close
惠安移民首頁又被植入惡意連結,之前,已經移除,現在,又被植入,他們的資安或網管人員需要查一查問題在哪,否則,應該還會被植入其他惡意連結或程式。
**請幫忙通知他們,謝謝**
惡意連結為:
執行之後,有下面的行為:
[DLL injection]
C:\WINDOWS\Debug\UserMode\A72BF8B.dll (注入某些執行程序如檔案總管等)
[Added file]
C:\Documents and Settings\Administrator\Local Settings\Temp\gt0114.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\ghost0119[1].exe
C:\WINDOWS\chenzi.exe
C:\WINDOWS\Debug\UserMode\A72BF8B.dll
C:\WINDOWS\Debug\UserMode\A72BF8B.exe
[Added COM/BHO]
{13F7717D-A7AD-4DBA-92E2-083A4F1B1B1A}-C:\WINDOWS\debug\userMode\A72BF8B.dll
到目前為止,下面的防毒軟體可以偵測到這些惡意檔案:
A72BF8B.exe:
[ Kaspersky ], "Trojan-PSW.Win32.OnLineGames.fn"
[ Sophos ], "[FILE:0000]:Mal/Packer"
[ Nod32 ], "a variant of Win32/PSW.Lineage.ACN trojan"
[ Fortinet ], "W32/OnLineGames.FN!tr.pws"
[ Rising ], "Trojan.PSW.Lineage.msb"
chenzi.exe:
[ Kaspersky ], "Trojan-PSW.Win32.OnLineGames.fn"
[ Sophos ], "[FILE:0000]:Mal/Packer"
[ Nod32 ], "a variant of Win32/PSW.Lineage.ACN trojan"
[ Fortinet ], "W32/OnLineGames.FN!tr.pws"
[ Rising ], "Trojan.PSW.Lineage.msb"
ghost0119[1].exe:
[ Kaspersky ], "Trojan-PSW.Win32.OnLineGames.fn"
[ Sophos ], "[FILE:0000]:Mal/Packer"
[ Nod32 ], "a variant of Win32/PSW.Lineage.ACN trojan"
[ Fortinet ], "W32/OnLineGames.FN!tr.pws"
[ Rising ], "Trojan.PSW.Lineage.msb"
gt0114.exe:
[ Kaspersky ], "Trojan-PSW.Win32.OnLineGames.fn"
[ Sophos ], "[FILE:0000]:Mal/Packer"
[ Nod32 ], "a variant of Win32/PSW.Lineage.ACN trojan"
[ Fortinet ], "W32/OnLineGames.FN!tr.pws"
[ Rising ], "Trojan.PSW.Lineage.msb"
A72BF8B.dll:
[ Kaspersky ], "PAK:NSPack"
[ Sophos ], "Mal/Packer"
[ Nod32 ], "probably a variant of Win32/PSW.Lineage.DN trojan"
[ Fortinet ], "suspicious"
[ Norman ], "Backdoor W32/Lineage.gen1"
[ Rising ], "[>>NsPack]:Trojan.PSW.Lineage.msb"
**請幫忙通知他們,謝謝**
惡意連結為:
執行之後,有下面的行為:
[DLL injection]
C:\WINDOWS\Debug\UserMode\A72BF8B.dll (注入某些執行程序如檔案總管等)
[Added file]
C:\Documents and Settings\Administrator\Local Settings\Temp\gt0114.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\ghost0119[1].exe
C:\WINDOWS\chenzi.exe
C:\WINDOWS\Debug\UserMode\A72BF8B.dll
C:\WINDOWS\Debug\UserMode\A72BF8B.exe
[Added COM/BHO]
{13F7717D-A7AD-4DBA-92E2-083A4F1B1B1A}-C:\WINDOWS\debug\userMode\A72BF8B.dll
到目前為止,下面的防毒軟體可以偵測到這些惡意檔案:
A72BF8B.exe:
[ Kaspersky ], "Trojan-PSW.Win32.OnLineGames.fn"
[ Sophos ], "[FILE:0000]:Mal/Packer"
[ Nod32 ], "a variant of Win32/PSW.Lineage.ACN trojan"
[ Fortinet ], "W32/OnLineGames.FN!tr.pws"
[ Rising ], "Trojan.PSW.Lineage.msb"
chenzi.exe:
[ Kaspersky ], "Trojan-PSW.Win32.OnLineGames.fn"
[ Sophos ], "[FILE:0000]:Mal/Packer"
[ Nod32 ], "a variant of Win32/PSW.Lineage.ACN trojan"
[ Fortinet ], "W32/OnLineGames.FN!tr.pws"
[ Rising ], "Trojan.PSW.Lineage.msb"
ghost0119[1].exe:
[ Kaspersky ], "Trojan-PSW.Win32.OnLineGames.fn"
[ Sophos ], "[FILE:0000]:Mal/Packer"
[ Nod32 ], "a variant of Win32/PSW.Lineage.ACN trojan"
[ Fortinet ], "W32/OnLineGames.FN!tr.pws"
[ Rising ], "Trojan.PSW.Lineage.msb"
gt0114.exe:
[ Kaspersky ], "Trojan-PSW.Win32.OnLineGames.fn"
[ Sophos ], "[FILE:0000]:Mal/Packer"
[ Nod32 ], "a variant of Win32/PSW.Lineage.ACN trojan"
[ Fortinet ], "W32/OnLineGames.FN!tr.pws"
[ Rising ], "Trojan.PSW.Lineage.msb"
A72BF8B.dll:
[ Kaspersky ], "PAK:NSPack"
[ Sophos ], "Mal/Packer"
[ Nod32 ], "probably a variant of Win32/PSW.Lineage.DN trojan"
[ Fortinet ], "suspicious"
[ Norman ], "Backdoor W32/Lineage.gen1"
[ Rising ], "[>>NsPack]:Trojan.PSW.Lineage.msb"
全站熱搜
留言列表
