繼華視網站遭駭後,他們沒有找出安全漏洞,所以,現在首頁又被植入惡意連結。請各位暫時不要瀏覽這個網站,以免中毒,等確認他們已經修復後,會在此更新訊息。(此惡意程式應該也會偷使用者帳號與密碼)
執行之後,有下面的行為 (與「手機王網頁又被植入惡意連結」是一樣的):
[Added process]
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\vinavbar\svchost.exe
[DLL injection]
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\vinavbar\svchost.exe (注入 svchost.exe 的執行程序)
[Added file]
C:\Documents and Settings\Administrator\Local Settings\Temp\CiKE.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\taskmgr.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\b0(29)[1].swf
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\cike[1].js
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\dvbbs[1].mdb
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\2006692151148920[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\cike2[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\cike1[1].htm
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\vinavbar\eCompress.fne
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\vinavbar\eImgConverter.fne
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\vinavbar\eLIB.fne
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\vinavbar\HideProc.dll
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\vinavbar\internet.fne
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\vinavbar\krnln.fnr
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\vinavbar\Nhook.dll
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\vinavbar\shell.fne
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\vinavbar\svchost.exe
[Added registry]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,
Value=svchost,Data=C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\vinavbar\svchost.exe
詳細的資訊,請參考「大砲開講部落格」。
書籤