http://malware-test.com/blog/a...ory/malware/最近消息:
国立联合大学网页被植入恶意连结,有一部份与ThinkClub网页被植入恶意连结是一样,请各位小心。(感谢 Jimau)
**请帮忙通知他们,谢谢**
恶意连结为:
恶意程式的一部份为:
执行之后,有下面的行为:
[Deleted process]
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
[DLL injection]
C:\Documents and Settings\Administrator\Local Settings\Temp\svchost.exe (注入 svchost.exe)
C:\Program Files\Common Files\Microsoft Shared\MSInfo\TWs9sc53.dll (注入某些执行程序如档案总管等)
C:\WINDOWS\Debug\UserMode\831F.dll (注入某些执行程序如档案总管等)
C:\WINDOWS\system32\odbsnet.dll (注入档案总管)
[Added service]
NAME: zpzbwbhu
DISPLAY: zpzbwbhu
FILE: \??\C:\Program Files\Internet Explorer\Connection Wizard\zpzbwbhu.sys
[Added file]
C:\Documents and Settings\Administrator\Local Settings\Temp\moi.com
C:\Documents and Settings\Administrator\Local Settings\Temp\svchost.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\ad1[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\xx[1].exe
C:\logex.txt
C:\Program Files\Common Files\Microsoft Shared\MSInfo\TWs9sc53.dll
C:\WINDOWS\Debug\UserMode\831F.dll
C:\WINDOWS\Debug\UserMode\831F.exe
C:\WINDOWS\system32\FORCEDOSA.EXE
C:\WINDOWS\system32\getmaca.exe
C:\WINDOWS\system32\odbsnet.dll
[ Added COM/BHO ]
{88AE0A64-3762-4471-8F05-AD572032EB38}-C:\Program Files\Common Files\Microsoft Shared\MSINFO\TWs9sc53.dll
{934FC91A-AAFE-4ADB-B138-7C4DEAD310EA}-C:\WINDOWS\debug\userMode\831F.dll
