搜尋結果 - "Lineage" |
Virtemp07.rar406 次觀看1.sfx.exe/data.rar\1.exe/UPack Trojan-PSW.Win32.Lineage.akx
1_.sfx.exe/data.rar\1.exe/UPack Trojan-PSW.Win32.Lineage.akx
d2_.exe/UPack Trojan-PSW.Win32.Delf.qm
hydll.dll Trojan-PSW.Win32.Delf.qm
hye1.exe Trojan-PSW.Win32.Delf.li
PDLL.dll Trojan-PSW.Win32.Lineage.akx
rundl132.exe Trojan-PSW.Win32.Delf.li
svchost.exe/UPack Trojan-PSW.Win32.Lineage.akx
svhost32.exe/UPack Trojan-PSW.Win32.Delf.qm
dlyy.dll 掃不到 XD
|
|
VirTEMP06.rar363 次觀看USB.EXE - infected by Trojan-PSW.Win32.Lineage.ahv
dllf.dll - infected by Trojan-PSW.Win32.Lineage.aco
download.exe - infected by Trojan-PSW.Win32.Lineage.aco
g0ld.exe - infected by Trojan-PSW.Win32.Lineage.ahv
Kerne0223.dll - infected by Trojan-PSW.Win32.Gamania.eh
Kerne0223.exe - infected by Trojan-PSW.Win32.Gamania.eh
mssbupx.dll - infected by Trojan-PSW.Win32.Maran.o
server.exe - infected by Trojan-PSW.Win32.Maran.o
svhost32.exe - infected by Trojan-PSW.Win32.Lineage.acojokera
|
|
Virtemp05_.rar405 次觀看Virtemp05.rar的另一個壓縮版本
解開來的檔案都在
winlogin.exe
ciau38dll.dll
Anskya0.exe
Anskya1.exe
Anskya2.exe
dllf.dll
xwdll.dll
seal.exe
lineage.exe
fenggu.exe
svhost32.exe(兩個不同目錄且不同的檔案)
SV0H0ST.exejokera
|
|
Virtemp05.rar360 次觀看Virtemp05.rar/photo7.scr.vir/data.rar/winlogin.exe - infected by Trojan-PSW.Win32.Delf.qe
Virtemp05.rar/systemin.exe.vir/data.rar/winlogin.exe - infected by Trojan-PSW.Win32.Gamania.gf
Virtemp05.rar/photo6.scr.vir/data.rar/winlogin.exe - infected by Trojan-PSW.Win32.Gamania.gf
卡巴斯基線上掃描竟然會漏掉systemin.scr.vir
掃描日期20060913 10:10p
木馬來源網站
http://www.gamanir.com/
都是rar自解檔偽裝
中標時會自動從該網站上下載另外三個檔案
http://www.gamanir.com/exe/lineage.exe
http://www.gamanir.com/exe/seal.exe
http://www.gamanir.com/exe/fenggu.exejokera
|
|
0802_tw_lineage_org_tw.rar0802 即時通木馬本體447 次觀看不需要再做更多的說明了..
基本檔案來源跟之前相同
http://www.spr1t3.com/update.xml
顯示為1.6
不知道是不是錯覺..
卡巴掃不到? :Q (8/17掃描結果)
IEXPLORE1.exe.vir 木馬本體,會放在Windows目錄中
fgb2ksudll.dll.vir 衍生物,會放在system32目錄中
jokera
|
|
chaoshunvir.rar從某立委服務處電腦抓出來的..584 次觀看xiw828isidll.dll.vir - infected by Trojan-PSW.Win32.Lineage.afi
iexplore.exe.vir - infected by Trojan-PSW.Win32.Lineage.afi
msyagi.com.vir - infected by Backdoor.Win32.Beastdoor.av
虧他們還有裝趨勢...
這類盜取帳號鍵盤記錄的最大特徵
開個cmd視窗,打字速度會異常的慢..
目前遇到的,沒有例外.
jokera
|
|
0719_tw_lineage_org_tw.rar0719 即時通木馬本體408 次觀看木馬作者很貼心的都有更新到
所以jpg1jpg.exe = lEXPRESS.exe = photjpg.exe = girls.exe
有其它從同一網站出來的應該都相同
會產生iuxwua86sd3dll.dll
up.exe 23sidfdll.dll(??)
lEXPLORE.exe
附上透過upx decompress的dll
解壓縮後的檔案,暫定為fakedll.dat
裡面可看到不少重要資訊
比如傳送的網站,送信的大概內容,透過的信件主機等等
甚至連即時通所要傳的假訊息都在裡面..
卡巴斯基判斷為Email-Worm.Win32.Chifir.cjokera
|
|
0712_tw_lineage_org_tw.rar0712 即時通木馬本體408 次觀看girls.exe,lEXPRESS.exe,jpg1jpg.exe為本體
會在system32裡生成兩個檔案
23sidfdll.dll及可能的up.exe
dll為執行檔本體後半所脫離出來之程序
目前木馬版本為透過
http://www.spr1t3.com/update.xml
得知仍然為1.5
不過lEXPRESS.exe,jpg1jpg.exe仍為7/3??
注意:
tw.lineage.org.tw及www.spr1t3.com
兩個均為木馬作者的假像網站jokera
|
|
VirTEMP03.rarVirusTEMP 03607 次觀看主要是號稱為 楓之谷 外掛
甚至卡巴斯基有檔案掃不到的...
此壓縮檔裡面的幾乎可以確定都是木馬
線上掃瞄日期:2006/08/03
fSdll.dll - infected by Trojan-PSW.Win32.Lineage.adg
hmmapi.dll - OK
iedw.exe - OK
rundl132.exe - infected by Trojan-PSW.Win32.Gamania.en
svchost.exe - infected by Trojan-PSW.Win32.Gamania.el
svhost32.exe - infected by Trojan-PSW.Win32.Lineage.aco
2/d1.dat - OK
2/d2_.exe - infected by Trojan-PSW.Win32.Lineage.aco
2/dllf.dll - infected by Trojan-PSW.Win32.Lineage.aco
2/dlyy.dll - infected by Trojan-PSW.Win32.Gamania.em
2/e1.dat - OK
2/e1.exe - infected by Trojan-PSW.Win32.Lineage.adg
2/fS.dat - OK
2/fS.exe - infected by Trojan-PSW.Win32.Gamania.en
2/PDLL.dll - infected by Trojan-PSW.Win32.Delf.nl
2/rundll32.exe - infected by Trojan-PSW.Win32.Mefs.f
2/svhost32.exe - infected by Trojan-PSW.Win32.Lineage.aco
af.dat - OK
af.exe - infected by Trojan-PSW.Win32.Gamania.en
d1.dat - OK
d2_.exe - infected by Trojan-PSW.Win32.Delf.of
e1.dat - OK
e1.exe - infected by Trojan-PSW.Win32.Mefs.f
老話一句
愛用就找死吧
|
|
VirTemp02.rar病毒暫存02 Trojan-PSW442 次觀看清一色為Trojan-PSW
WinAF.tmp.exe.exe - Win32.Lineage.my
Kerne141.exe - Win32.Lineage.my
microsoftie41.dll - Win32.Gamania.ba
pbdll.dll - Win32.Gamania.as
rodll.dll - Win32.Delf.fz
rundll132.exe - Win32.Delf.fz
svchost.exe - Win32.Lineage.achjokera
|
|
Virtemp01.rar病毒暫存01426 次觀看rundll32.exe Trojan-PSW.Win32.Lineage.abd
svchost.exe Trojan-PSW.Win32.Delf.nl
svhost32.exe Trojan-PSW.Win32.Delf.nojokera
|
|
VirTEMP04.rarDangerFiles341 次觀看VirTEMP04.rar/shawo877kdll.dll.vir - infected by Trojan-PSW.Win32.Lineage.xg
VirTEMP04.rar/IEXPLORE.exe.vir - infected by Trojan-PSW.Win32.Lineage.xg
VirTEMP04.rar/3OUP96.DLL.VIR - infected by Trojan-PSW.Win32.Lineage.zl
|
|
0516_tw_lineage_org_tw.rar0516 即時通木馬本體457 次觀看image.exe為本體
kittydll.dll為中標後的衍生物jokera
|
|
0615_tw_lineage_org_tw.rar0615 即時通木馬本體及衍生物475 次觀看girls.exe,lEXPRESS.exe,jpg1jpg.exe為本體
會在system32裡生成兩個檔案
23sidfdll.dll及可能的up.exe
dll為執行檔本體後半所脫離出來之程序
目前木馬版本為透過
http://www.spr1t3.com/update.xml
得知為1.5
注意:
tw.lineage.org.tw及www.spr1t3.com
兩個均為木馬作者的假像網站jokera
|
|
0525_tw_lineage_org_tw.rar0525 即時通木馬本體445 次觀看只有一個girls.exe執行檔
image.htm為主網頁
vieerdll.dll為中標後
置於system32的衍生物,用途為連線至
http://www.spr1t3.com/jmail.asp
發送資料信件??
http://www.spr1t3.com/update.xml
得知目前最新版本??
|
|
0608_tw_lineage_org_tw.rar0608 即時通木馬本體439 次觀看girls.exe為主要執行檔
lEXPRESS.exe為透過ActiveX安裝之同內容檔案
image.htm為主網頁
頁尾包含了netzs.htm
執行檔有經過該作者使用upx壓縮
中標後,
在Windows目錄生成IEXPLORE.exe
在system32生成xreg33dll.dll
傳訊時可能有另一種連結
http://tw.lineage.org.tw/photo/jpg1jpg.exe
是為同內容的檔案
|
|
0531_tw.lineage.org.tw.rar0531 發佈的即時通木馬449 次觀看主要傳播網址
http://tw.linage.org.tw/photo/image.htm
girls.exe為主要木馬檔
lexpress.exe為透過ActiveX安裝之木馬
執行後
在Windows目錄生成IEXPLORE.exe
並在System32裡生成xd83rssddll.dll
及up.exe
|
|
|
|
|
|