http://malware-test.com/blog/a...ory/malware/最近消息:
國立聯合大學網頁被植入惡意連結,有一部份與ThinkClub網頁被植入惡意連結是一樣,請各位小心。(感謝 Jimau)
**請幫忙通知他們,謝謝**
惡意連結為:
惡意程式的一部份為:
執行之後,有下面的行為:
[Deleted process]
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
[DLL injection]
C:\Documents and Settings\Administrator\Local Settings\Temp\svchost.exe (注入 svchost.exe)
C:\Program Files\Common Files\Microsoft Shared\MSInfo\TWs9sc53.dll (注入某些執行程序如檔案總管等)
C:\WINDOWS\Debug\UserMode\831F.dll (注入某些執行程序如檔案總管等)
C:\WINDOWS\system32\odbsnet.dll (注入檔案總管)
[Added service]
NAME: zpzbwbhu
DISPLAY: zpzbwbhu
FILE: \??\C:\Program Files\Internet Explorer\Connection Wizard\zpzbwbhu.sys
[Added file]
C:\Documents and Settings\Administrator\Local Settings\Temp\moi.com
C:\Documents and Settings\Administrator\Local Settings\Temp\svchost.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\ad1[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\xx[1].exe
C:\logex.txt
C:\Program Files\Common Files\Microsoft Shared\MSInfo\TWs9sc53.dll
C:\WINDOWS\Debug\UserMode\831F.dll
C:\WINDOWS\Debug\UserMode\831F.exe
C:\WINDOWS\system32\FORCEDOSA.EXE
C:\WINDOWS\system32\getmaca.exe
C:\WINDOWS\system32\odbsnet.dll
[ Added COM/BHO ]
{88AE0A64-3762-4471-8F05-AD572032EB38}-C:\Program Files\Common Files\Microsoft Shared\MSINFO\TWs9sc53.dll
{934FC91A-AAFE-4ADB-B138-7C4DEAD310EA}-C:\WINDOWS\debug\userMode\831F.dll
