HiNet理財網又被植入惡意連結
2007 年 10 月 12 日 – 07:24:00更新資訊:目前已修復
**高度危險網站:常常被植入惡意連結,列入網站黑名單,不建議瀏覽此網站**
HiNet理財網又被植入惡意連結,此惡意程式為 Trojan-PSW.Win32.OnLineGames
,最近有瀏覽這個網頁的網友,應該要盡速檢查自己的電腦,請各位暫時不要瀏覽這個網站,以免中毒。(Credit: Jimau)
惡意連結是放置在首頁 (其他頁面可能要仔細檢查一下囉) 中的:
執行之後,有下面的行為:
[Added process]
C:\WINDOWS\system32\avwgdst.exe
C:\WINDOWS\system32\raqjbtl.exe
C:\WINDOWS\system32\kawdbaz.exe
C:\WINDOWS\system32\rsztdsp.exe
C:\WINDOWS\system32\avzxdst.exe
C:\WINDOWS\system32\rsmyesp.exe
C:\WINDOWS\system32\rarjbtl.exe
C:\WINDOWS\IGM.exe
C:\WINDOWS\system32\kafyeaz.exe
C:\WINDOWS\IGW.exe
C:\WINDOWS\system32\sidjaaz.exe
C:\WINDOWS\system32\kapjbaz.exe
C:\WINDOWS\system32\rsjzbsp.exe
C:\WINDOWS\system32\kaqhfaz.exe
C:\WINDOWS\system32\kvdxcis.exe
C:\WINDOWS\system32\avwlcst.exe
C:\WINDOWS\system32\ratbftl.exe
[DLL injection]
C:\Documents and Settings\Administrator\Local Settings\Temp\LYMANGR.DLL
C:\WINDOWS\system32\avwgdmn.dll
C:\WINDOWS\system32\avwlcmn.dll
C:\WINDOWS\system32\avzxdmn.dll
C:\WINDOWS\system32\kafyezy.dll
C:\WINDOWS\system32\kapjbzy.dll
C:\WINDOWS\system32\kaqhfzy.dll
C:\WINDOWS\system32\kawdbzy.dll
C:\WINDOWS\system32\kvdxcma.dll
C:\WINDOWS\system32\LYMANGR.DLL
C:\WINDOWS\system32\raqjbpi.dll
C:\WINDOWS\system32\raqjbtl.exe
C:\WINDOWS\system32\ratbfpi.dll
C:\WINDOWS\system32\rsjzbpm.dll
C:\WINDOWS\system32\rsmyepm.dll
C:\WINDOWS\system32\rsztdpm.dll
C:\WINDOWS\system32\sidjazy.dll
[Added service]
NAME: Winownes
DISPLAY: Telephotsgoogle
FILE: C:\WINDOWS\system32\sedrsvedt.exe
[Added file]
C:\Documents and Settings\Administrator\Local Settings\Temp\LYLOADER.EXE
C:\Documents and Settings\Administrator\Local Settings\Temp\LYMANGR.DLL
C:\Documents and Settings\Administrator\Local Settings\Temp\MSDEG32.DLL
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\10[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\14[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\18[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\2[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\6[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\ad_an[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\0[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\12[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\16[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\4[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\8[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\kb[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\1299644[1].js
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\15[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\19[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\3[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\7[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\014[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\13[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\17[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\1[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\5[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\9[1].exe
C:\WINDOWS\136741MM.DLL
C:\WINDOWS\136741WO.DLL
C:\WINDOWS\Fonts\ardaase.fon
C:\WINDOWS\Fonts\cadaafx.fon
C:\WINDOWS\Fonts\chqiaur.fon
C:\WINDOWS\Fonts\chreaur.fon
C:\WINDOWS\Fonts\chtiaur.fon
C:\WINDOWS\Fonts\enfeafx.fon
C:\WINDOWS\Fonts\enhuafx.fon
C:\WINDOWS\Fonts\enpoafx.fon
C:\WINDOWS\Fonts\enweafx.fon
C:\WINDOWS\Fonts\gejiand.fon
C:\WINDOWS\Fonts\gemoand.fon
C:\WINDOWS\Fonts\gezeand.fon
C:\WINDOWS\Fonts\msguasd.fon
C:\WINDOWS\Fonts\mswuasd.fon
C:\WINDOWS\Fonts\mszhasd.fon
C:\WINDOWS\IGM.exe
C:\WINDOWS\IGW.exe
C:\WINDOWS\system32\0.exe
C:\WINDOWS\system32\avwgain.dll
C:\WINDOWS\system32\avwgdmn.dll
C:\WINDOWS\system32\avwgdst.exe
C:\WINDOWS\system32\avwlcin.dll
C:\WINDOWS\system32\avwlcmn.dll
C:\WINDOWS\system32\avwlcst.exe
C:\WINDOWS\system32\avzxain.dll
C:\WINDOWS\system32\avzxdmn.dll
C:\WINDOWS\system32\avzxdst.exe
C:\WINDOWS\system32\kafyacs.dll
C:\WINDOWS\system32\kafyeaz.exe
C:\WINDOWS\system32\kafyezy.dll
C:\WINDOWS\system32\kapjacs.dll
C:\WINDOWS\system32\kapjbaz.exe
C:\WINDOWS\system32\kapjbzy.dll
C:\WINDOWS\system32\kaqhfaz.exe
C:\WINDOWS\system32\kaqhfcs.dll
C:\WINDOWS\system32\kaqhfzy.dll
C:\WINDOWS\system32\kawdacs.dll
C:\WINDOWS\system32\kawdbaz.exe
C:\WINDOWS\system32\kawdbzy.dll
C:\WINDOWS\system32\kvdxacf.dll
C:\WINDOWS\system32\kvdxcis.exe
C:\WINDOWS\system32\kvdxcma.dll
C:\WINDOWS\system32\LYLOADER.EXE
C:\WINDOWS\system32\LYMANGR.DLL
C:\WINDOWS\system32\MSDEG32.DLL
C:\WINDOWS\system32\raqjani.dll
C:\WINDOWS\system32\raqjbpi.dll
C:\WINDOWS\system32\raqjbtl.exe
C:\WINDOWS\system32\rarjani.dll
C:\WINDOWS\system32\rarjbpi.dll
C:\WINDOWS\system32\rarjbtl.exe
C:\WINDOWS\system32\ratbani.dll
C:\WINDOWS\system32\ratbfpi.dll
C:\WINDOWS\system32\ratbftl.exe
C:\WINDOWS\system32\rsjzafg.dll
C:\WINDOWS\system32\rsjzbpm.dll
C:\WINDOWS\system32\rsjzbsp.exe
C:\WINDOWS\system32\rsmyafg.dll
C:\WINDOWS\system32\rsmyepm.dll
C:\WINDOWS\system32\rsmyesp.exe
C:\WINDOWS\system32\rsztafg.dll
C:\WINDOWS\system32\rsztdpm.dll
C:\WINDOWS\system32\rsztdsp.exe
C:\WINDOWS\system32\sedrsvedt.exe
C:\WINDOWS\system32\sidjaaz.exe
C:\WINDOWS\system32\sidjacs.dll
C:\WINDOWS\system32\sidjazy.dll
[ Added COM/BHO ]
{18847374-8323-FADC-B443-4732ABCD3781}-C:\WINDOWS\system32\sidjazy.dll
{22FAACDE-34DA-CCD4-AB4D-DA34485A3422}-C:\WINDOWS\system32\rsjzbpm.dll
{24783410-4F90-34A0-7820-3230ACD05F42}-C:\WINDOWS\system32\raqjbpi.dll
{2598FF45-DA60-F48A-BC43-10AC47853D52}-C:\WINDOWS\system32\rarjbpi.dll
{28907901-1416-3389-9981-372178569982}-C:\WINDOWS\system32\kawdbzy.dll
{2A321487-4977-D98A-C8D5-6488257545A2}-C:\WINDOWS\system32\kapjbzy.dll
{3960356A-458E-DE24-BD50-268F589A56A3}-C:\WINDOWS\system32\avwlcmn.dll
{3C87A354-ABC3-DEDE-FF33-3213FD7447C3}-C:\WINDOWS\system32\kvdxcma.dll
{434345F1-DACF-3452-CB7D-4620F34A1534}-C:\WINDOWS\system32\rsztdpm.dll
{4859245F-345D-BC13-AC4F-145D47DA34F4}-C:\WINDOWS\system32\avzxdmn.dll
{4A1247C1-53DA-FF43-ABD3-345F323A48D4}-C:\WINDOWS\system32\avwgdmn.dll
{5B681598-AD5F-BC8C-77DC-748FAC8D3FB5}-C:\WINDOWS\system32\kafyezy.dll
{5E32FA58-3453-FA2D-BC49-F340348ACCE5}-C:\WINDOWS\system32\rsmyepm.dll
{66650011-3344-6688-4899-345FABCD1566}-C:\WINDOWS\system32\ratbfpi.dll
{67D81718-1314-5200-2597-587901018076}-C:\WINDOWS\system32\kaqhfzy.dll
[Added registry]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value=WinSysM
Data=C:\WINDOWS\IGM.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value=WinSys
Data=C:\WINDOWS\IGW.exe
到目前為止 (2007/10/11 @ ),下面的防毒軟體可以偵測到這些惡意檔案 (僅提供參考):
sidjazy.dll:
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "Trojan:Win32/Delf.AT!dll"
[ Kaspersky ], "Trojan-PSW.Win32.OnLineGames.dzq"
[ McAfee ], "PWS-OnlineGames.i"
[ Panda ], "Trj/Lineage.BZE"
[ Nod32 ], "Win32/PSW.OnLineGames.DZQ trojan"
[ Fortinet ], "W32/OnLineGames.DZQ!tr.pws"
[ HBEDV ], "TR/PSW.OnlineGames.dzq"
[ Norman ], "Trojan W32/Malware.AYNM"
avwgdmn.dll:
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "Trojan:Win32/Delf.AT!dll"
[ McAfee ], "PWS-OnlineGames.a.dll"
[ Sophos ], "Mal/Gampass-A"
[ Fortinet ], "Delagen.A!tr.pws"
[ HBEDV ], "HEUR/Malware"
raqjbpi.dll:
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "Trojan:Win32/Delf.AT!dll"
[ Kaspersky ], "Trojan-PSW.Win32.OnLineGames.eax"
[ McAfee ], "PWS-OnlineGames.a.dll"
[ Panda ], "Trj/Lineage.BZE"
[ Fortinet ], "W32/Delagen.A!tr.pws"
[ HBEDV ], "TR/PSW.OnlineGames.eax"
[ Norman ], "Trojan W32/Malware.AZEH"
avzxdmn.dll:
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "Trojan:Win32/Delf.AT!dll"
[ Kaspersky ], "Trojan-PSW.Win32.OnLineGames.dzu"
[ McAfee ], "PWS-OnlineGames.a.dll"
[ Sophos ], "Mal/Gampass-A"
[ Panda ], "Generic"
[ Fortinet ], "W32/Delagen.A!tr.pws"
[ HBEDV ], "TR/PSW.OnlineGames.dzu"
[ Norman ], "Trojan W32/OnLineGames.PGQ"
rsztdpm.dll:
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "Trojan:Win32/Delf.AT!dll"
[ McAfee ], "PWS-OnlineGames.k.dll"
[ HBEDV ], "HEUR/Malware"
avwlcst.exe:
[ Beta_Gen ], "Possible_Crypt-6″
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "[->(Upack)]:Trojan:Win32/SystemHijack.gen"
[ Kaspersky ], "PAK:UPack"
[ McAfee ], "New Malware.n !!"
[ Sophos ], "Mal/Packer"
[ Nod32 ], "probably a variant of Win32/Genetik trojan"
[ Fortinet ], "suspicious"
[ HBEDV ], "HEUR/Malware"
[ Norman ], "Security Risk W32/Suspicious_U.gen"
15[1].exe:
[ Beta_Gen ], "Possible_Crypt-6″
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "[->(Upack)]:Trojan:Win32/SystemHijack.gen"
[ Kaspersky ], "PAK:UPack"
[ McAfee ], "New Malware.n !!"
[ Sophos ], "Mal/Packer"
[ Nod32 ], "probably a variant of Win32/Genetik trojan"
[ Fortinet ], "suspicious"
[ HBEDV ], "HEUR/Malware"
[ Norman ], "Security Risk W32/Suspicious_U.gen"
avwgdst.exe:
[ Beta_Gen ], "Possible_Crypt-6″
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "[->(Upack)]:Trojan:Win32/SystemHijack.gen"
[ Kaspersky ], "PAK:UPack, Trojan-PSW.Win32.OnLineGames.ejx"
[ McAfee ], "New Malware.n !!"
[ Sophos ], "Mal/Packer"
[ Panda ], "Suspicious file"
[ Nod32 ], "probably a variant of Win32/Genetik trojan"
[ Fortinet ], "W32/OnLineGames.EJX!tr.pws"
[ HBEDV ], "TR/PSW.OnlineGames.ejx.2″
[ Norman ], "Security Risk W32/Suspicious_U.gen"
IGW.exe:
[ McAfee ], "[00005710.EXE]:New DLL-b !!"
[ Nod32 ], "probably unknown NewHeur_PE virus [7]"
[ Fortinet ], "suspicious"
[ HBEDV ], "TR/Delphi.Downloader.Gen"
136741WO.DLL:
[ McAfee ], "New DLL-b !!"
[ Nod32 ], "a variant of Win32/PSW.WOW.SV trojan"
[ Fortinet ], "suspicious"
[ HBEDV ], "TR/Delphi.Downloader.Gen"
8[1].exe:
[ Microsoft ], "[->(Upack)]:PWS:Win32/Frethog.O"
[ Kaspersky ], "PAK:UPack"
[ McAfee ], "New Malware.n !!"
[ Sophos ], "Mal/Packer"
[ Nod32 ], "a variant of Win32/PSW.WOW.WU trojan"
[ Fortinet ], "suspicious"
[ HBEDV ], "TR/Delphi.Downloader.Gen"
[ Norman ], "Security Risk W32/Suspicious_U.gen"
rsztdsp.exe:
[ Beta_Gen ], "Possible_Crypt-6″
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "[->(Upack)]:Trojan:Win32/SystemHijack.gen"
[ Kaspersky ], "PAK:UPack"
[ McAfee ], "New Malware.n !!"
[ Sophos ], "Mal/Packer"
[ Nod32 ], "probably a variant of Win32/Genetik trojan"
[ Fortinet ], "suspicious"
[ HBEDV ], "HEUR/Malware"
[ Norman ], "Security Risk W32/Suspicious_U.gen"
3[1].exe:
[ Beta_Gen ], "Possible_Crypt-6″
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "[->(Upack)]:Trojan:Win32/SystemHijack.gen"
[ Kaspersky ], "PAK:UPack"
[ McAfee ], "New Malware.n !!"
[ Sophos ], "Mal/Packer"
[ Nod32 ], "probably a variant of Win32/Genetik trojan"
[ Fortinet ], "suspicious"
[ HBEDV ], "HEUR/Malware"
[ Norman ], "Security Risk W32/Suspicious_U.gen"
MSDEG32.DLL:
[ Beta_Gen ], "Possible_Crypt-6″
[ Kaspersky ], "PAK:UPack, Trojan-PSW.Win32.OnLineGames.efr"
[ Sophos ], "Mal/Packer"
[ Panda ], "Trj/Lineage.BZE"
[ Nod32 ], "a variant of Win32/PSW.OnLineGames.DVV trojan"
[ Fortinet ], "W32/OnLineGames.EFR!tr.pws"
[ HBEDV ], "TR/PSW.OnlineGames.efr"
[ Norman ], "Security Risk W32/Suspicious_U.gen"
kvdxcma.dll:
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "Trojan:Win32/Delf.AT!dll"
[ Kaspersky ], "Trojan-PSW.Win32.OnLineGames.dzp"
[ McAfee ], "PWS-OnlineGames.i"
[ Panda ], "Generic"
[ Nod32 ], "probably a variant of Win32/Genetik trojan"
[ Fortinet ], "W32/Delagen.A!tr.pws"
[ HBEDV ], "TR/PSW.OnlineGames.dzp.4″
[ Norman
], "Trojan W32/OnLineGames.PLZ"
avwlcmn.dll:
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "Trojan:Win32/Delf.AT!dll"
[ McAfee ], "PWS-OnlineGames.a.dll"
[ Sophos ], "Mal/Gampass-A"
[ Panda ], "Suspicious file"
[ Nod32 ], "probably a variant of Win32/Genetik trojan"
[ HBEDV ], "HEUR/Malware"
kapjbzy.dll:
[ Symantec ], "Infostealer.Gampass"
[ Microsoft ], "Trojan:Win32/Delf.AT!dll"
[ Kaspersky ], "Trojan-PSW.Win32.OnLineGames.ebw"
[ McAfee ], "PWS-OnlineGames.i"
[ Panda ], "Generic"
[ Nod32 ], "probably a variant of Win32/Genetik trojan"
[ Fortinet ], "Delagen.A"
[ HBEDV ], "TR/PSW.OnlineGames.ebw"
[ Norman ], "Trojan W32/Malware.AZKA"
rarjbpi.dll:
[ Trend ], "TSPY_ONLINEG.IRZ.
kawdbzy.dll:
[ Trend ], "TSPY_ONLINEG.IRZ"
rsmyepm.dll:
[ Trend ], "TSPY_ONLINEG.ISZ"
kafyeaz.exe:
[ Trend ], "TSPY_ONLINEG.IRZ"
19[1].exe:
[ Trend ], "TSPY_ONLINEG.IRZ"
rsjzbsp.exe:
[ Trend ], "TSPY_ONLINEG.IRZ"
18[1].exe:
[ Trend ], "TSPY_ONLINEG.IRZ"
kvdxcis.exe:
[ Trend ], "TSPY_ONLINEG.IPA"
17[1].exe:
[ Trend ], "TSPY_ONLINEG.IPA"
ratbftl.exe:
TSPY_ONLINEG.IRZ"
16[1].exe:
[ Trend ], "TSPY_ONLINEG.IRZ"
kaqhfaz.exe:
[ Trend ], "TSPY_ONLINEG.ISZ"
14[1].exe:
[ Trend ], "TSPY_ONLINEG.ISZ"
kapjbaz.exe:
[ Trend ], "TROJ_SYSTEMHI.KS"
13[1].exe:
[ Trend ], "TROJ_SYSTEMHI.KS"
sidjaaz.exe:
[ Trend ], "TSPY_ONLINEG.IOX"
12[1].exe:
[ Trend ], "TSPY_ONLINEG.IOX"
raqjbtl.exe:
[ Trend ], "TSPY_ONLINEG.HZY"
10[1].exe:
[ Trend ], "TSPY_ONLINEG.HZY"
avzxdst.exe:
[ Trend ], "TROJ_SYSTEMHI.KV"
9[1].exe:
[ Trend ], "TROJ_SYSTEMHI.KV"
7[1].exe:
[ Trend ], "TSPY_ONLINEG.IDU"
IGM.exe:
[ Trend ], "TSPY_LEGMIR.CHY"
136741MM.DLL:
[ Trend ], "TSPY_LEGMIR.CHX"
6[1].exe:
[ Trend ], "TSPY_LEGMIR.CHY"
rarjbtl.exe:
[ Trend ], "TSPY_ONLINEG.IRZ"
5[1].exe:
[ Trend ], "TSPY_ONLINEG.IRZ"
kawdbaz.exe:
[ Trend ], "TSPY_ONLINEG.IRZ"
4[1].exe:
[ Trend ], "TSPY_ONLINEG.IRZ"
rsmyesp.exe:
[ Trend ], "TSPY_ONLINEG.ISZ"
LYMANGR.DLL:
[ Trend ], "TSPY_ONLINE.BD"
LYLOADER.EXE:
[ Trend ], "TSPY_ONLINE.BD"
2[1].exe:
[ Trend ], "TSPY_ONLINEG.ISZ"
1[1].exe:
[ Trend ], "TSPY_ONLINE.BD"
0[1].exe:
[ Trend ], "TSPY_ONLINEG.HEN"
0.exe:
[ Trend ], "TSPY_ONLINEG.HEN"
sedrsvedt.exe:
[ Trend ], "TROJ_SYSTEMHI.FJ"
014[1].exe:
[ Trend ], "TROJ_SYSTEMHI.FJ"
kafyezy.dll:
[ Trend ], "TSPY_ONLINEG.IRZ"
rsjzbpm.dll:
[ Trend ], "TSPY_ONLINEG.IRZ"
ratbfpi.dll:
[ Trend ], "TSPY_ONLINEG.IRZ"
kaqhfzy.dll:
[ Trend ], "TSPY_ONLINEG.ISZ"
“HiNet理財網又被植入惡意連結” 目前有 5 迴響
Roger您好,我想請問一下
如果再firewall設定無法下載任何執行檔
是否惡意網站的程式就無法被下載,就算dll被下載,可是沒有惡意執行檔,dll
也無法被驅動?
By 這招有效嗎 on 2007 年 10 月 16 日 - 09:01:00
到http://www.simplysup.com/下載掃一下看看自己是不是有中,不過以目前來看,hinet己經解決了,沒有出現相關的訊息,這個並不會難解,掃一下木馬或一般的防毒就可以解決了。網路世界什麼人都有,所以說防毒還是裝一套比較好。或去向中華電信租一套也行。
By Anonymous on 2007 年 10 月 16 日 - 17:34:00
如果可以在防火牆攔截所有執行檔(PE格式),中獎機率很小,不過,我不知道哪家有支援這樣的功能(我不是說只攔截*.exe)。
目前市面上的防毒軟體都無法有效清除已感染的系統,我認為未來也不可以有這樣的軟體,所以,請各位做好備份,有問題就還原回來。
By Roger on 2007 年 10 月 17 日 - 13:58:00
若在防火牆攔截所有執行檔,可能連修補程式也沒有辦法更新了吧!
而且現在已經有病毒會透過網頁下載加了圖檔表頭的病毒檔,下載後再去掉圖檔表頭,還原成病毒檔。
即使在防火牆攔截所有執行檔還是有可能中毒。
http://118.img.pp.sohu.com/images/2007/8/1/11/1/114b91318cc.jpg
http://116.img.pp.sohu.com/images/2007/7/28/11/22/114a465a2e6.jpg
http://116.img.pp.sohu.com/images/2007/7/24/11/3/1148fba75be.jpg
http://117.img.pp.sohu.com/images/2007/7/17/19/21/1146cf5268b.jpg
http://115.img.pp.sohu.com/images/2007/7/11/11/16/1144c8c2061.jpg
http://115.img.pp.sohu.com/images/2007/6/27/17/23/11405787f94.gif
http://118.img.pp.sohu.com/images/2007/6/21/19/11/113e6bf16d2.jpg
http://118.img.pp.sohu.com/images/2007/6/10/19/29/113ae169db6.jpg
http://115.img.pp.sohu.com/images/2007/6/9/3/16/113a54ad5e6.gif
http://117.img.pp.sohu.com/images/2007/6/3/22/22/1138a7e8987.jpg
http://115.img.pp.sohu.com/images/blog/2007/5/28/1/26/11366cf86ad.gif
By Anonymous on 2007 年 10 月 18 日 - 12:11:00
一般防毒軟體都有例外清單,將更新程式加入就可以解決此問題。
一般來說,防毒軟體掃描引擎可以處理這樣的檔案,就我所知,趨勢科技的掃描引擎可以處裡這樣的檔案格式,至於,其他防毒軟體,我就不知了。
By Roger on 2007 年 10 月 19 日 - 10:43:00