close
社團法人台北市野鳥學會首頁被植入惡意程式碼,與中華民國銀行公會中華民國銀行公會網頁被植入惡意程式碼是一樣的,不過,病毒檔案已經更新,請各位小心。(感謝 Jimau)
執行之後,有下列的行為:
[DLL Injection]
C:\WINDOWS\Help\46364C67.dll (注入某些執行程序如檔案總管等)
[Added file]
C:\Documents and Settings\Administrator\Local Settings\Temp\update.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\gmsex[1].exe
C:\WINDOWS\Help\46364C67.dll
C:\WINDOWS\Help\46364C67.exe
[Added COM/BHO]
{A41F7C10-93C3-4177-9212-6831FF3B1714}-C:\WINDOWS\help\46364C67.dll
注意:大部分的防毒軟體都偵測不到,除了下列的:
46364C67.exe:
[ Kaspersky ], "PAK:PE_Patch.PECompact, PAK:PecBundle, PAK:PECompact"
[ HBEDV ], "HEUR/Malware"
gmsex[1].exe:
[ Kaspersky ], "PAK:PE_Patch.PECompact, PAK:PecBundle, PAK:PECompact"
[ HBEDV ], "HEUR/Malware"
update.exe:
[ Kaspersky ], "PAK:PE_Patch.PECompact, PAK:PecBundle, PAK:PECompact"
[ HBEDV ], "HEUR/Malware"
46364C67.dll:
[ Kaspersky ], "PAK:PE_Patch.PECompact, PAK:PecBundle, PAK:PECompact"
[ Nod32 ], "probably a variant of Win32/PSW.Lineage.DN trojan"
[ HBEDV ], "HEUR/Malware"-----
執行之後,有下列的行為:
[DLL Injection]
C:\WINDOWS\Help\46364C67.dll (注入某些執行程序如檔案總管等)
[Added file]
C:\Documents and Settings\Administrator\Local Settings\Temp\update.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\gmsex[1].exe
C:\WINDOWS\Help\46364C67.dll
C:\WINDOWS\Help\46364C67.exe
[Added COM/BHO]
{A41F7C10-93C3-4177-9212-6831FF3B1714}-C:\WINDOWS\help\46364C67.dll
注意:大部分的防毒軟體都偵測不到,除了下列的:
46364C67.exe:
[ Kaspersky ], "PAK:PE_Patch.PECompact, PAK:PecBundle, PAK:PECompact"
[ HBEDV ], "HEUR/Malware"
gmsex[1].exe:
[ Kaspersky ], "PAK:PE_Patch.PECompact, PAK:PecBundle, PAK:PECompact"
[ HBEDV ], "HEUR/Malware"
update.exe:
[ Kaspersky ], "PAK:PE_Patch.PECompact, PAK:PecBundle, PAK:PECompact"
[ HBEDV ], "HEUR/Malware"
46364C67.dll:
[ Kaspersky ], "PAK:PE_Patch.PECompact, PAK:PecBundle, PAK:PECompact"
[ Nod32 ], "probably a variant of Win32/PSW.Lineage.DN trojan"
[ HBEDV ], "HEUR/Malware"-----
全站熱搜
留言列表
