權鋒國際首頁被植入惡意連結!
2007 年 01 月 12 日 – 21:43:00權鋒國際首頁被植入惡意連結,又是一個新的變種,與惠安移民是一樣的,請各位小心。
**請幫忙通知他們,謝謝**
惡意連結為:
惡意程式碼的一部份為:
執行之後,有下面的行為:
[DLL injection]
C:\WINDOWS\Debug\UserMode\4A712.dll (注入某些執行程序如檔案總管等)
[Added file]
C:\Documents and Settings\Administrator\Local Settings\Temp\ghosttop105.exe
C:\logex.txt (記錄網址)
C:\WINDOWS\Debug\UserMode\4A712.dll
C:\WINDOWS\Debug\UserMode\4A712.exe
[Added BHO]
{2ABAE35D-00F7-4FDA-93FF-292D557AC520}-C:\WINDOWS\debug\userMode\4A712.dll
請注意下面的防毒軟體可以偵測到這些惡意檔案:
ghosttop105.exe:
[ Kaspersky ], "PAK:PE_Patch.PECompact, PAK:PecBundle, PAK:PECompact"
[ Sophos ], "[FILE:0000]:Mal/Packer"
[ HBEDV ], "HEUR/Malware"
[ Rising ], "[>>PECompact2.x]:Trojan.PSW.Lineage.msb"
4A712.exe:
[ Kaspersky ], "PAK:PE_Patch.PECompact, PAK:PecBundle, PAK:PECompact"
[ Sophos ], "[FILE:0000]:Mal/Packer"
[ HBEDV ], "HEUR/Malware"
[ Rising ], "[>>PECompact2.x]:Trojan.PSW.Lineage.msb"
4A712.dll:
[ Kaspersky ], "PAK:NSPack"
[ Sophos ], "Mal/Packer"
[ Nod32 ], "probably a variant of Win32/PSW.Lineage.DN trojan"
[ Fortinet ], "suspicious"
[ Rising ], "[>>NsPack]:Trojan.PSW.Lineage.msb"
