|
|
|||||||
| 論壇說明 |
|
歡迎您來到『史萊姆論壇』 ^___^ 您目前正以訪客的身份瀏覽本論壇,訪客所擁有的權限將受到限制,您可以瀏覽本論壇大部份的版區與文章,但您將無法參與任何討論或是使用私人訊息與其他會員交流。若您希望擁有完整的使用權限,請註冊成為我們的一份子,註冊的程序十分簡單、快速,而且最重要的是--註冊是完全免費的! 請點擊這裡:『註冊成為我們的一份子!』 |
 |
|
|
主題工具 | 顯示模式 |
2005-02-01, 01:42 PM
|
#1 |
|
註冊會員
|
plunderer 通知-天堂殺手"木馬的最新變種(1/31 AV 全不報 NOD 啟發式報 2/1 已加入)
NOD 啟發式報
天堂殺手"木馬的最新變種Trojan/PSW.Lineage.cq。 此變種主要通過病毒網站,利用IE瀏覽器的MHT漏洞和CODEBASE漏洞傳播。 病毒會記錄用戶鍵盤輸入,盜取天堂遊戲的帳號密碼,通過其自帶的SMTP引擎把獲得的非法信息通過電子郵件發送給病毒作者。同時,病毒還會自動升級,並會刪除用戶硬盤上的多種媒體文件,造成數據破壞。 病毒運行後,將創建三個文件user.txt/svchost.exe/ie.txt, 其中user.txt是帳號密碼記錄文件, svchost.exe,ie.txt是病毒自身病毒版本信息文件。病毒同時修改註冊表啟動項,以使自身與Windows同時啟動。 病毒會刪除微軟Media文件夾中所有後綴為rmi,mid,wav的媒體文件,造成Windows聲音方案失效;掛接Windows鉤子,監視用戶當前窗口,當窗口標題為"Lineage Windows Client"等字串時,記錄用戶的鍵盤輸入,定時通過SMTP引擎把竊取的信息通過電子郵件發送給病毒作者。病毒還會通過訪問病毒網站進行自身的版本更新。 1/31 還不能偵測的情況 自己測了一下 是病毒的行為 看看吧 防護不夠的小心點 1. 加入WINDOWS 下  2. 聯網  3.加入啟動項  病毒 http://rapidshare.de/files-en/488840/svchost.rar.html PS: vir (2/1 已加入)  |
|
送花文章: 0,
|
|
2005-02-01, 02:08 PM
|
#2 (permalink) |
|
註冊會員
|
KAV 的回答
Greetings. Trojan-PSW.Win32.Lineage.aw was found in the attached file. It's detection will be included in the next antivirus bases. Thank you for your help. ----------------- Regards, Alexey Malanov Virus Analyst, Kaspersky Lab. Ph.: +7(095) 797-8700 E-mail: newvirus@kaspersky.com http://www.kaspersky.com http://www.viruslist.com 咖啡回复了,同时给了附加库 A.V.E.R.T. Sample Analysis Virus Research Analyst: Patricia Ammirabile Identified: PWS-Lineage Trojan AVERT(tm) Labs, Sao Paulo, SP Thank you for submitting your suspicious file. Synopsis - Attached is a file for extra detection, which will be included in a future DAT set. In order to get the fastest possible response, you may wish to submit future virus-samples to <http://www.webimmune.net>. In most cases it can respond almost instantly with a solution. For other virus-related information, please see the AVERT homepage at: <http://vil.mcafeesecurity.com/vil/default.asp> Solution - To ensure that you have the maximum available capability of detecting and cleaning this malware on your system, please make sure you have the latest engine. Engine and DAT updates are available at: <http://www.mcafeesecurity.com/us/downloads/updates> EXTRA.DAT This should be used with any of the McAfee AV Scanners. The file should be copied into the directory where the other DAT files reside. Using the find/search utility on your computer search for the following file: SCAN.DAT Then copy the Extra.dat we have sent you to the same folder where one of the above is located. Once you have copied the file, reboot the system for the driver to be loaded. Further information about Extra.DATs can be found at http://vil.mcafeesecurity.com/vil/sy...s/extradat.htm. Support - Virus Research accepts file-samples for analysis and possible inclusion into AV signature DAT sets. We are also prepared to answer general virus questions. All product-related questions and comments can be addressed through technical support and customer service, including: * Product installation and update questions * Product usage questions * Specific operating system/version questions * Assistance with detection and cleaning or removal of viruses or trojans Please use the following links to reach our technical support group for McAfee products. Corporate Customers: <https://mysupport.mcafeesecurity.com/> Single User/Retail Customers: <http://www.mcafeehelp.com> Regards, Patricia Ammirabile Virus Research Analyst McAfee AVERT (TM) A division of McAfee, Inc. |
|
|
送花文章: 0,
|
平板模式
