程式碼,之前已經通知他們,但他們似乎不太理會,現在,又有新的惡意程式碼,請各位小心。
惡意程式碼是首頁 (是指到在惠安移民網頁,但又被指到其他地方,最後是指到 hxxp://www.gamaniatw.com/img/dadi.htm):
程式碼為:
執行之後,有下列行為:
[Added process]
C:\WINDOWS\avp.exe
[Added service]
NAME: VGADown
DISPLAY: Audio Adapter
FILE: C:\WINDOWS\avp.exe
NAME: WS2IFSL (這個是正常的,是為了建立LSP)
DISPLAY: Windows Socket 2.0 Non-IFS Service Provider Support Environment
FILE: \SystemRoot\System32\drivers\ws2ifsl.sys
[Added file]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\king[1].exe
C:\WINDOWS\avp.exe
C:\WINDOWS\system32\ldvwer10.dll
[Added LSP]
NAME: MSAFD Tcpip [RAW/IP] (C:\WINDOWS\system32\ldvwer10.dll)
NAME: MSAFD Tcpip [TCP/IP] (C:\WINDOWS\system32\ldvwer10.dll)
注意:大部分防毒軟體都偵測不到,除了下列的:
king[1].exe:
[ Trend ], Possible_Virus
ldvwer10.dll:
[ Trend ], Possible_Virus
avp.exe:
[ Sophos ], "Troj/Maran-Gen"
[ Panda ], "Trj/Maran.L"
[ Nod32 ], "a variant of Win32/PSW.Maran trojan"
[ HBEDV ], "TR/Agent.63902.B"
[ Rising ], "Trojan.Delf.njo"
[ Ewido ], "Trojan.Lineage.ajf"
惡意程式碼是首頁 (是指到在惠安移民網頁,但又被指到其他地方,最後是指到 hxxp://www.gamaniatw.com/img/dadi.htm):
程式碼為:
執行之後,有下列行為:
[Added process]
C:\WINDOWS\avp.exe
[Added service]
NAME: VGADown
DISPLAY: Audio Adapter
FILE: C:\WINDOWS\avp.exe
NAME: WS2IFSL (這個是正常的,是為了建立LSP)
DISPLAY: Windows Socket 2.0 Non-IFS Service Provider Support Environment
FILE: \SystemRoot\System32\drivers\ws2ifsl.sys
[Added file]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\king[1].exe
C:\WINDOWS\avp.exe
C:\WINDOWS\system32\ldvwer10.dll
[Added LSP]
NAME: MSAFD Tcpip [RAW/IP] (C:\WINDOWS\system32\ldvwer10.dll)
NAME: MSAFD Tcpip [TCP/IP] (C:\WINDOWS\system32\ldvwer10.dll)
注意:大部分防毒軟體都偵測不到,除了下列的:
king[1].exe:
[ Trend ], Possible_Virus
ldvwer10.dll:
[ Trend ], Possible_Virus
avp.exe:
[ Sophos ], "Troj/Maran-Gen"
[ Panda ], "Trj/Maran.L"
[ Nod32 ], "a variant of Win32/PSW.Maran trojan"
[ HBEDV ], "TR/Agent.63902.B"
[ Rising ], "Trojan.Delf.njo"
[ Ewido ], "Trojan.Lineage.ajf"文章標籤
全站熱搜
