| Perfil de MJ自在空间BlogListas |  Herramientas  Ayuda |
|
27/02/2007 PWSteal.Bancos.gen / TROJ_DELF.HCTROJ_DELF.HC
1. 概述: 恶意程序类型: Trojan
别名: PWSteal.Bancos.gen, Win32.PSW.Bancos!downloader, Win32/Bancos!Downloader.166400!Trojan 在外流行: 无 破坏性: 无 语言: English 平台: Windows 95, 98, ME, NT, 2000, XP 加密: 无 综合风险等级: 低 描述: A Trojan is malware that poses as legitimate software. When executed by unsuspecting users, it performs unexpected or unauthorized, often malicious, actions.
TROJ_DELF.HC is a downloader Trojan. Like other Tojans, it may arrive (In a computer) as part of a malware package, or is manually installed by the user.
Upon execution, it attempts to download another malware file from the following site:
http://<BLOCKED%gt;.com/dialers/
However, tests at Trend Micro show that due to errors in the malware code, it fails to execute this routine. It also logs keystrokes and then sends out the gathered information to a malicious user. It runs on Windows 95, 98, ME, NT, 2000, and XP.
描述建立: Jan 3, 2005
描述更新: Mar 20, 2005 2. 解决方案
This procedure terminates the running malware process. You will need the name(s) of the file(s) detected earlier.
Open Windows Task Manager.
» On Windows 95, 98, and ME, press CTRL+ALT+DELETE » On Windows NT, 2000, and XP, press CTRL+SHIFT+ESC, then click the Processes tab. In the list of running programs*, locate the malware file(s) detected earlier. Select one of the detected files, then press either the End Task or the End Process button, depending on the version of Windows on your system. Do the same for all detected malware files in the list of running processes. To check if the malware process has been terminated, close Task Manager, and then open it again. Close Task Manager. --------------------------------------------------------------------------------
*NOTE: On systems running Windows 95, 98, and ME, Windows Task Manager may not show certain processes. You can use a third party process viewer such as Process Explorer to terminate the malware process. Otherwise, continue with the next procedure, noting additional instructions. Additional Windows ME/XP Cleaning Instructions Users running Windows ME and XP must disable System Restore to allow full scanning of infected systems.
Users running other Windows versions can proceed with the succeeding procedure sets.
Running Trend Micro Antivirus
Scan your system with Trend Micro antivirus and delete all files detected as TROJ_DELF.HC. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro’s online virus scanner.
3. 技术细节
A Trojan is malware that poses as legitimate software. When executed by unsuspecting users, it performs unexpected or unauthorized, often malicious, actions.
TROJ_DELF.HC is a downloader Trojan. Like other Tojans, it may arrive (In a computer) as part of a malware package, or is installed by the user. Upon execution, it attempts to download another malware file from the following site: http://<BLOCKED%gt;.com/dialers/ However, tests at Trend Micro show that due to errors in the malware code, it fails to execute this routine. This Trojan also logs keystrokes and then sends out the gathered information to a malicious user. It is written in Borland Delphi and is compressed using FSG. It runs on Windows 95, 98, ME, NT, 2000, and XP. 4. 统计
25/02/2007 riched20.dllriched20.dll
riched20 - riched20.dll - DLL文件信息 DLL 文件: riched20 或者 riched20.dll
DLL 名称: RichEdit DLL 描述:
riched20.dll是字符编辑器相关文件。 属于: RichEdit 系统 DLL文件: 否 常见错误: File Not Found, Missing File, Exception Errors
安全等级 (0-5): 0
间谍软件: 否 广告软件: 否 Windows的riched20.dll中存在缓冲区溢出漏洞,将会导致使用DLL模块通讯功能的应用程序崩溃,但是攻击者想要利用这个漏洞执行恶意代码或命令是非常困难的。
这个漏洞是由于Windows的riched20.dll在处理RTF代码,画出图形字符串格式的时候,存在缓冲区溢出漏洞,从而导致调用了该DLL文件的应用程序崩溃。
微软公司目前没有发布相应的补丁。 最新版本的QQ里面自带的这个文件,已经修正了该文件属性标签溢出的漏洞。你安装最新的QQ试下。
另外,这个文件应该是位于system32文件夹中,如果出现在别的文件夹中,复制到system32文件夹里面,应该就可以了。
23/02/2007 攒机方案
除夕夜里炮声隆,报道狗年宵遁! 18/02/2007 物以终为始,人从故得新。迎阳朝翦彩,守岁夜倾银。13/02/2007 万物静观皆自得,四时佳兴与人同。道通天地有形外,思入风云变幻中。观棋长吟
邵雍
院静春深昼掩扉,竹间闲看客争棋。
搜罗神鬼聚胸臆,措臻山河入范围。 局合龙蛇成阵斗,劫残鸿雁破行飞; 杀多项羽坑秦卒,败剧符坚畏晋师。 座上戈铤尝击搏,面前冰炭旋更移; 死生共抵两家事,胜负都由一着时。 当路断无相假借,对人须且强推辞; 腹心受害诚堪惧,唇齿生忧尚可医; 善用中伤为得策,阴行狡狯谓知机。 请观今日长安道,易地何尝不有之? 咏柳 曾巩
乱条犹未变初黄,倚得东风势便狂。
解把飞花蒙日月,不知天地有清霜。 牧童诗 黄庭坚
骑牛远远过前村,短笛横吹隔陇闻。
多少长安名利客,机关用尽不如君。 秋日 程颢
闲来无事不从容,睡觉东窗日已红。
万物静观皆自得,四时佳兴与人同。 道通天地有形外,思入风云变幻中。 富贵不淫贫贱乐,男儿到此是豪雄。 寄黄几复 黄庭坚
我居北海君南海,寄雁传书谢不能。
桃李春风一杯酒,江湖夜雨十年灯。 持家但有四立壁,治国不蕲三折肱。 想得读书头已白,隔溪猿哭瘴烟滕。 和子由渑池怀旧 苏轼
人生到处知何似,应似飞鸿踏雪泥:
泥上偶然留指爪,鸿飞那复计东西。 老僧已死成新塔,坏壁无由见旧题。 往日崎岖还记否,路上人困蹇驴嘶。 石苍舒醉墨堂 苏轼
人生识字忧患始,姓名粗记可以休。
何用草书夸神速,开卷[忄党]恍令人愁。 我尝好之每自笑,君有此病何能瘳! 自言其中有至乐,适意无异逍遥游。 正月二十日与潘郭二生出郊寻春,忽记去年是日同至女王城作诗,乃和前韵 苏轼
东风未肯入东门,走马还寻去岁春。
人似秋鸿来有信,事如春梦了无痕。 江城白酒三杯酽,野老苍颜一笑温。 已约年年为此会,故人不用赋招魂。 金错刀行 陆游
黄金错刀白玉装,夜穿窗扉出光芒。
丈夫五十功未立,提刀独立顾八荒。 京华结交尽奇士,意气相期共生死。 千年史册耻无名,一片丹心报天子。 尔来从军天汉滨,南山晓雪玉嶙峋。 呜呼! 楚虽三户能亡秦,岂有堂堂中国空无人! 书愤 陆游
早岁那知世事艰,中垢北望气如山。
楼船夜雪瓜洲渡,铁马秋风大散关。 塞上长城空自许,镜中衰鬓已先斑。 出师一表真名世,千载谁堪伯仲间。 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
