§Ú±q¤j¯¥¤W­±°Å¶K¤U¨Ó

¬Q¤Ñ¦b PCZone ½×¾Â¤W¬Ý¨£ DarkSkyline ±i¶K¤F¤@½g¤å³¹¡uªÚªÚ³n¥ó¶é³nÅé¤U¸ü-µo²{Java Script Virus¡v(³o¬O¤j³°ªººô¯¸)¡A¦n©_¤ßÅX¨Ï¤§¤U¡Aªá¤FÂI®É¶¡¤ÀªR¤F¤@¤U¦¹¯f¬r¡AÆZºGªº¡A¦]¬°¤j³¡¤Àªº¨¾¬r³nÅé³£°»´ú¤£¨ì¡A¦Ó¥B¡A¦¹¯f¬r·F¤F«Ü¦hÃa¨Æ¡C¦pªG¨S¨Æªº¸Ü¡AÄU¦U¦ìÁÙ¬O¤£­nÀH·NÂsÄý¤j³°ºô¯¸©Î¤U¸ü¨Ó¸ô¤£©úªºµ{¦¡¡C

°õ¦æ¤§«á¡A¦³¤U­±ªº¦æ¬°¡G

[DLL injection]
C:\Documents and Settings\Administrator\Local Settings\Temp\upx.dll (ª`¤JÀÉ®×Á`ºÞªº°õ¦æµ{§Ç)
C:\WINDOWS\system32\cmdbcs.dll (ª`¤JÀÉ®×Á`ºÞªº°õ¦æµ{§Ç)
C:\WINDOWS\system32\msccrt.dll (ª`¤JÀÉ®×Á`ºÞªº°õ¦æµ{§Ç)
C:\WINDOWS\system32\windds32.dll (ª`¤JÀÉ®×Á`ºÞªº°õ¦æµ{§Ç)
C:\WINDOWS\system32\windhcp.ocx (ª`¤JÀÉ®×Á`ºÞªº°õ¦æµ{§Ç)
C:\WINDOWS\system32\wsttrs.dll (ª`¤JÀÉ®×Á`ºÞªº°õ¦æµ{§Ç)
C:\WINDOWS\system32\wsvs.dll (ª`¤JÀÉ®×Á`ºÞªº°õ¦æµ{§Ç)

[Added service]
NAME: Win32DDS
DISPLAY: Win32 Display Driver
FILE: C:\WINDOWS\system32\\rundll32.exe windds32.dll,input

NAME: WinDHCPsvc
DISPLAY: Windows DHCP Service
FILE: C:\WINDOWS\system32\\rundll32.exe windhcp.ocx,input

[Added file]
C:\Documents and Settings\Administrator\Local Settings\Temp\svchost.vbs
C:\Documents and Settings\Administrator\Local Settings\Temp\upx.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\upx.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\zaqxsw[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\1[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\zaq10[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\zaq2[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\zaq5[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\zaq9[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\zaq4[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\zaq7[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\zaq1[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\zaq3[1].exe
C:\Program Files\Common Files\System\IDrivers.pif
C:\WINDOWS\cmdbcs.exe
C:\WINDOWS\msccrt.exe
C:\WINDOWS\system32\cmdbcs.dll
C:\WINDOWS\system32\ctfnom.exe
C:\WINDOWS\system32\drivers\usbue.sys
C:\WINDOWS\system32\msccrt.dll
C:\WINDOWS\system32\windds32.dll
C:\WINDOWS\system32\windhcp.ocx
C:\WINDOWS\system32\wsttrs.dll
C:\WINDOWS\system32\wsvs.dll
C:\WINDOWS\wsttrs.exe
C:\WINDOWS\wsvs.exe

[Added registry]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,
Value=wsvs,Data=C:\WINDOWS\wsvs.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,
Value=wsttrs,Data=C:\WINDOWS\wsttrs.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,
Value=upx,Data=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\upx.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,
Value=msccrt,Data=C:\WINDOWS\msccrt.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,
Value=cmdbcs,Data=C:\WINDOWS\cmdbcs.exe

cmdbcs.exe
[ Trend ], ¡§TSPY_ONLINEGA.SF¡¨
ctfnom.exe:
[ Trend ], ¡§TROJ_Generic¡¨
IDrivers.pif:
[ Trend ], ¡§TROJ_DLOADER.HRG¡¨
msccrt.dll:
[ Trend ], ¡§TSPY_ONLINEGA.ZT¡¨
msccrt.exe:
[ Trend ], ¡§TSPY_ONLINEGA.ZT¡¨
upx.dll:
[ Trend ], ¡§TSPY_ZHENGTU.CZ¡¨
upx.exe:
[ Trend ], ¡§TSPY_ZHENGTU.CZ¡¨
windds32.dll:
[ Trend ], ¡§TROJ_AGENT.KNG¡¨
windhcp.ocx:
[ Trend ], ¡§TROJ_AGENT.KNH¡¨
wsttrs.dll:
[ Trend ], ¡§TSPY_ZHENGTU.BO¡¨
wsttrs.exe:
[ Trend ], ¡§TSPY_ONLINEGA.SE¡¨
wsvs.dll:
[ Trend ], ¡§TSPY_LEGMIR.ALO¡¨
wsvs.exe:
[ Trend ], ¡§TSPY_ONLINEGA.GM¡¨
zaq1[1].exe:
[ Trend ], ¡§TSPY_ZHENGTU.CZ¡¨
zaq2[1].exe:
[ Trend ], ¡§TSPY_ONLINEGA.ZT¡¨
zaq3[1].exe:
[ Trend ], ¡§TROJ_AGENT.KEP¡¨
zaq4[1].exe:
[ Trend ], ¡§TSPY_ONLINEGA.GM¡¨
zaq5[1].exe:
[ Trend ], ¡§TSPY_ONLINEGA.SE¡¨
zaq7[1].exe:
[ Trend ], ¡§TROJ_Generic¡¨
zaq9[1].exe:
[ Trend ], ¡§TROJ_AGENT.KEQ¡¨
zaq10[1].exe:
[ Trend ], ¡§TSPY_ONLINEGA.SF¡¨
zaqxsw[1].exe:
[ Trend ], ¡§TROJ_DLOADER.HRG¡¨
1[1].exe:
[ Trend ], ¡§Possible_Infostl¡¨
cmdbcs.dll:
[ Panda ], ¡§Trj/Legmir.AMG¡¨
[ Nod32 ], ¡§a variant of Win32/PSW.Agent.NCC trojan¡¨
[ HBEDV ], ¡§HEUR/Malware¡¨
[ Grisoft ], ¡§Trojan horse PSW.Legendmir.DZP¡¨
usbue.sys:
[ Symantec ], ¡§Trojan Horse¡¨
[ HBEDV ], ¡§TR/Rootkit.Gen¡¨


«Üµ}©_¡A¶K¥X¬Ý¬Ý¡AÁͶձ½¨ì«Ü¦h¯f¬r¡A¨ä¥L¿éªº«ÜºG¡AÁͶզb¤j³°¦¬¤Î¯f¬rµo´§§@¥Î

¼Ë¥»´N¬O§Ú¬Q¤Ñµo¦b¼Ë¥»°Ïªº¨º¨Ç¡C

¬O¶Ü??
·Pı¸ò§Ú´ú¸Õªº®t«Ü¦h

¨S¿ìªk¡A¤pºô¯¸³Q¬E°¨¦b¤j³°«Ü¬y¦æ¡A¤pºô¯¸¨S¦³§Þ³N¤O¶q»P¸êª÷¤ä«ù¡C¤£¹L¥¿³Wªº¤jªººô¯¸ÁÙ¬O¤£¿ùªº¡C¤£©ñ¤ß¦Ü¤Ö¥[¸Ë­ÓSSM¡A¥[­Ó¤å¥óºÊ±±ªº³n¥ó§ó¦n¡C

°¸±ÀÂˤ@­Ó3D»ô¥þªºHIPS¡A¤j³°²£«~¡A¥Ø«e3.2ª©¡A°¨¤W´N­n±À¥XÁcÅ骩¡G

EQSecure for System ¬O¨t统¦w¥þ¨¾¤õ墙,¥i¥H«O护计ºâÉó¾Þ§@¨t统,拦ºI¦M险¾Þ§@,ÁקK类¦ü¯f¬r©M间谍软¥óªº¦w¥þ«Â胁.¥]¬A进µ{,ª`册ªí¥H¤Î¤å¥ó.

EQSecure for System ¤ä«ù¤U¦C¾Þ§@ªº拦ºI:
¡D运¦æµ{§Ç
¡D¥[载库¤å¥ó
¡D¦w装ªA务©ÎªÌ驱动µ{§Ç
¡Dª«²zºÏ盘¾Þ§@
¡D¥[载驱动µ{§Ç
¡D¾Þ§@ª«²z内¦s
¡D创«Ø远µ{线µ{
¡D­×§ï¨ä¥¦进µ{ªº内¦s
¡D¦w装¥þ§½钩¤l
¡D­×§ïHOST¤å¥ó
¡D­×§ïIE浏览¾¹设¸m
¡D结§ô©ÎªÌ¬E°_进µ{,线µ{
¡D检测隐ÂÃ进µ{  
¡Dª`册ªíªº­×§ï©M删°£
¡D¤å¥óªº创«Ø,¥´开,­×§ï,删°£

¨t统­n¨D:Windows 2000/Windows XP/Windows 2003
©x¤è½×¾Â¦a§}¡Ghttp://www.eqspywatch.com/bbs/index.php


¤U¸ü¦a§}¡Ghttp://www.eqspywatch.com/download/EQSysSecureSetup.exe

¡]ÀH«Kµo¨ìHIPS±M°Ï§a ¡^

¤Þ¥Î:

­ì©«¥Ñ 32idea ©ó 2007-2-11 18:49 µoªí


°¸±ÀÂˤ@­Ó3D»ô¥þªºHIPS¡A¤j³°²£«~¡A¥Ø«e3.2ª©¡A°¨¤W´N­n ...

这样ªº±À¯ò,¤j¸ô¨ì处¥i见!......´N¶H刚¥Xªº360¦w¥þ卫¤h,¨ì处¨ì¦³¤H±À¯ò¤H¥Î....®ÄªG¦p¦ó¯«©_,¦p¦ó¤Fªº!!!!

¨ä¹ê¡A§Ú­Ì¤j³°¤£¥u¬O¤pºô¯¸¡A¤@¨Ç¤jºô¯¸¤]¦³³Q¤H±¾°¨ªº²{¶H¡A¤£¹L«Ü¤Ö¨£¡CÁÙ¦³¨º¨Ç±ÀÂ˧ڬO¤£·|¤Ó¬Û«Hªº¡A¦ý¬O¦³¨Ç¤HÁÙ¬O¬Û«H¡C·w~

EQ§Úªººô¤Í¦³¥Îªº¡AÁÙ¥i¥H¡C

¤Þ¥Î:

­ì©«¥Ñ ha503cm ©ó 2007-2-12 14:27 µoªí



这样ªº±À¯ò,¤j¸ô¨ì处¥i见!......´N¶H刚¥Xªº360¦w¥þ卫¤h,¨ì处¨ì¦³¤H±À¯ò¤H¥Î....®ÄªG¦p¦ó¯«©_,¦p¦ó¤Fªº!!!!

³o¦ìºô¤Í¤£¤Ó«p¹D¡A

1¡B °¸­ì¤åùبS¦³¤@¥y§j¼NEQ®ÄªG¦p¦ó¯«©_,¦p¦ó¤Fªº¸Ü§a¡I³o¤]¥u¬O¤@­Ó³n¥ó¥\¯àªº説©ú§a¡I
±z®³¨Ó©M¤°麽360¤ñ¸û¡A°Z¤£ª¾360ªº¦ÑÁó´N¬O¤j³°¬yª]³n¥óªº¶}¤s¤Hª«¡A¤@¦V¥Hª£§@©M¥«³õÀç¾P¬°¤v©Òªø¡A±z¦p¦¹²o±j¥u¯à»¡¬O¬Ý¨£Àd¾m»¡°¨¸~­I¡C360ª£§@¬O360¡A©MEQ¦³¦óÃö«Y¡H¡H¡H
­Ë¬O¥Ø«e¤j³°ºô¯¸ª£§@­·¶³¨¾¤õùÙ¤ñ¸û¥O¤H¥Í¬È

2¡BEQ¬O§K¶O³n¥ó¡A°¸±q2.0 ¥Î¨ì3.1¤@ª½¨S¦³¦b§Oªº½×¾Â¯S·N±ÀÂË¡A¦]爲¤§«e¤£¤Ó¦¨¼ô¡A¸g±`·|¦³¨ÇÄdºI¤£¨ì¡A¦ý¬O¨ì¤F3.2¥H«á¡A³o´Ú³n¥ó¤w¸g­È±o«H¿à±ÀÂˤF¡A
§Y«K¦p¦¹¡A°¸¦b¤j³°ºô¯¸¤]¥u¬O¦b²Ô³Õ¤@­Ó½×¾Â´¿¸g»P¤@¨Çºô¤Í±´°Q¹L¡A§Oªººô¯¸«Ü¤Ö½Í°_¡A¦]爲¨Ï¥ÎHIPS³n¥ó¤£¬O·s¤â¯à°÷¥Î¦nªº¡A­nª¾¹D°¸¥i¬O¦b¤¤¤Ñ¡B¼C·ù¡B­·¶³ùÙ§Þ³N¡B¤ñ¯S¡B¦w¨¾¡B¬P¬Pºë«~¡B¿½¤ß¼Ö¶é¡B¤ì¿ÂÃÆ¡B¤¤¤å¤§³Ã¡B¢°¢±¢Ù¢Û¡BŬF¤Ñ¤U¡B¥d¶º¡B»¶«È¡BÀs«Ò°ê¡B­P³Õ¡BªF´ç¡B§Ö¼ÖµL¾÷µ¥µ¥½×¾Â³£¦³¢×¢Òªº¡A

3¡B§A»¡¤°麽¤j³°¨ì³B¥i¨£¡A°Z¤£ª¾³o¸Ì¬O»OÆW½×¾Â¡H¦Ó¥B³o¸Ì½Í½×ªº¦UÃþ³n¥ó°Z¤£¬O¦b§Oªº¦w¥þ½×¾Âùؤ]³£½Í¹L¡A³o¼Ë説¨Ó§A¬JµM¨£ÃѹL¡A¤S¦ó¥²¨Ó¬Ý¡A¦ó¥²¨Óµo§»½×©O¡H

4¡B¦n¤£¦nªº§Ú¥u¬O±ÀÂˤ¶²Ð¡A¬J¨S¦³§j¼N¡A¤]¨S¦³²Kªo¥[¾L¡A¦Ó¥Bºô¤Í¤]¦Û¦³§PÂ_¯à¤O¡A
¦pªG§A¥Î¤F·Pı¤£¦n¡AÁ¿Á¿ÅéÅç¤]ºâ¬O¦³»ù­Èªº¦^©«¡A¹³±z³o¼ËÁ¿¡AÃø¹D¨ä¥Lºô¤Í¦Û¤v¨S¦³§P§O¯à¤O¡HÃø¹D³o­Ó½×¾Â¤£¬O¥Î¨Ó¥æ¬y¤¶²Ð¦w¥þ³n¥óªº±À¤¶¨Ï¥Î±¡ªpªº°}¦a¡H
¦pªG¤£©¯±zÀ£®Ú´N¨S¦³¥Î¹L¢Ó¢ß¡A¤Sµo¦¹½×½Õ¡A§ó¥s¤H¤aµM¡A±z¦^©«ªº»ù­È¦ó¦b¡H

¤Þ¥Î:

­ì©«¥Ñ klinxun ©ó 2007-2-16 19:53 µoªí
¨ä¹ê¡A§Ú­Ì¤j³°¤£¥u¬O¤pºô¯¸¡A¤@¨Ç¤jºô¯¸¤]¦³³Q¤H±¾°¨ªº²{¶H¡A¤£¹L«Ü¤Ö¨£¡CÁÙ¦³¨º¨Ç±ÀÂ˧ڬO¤£·|¤Ó¬Û«Hªº¡A¦ý¬O¦³¨Ç¤HÁÙ¬O¬Û«H¡C·w~

¦³¤HºôÅʧä¨ì¤F¯u·R¡A¦³¤HºôÅʳQ§T°]§T¦â¬Æ¦Ü·f¤W¥Í©R¡A«ç麽»¡©O¡H

¤@­Ó³n¥ó¦n¤£¦n¡A¬O§_¾A¦X¦Û¤vªº»Ý¨D¡AÁÙ¬O¨C¦ì¨Ï¥ÎªÌ¦Û¤vªº¨Æ¡A¢°¦~«e°¸¦b¤@¨Çºô¯¸µ¹¤@¨Çºô¤Í±ÀÂˤp¬õ³Ê¡A²{¦b°¸«Ü¤Ö¦A¥J²ÓÁ¿¸Ñ¤p¬õ³Ê¤F¡A¦]爲¤p¬õ³Ê¦³ÂI¬õ¹M¤j³°½×¾Âªº¬[¶Õ¡A¥Î¤á¤]¶V¨Ó¶V¦h¡A¦ÛµM´N¤£¥²¦hÁ¿¤F¡A¡]·íµM³o¤£¬O°¸ªº¥\³Ò¡A°¸¤]¨S³o¯à¤O¡A¡^

¦pªG°¸±ÀÂ˪º³n¥ó¯uªº«Ü¾A¦X§A¡A¨ü´fªº¤]¬O§A¡A
¦pªG¤£¾A¦X§A¡A°¸¥u¬O¤@­Ó¹L«È¡AµÓ¤ô¬Û³{¦Ó¤w¡A±q¨Ó¨S¦³³\¿Õ¹L¤°麽µ¹§A¡A¦Ü¤Ö°¸µoªº±ÀÂË©«¤lùجO³o¼Ëªº¡@

32idea§Ú¤£¬O§å§P§A¡AEQ§Ú¦b¥d¶º¬Ý¹L¡A¬O¤£¿ù¡C§Ú»¡ªº¬O¬Y¨Çºj¤âªº±ÀÂË¡A¤£¬O»¡§A¬Oºj¤â¡A¬O¤£¬Oºj¤â§Ú¥i¥H¤À¿ë¡A§Ú¤]±`±`±ÀÂ˧O¤H¥Î¶Oº¸©M·LÂI¡C

klinxun,无论¬O¥d饭¡A还¬O这¨½¡A无论¬O§_¬O¥^¥^过«È¡AµÓ¤ô¬Û³{¡A§Æ±æ¤j®a°µªB¤Í¡A¥æ¬y´£°ª,

EQ­nµÛ¤â¹ï¾Þ§@µ¥¯Åªº­·ÀI´£¥Ü¤F¡A²{¦bªºEQ¥u¯à»¡¬O§¹¥þªº¤â°Ê¤u¨ã¡C