Board logo

¼ÐÃD: [¨t²Î¤u¨ã] Process Monitor v1.25 (Windows ¶i¶¥ºÊ±±¤u¨ã) [¥´¦L¥»­¶]
§@ªÌ: yoyo007     ®É¶¡: 2007-10-9 08:37 AM    ¼ÐÃD: [¨t²Î¤u¨ã] Process Monitor v1.25 (Windows ¶i¶¥ºÊ±±¤u¨ã)

[³nÅé¦WºÙ] Process Monitor v1.25 (Windows ¶i¶¥ºÊ±±¤u¨ã)
[³nÅé»y¨¥] ÁcÅ餤¤å
[Àɮפj¤p] 1.14 MB (1,198,964 ¦ì¤¸²Õ)
[©x¤è¯¸¥x] http://www.microsoft.com/technet ... ProcessMonitor.mspx
[¦s©ñªÅ¶¡] HTTP
[³nÅ鲤¶] §K¦w¸Ë

  Quote:


¤@¡B¤¤¤å¤Æµ§°O¡G

  Quote:
§éÄˤF´X¤é¡A²×©ó§â Process Monitor ªº¤¤¤å¤Æµ¹§¹¦¨¤F¡AªY¼¢¡C

®É¶¡¥D­n¬Oªá¦b«D¼Ð·Ç¸ê·½¦r¦êªºÂ½Ä¶¡A¥H¤Î¦]¬°¹L«×½Ķ¾É­P­«¶}¾÷«á Process Monitor µLªk¸ü¤JÅX°Êµ{¦¡ªº°£¿ù¤W¡F¥Ñ©ó Process Monitor ªº«D¼Ð·Ç¸ê·½¦r¦ê¦ì©ó Unicode¡A·íµM³o¦b½Ķ¤Wµ¹¤F§Ú­Ì·¥¤jªº«K§Q¡A´N¬O¤£¥²¤Ó¥h¦Ò¼{¦r¦êªÅ¶¡¬O§_¨¬°÷ªº°ÝÃD¡A¦ý¤Z¨Æ¦³±o¦³¥¢¡AProcess Monitor ªº Unicode ¦r¦ê¹ê¦b§â§Ú·dªº [¤Ö] ²´©üªá (§ÚÁÙ¦~»´¡A¤£»Ý­n¥Î¨ì [¦Ñ] ³o­Ó¦r)¡A¨Ò¦p¹³¦b½Ķ 010 Editor 2.1.3 ®É©Ò¹J¨ìªº¦r¦êºIÂ_¤è¦¡¡G

An error occured attempting to memory map '
'
The file '
' is not a valid backing file (truncated)
Unable to open '

¦n­ù¨Î¦b¡A¦¹Ãþ¦r¦ê¥u¬O³¡¤À¦Ó¤w¡A¤]¦]¬°³oºØ¦r¦ê§Î¦¡¡A§Ú¨S¤Ó¥h­×¾ã [ ' ] ©Î½Ķ¤§Ãþªº¡F³ÌÆ{¨ò¬O¦w¯à¿ë§Ú¬O»Û¶¯ (¥iĶ»P¤£¥iĶ) ªº¨º¨Ç¡G

RegUnloadKey
RegDeleteKey
DeviceIoControl
SetEAFile
VolumeMount
UnlockFileSingle
more than
is
FILE CORRUPT
THREAD NOT IN PROCESS

®`§Ú³s¿z¿ïÀɳ£¤£´±¥Î¡A²`©È¤@¿z¤U¥h¡A¦^ÀY¸É¿ò¤S­n¤@¬q®É¶¡¤F¡A¥u¦n´N VA ¦r¦ê§ì¤@§ì¡A¤]¨S¨º­Ó¤ß±¡¥h¿z¿ï¡A¤@¦æ¦æÃä¬ÝÃ佡A¤Ï¥¿°µ¦n¤@¦¸¡A¥H«á§ó·s´N»´ÃP¦h¤F¡C²Ä¤@¦¸¡AÃø§K°}µh°Ú !!

µM«á´N¬O³¡¤À¦r¦ê¤£¤¹³\¶ñ¸É 00¡A·|³y¦¨µ{¦¡¥X¿ù¡F¥t¥~¦³¨Ç½Ķ§Ú¬O³sé±a²qªº¡A³o³¡¤À§Æ±æ±M·~ªººô¤Í¯à¤£§[µ¹¤©«ü¥¿¡A¥ýÁÂÁ¤F¡C

À£ÁYÀɪþ±a [¨ø¸ü.reg]¡A¦]¬°µn¿ýÀɧڦ³°Ê¨ì¤@­Ó¦r¦ê¡A¦pªG±z°õ¦æ¹Lª©ªº Process Monitor¡A«Øij±z¦b°õ¦æ¦¹¤¤¤åª©®É¡A¥ýÂù«ö [¨ø¸ü.reg] ¥h±¼µn¿ýÀɤ¤­ì¦³ªº¸ê®Æ¡F²¾°£³nÅé¤]¬OÂù«ö [¨ø¸ü.reg]¡A¦A±Nµ{¦¡¥Ø¿ý§R°£´N¦n¤F¡C

#1 §Ú¦³¾ã²z¤F¤@¨Ç¬ÛÃöªº¨Ï¥Î»¡©ú¡C

¤G¡B³nÅ餶²Ð¡G

  Quote:
Process Monitor ÄÝ©ó Windows ¶i¶¥ºÊ±±¤u¨ã¡A¨ÃÅã¥Ü§Y®ÉÀɮרt²Î¡Bµn¿ý©M³B²z§Ç / °õ¦æºü¬¡°Ê¡C¥¦µ²¦X¤F¨â­Óª© Sysinternals ¤½¥Îµ{¦¡ (§Y Filemon ©M Regmon) ªº¥\¯à¡AÁÙ·s¼W¤F§ó¼sªxªº¼W±j¥\¯à²M³æ¡A¥]¬AÂ×´I©M«D¯}Ãa©Êªº¿z¿ï¥\¯à¡B¸Ô²Óªº¨Æ¥ó¤º®e (¹³¬O¤u§@¶¥¬q ID ©M¨Ï¥ÎªÌ¦WºÙ)¡B¥i¾aªº³B²z§Ç¸ê°T¡B§¹¾ãªº°õ¦æºü°ïÅ|·f°t¨C­Ó§@·~ªº¾ã¦X©Ê²Å¸¹¤ä´©¡B¦P®Éµn¤JÀÉ®× ...µ¥µ¥¡C¥¦¿W¯Sªº±j¤j¥\¯à¡A°w¹ï¨t²ÎºÃÃø±Æ¸Ñ©MÂy¨ú´c·Nµ{¦¡½X¤u¨ã²Õ¨â¤è­±¡A±N Process Monitor ¥´³y¦¨¬°¨ä®Ö¤ß¤½¥Îµ{¦¡¡C

¶W¹L Filemon ©M Regmon ªº Process Monitor ¼W±j¥\¯à

Process Monitor ªº¨Ï¥ÎªÌ¤¶­±¿ï¶µ»P Filemon ©M Regmon ªº¨Ï¥ÎªÌ¤¶­±¿ï¶µ¬Û¦ü¡A¦ý¬O«eªÌ¬O±qµL¨ì¦³©Ò¼¶¼g¡A¦Ó¥BÁÙ¥]§t¤F¥H¤U³\¦h­«­nªº¼W±j¥\¯à¡G

¡E³B²z§ÇªººÊ±±¡B°õ¦æºü±Ò°Ê»Pµ²§ô¡A¥]¬Aµ²§ôª¬ºA½X¡C
¡E¬M¹³ªººÊ±± (DLL ©M®Ö¤ß¼Ò¦¡¸Ë¸mÅX°Êµ{¦¡) ¸ü¤J¡C
¡E°w¹ï§@·~¿é¤J©M¿é¥X°Ñ¼Æªº§ó¦h¸ê®ÆÂ^¨ú¡C
¡E«D¯}Ãa©Ê¿z¿ï¥i¥H¤£·|¥¢¥h¸ê®Æªº±¡ªp¤U¡A³]©w¿z¿ï¾¹¡C
¡E°w¹ï¨C¶µ§@·~¶i¦æ°õ¦æºü°ïÅ|Â^¨ú¡A¨Ã¦b³\¦h±¡ªp¤U¿ëÃѧ@·~ªº®Ú¥»­ì¦]¡C
¡E¥i¾aªº³B²z§Ç¸Ô²Ó¸ê®ÆÂ^¨ú¡A¥]¬A¬M¹³¸ô®|¡B©R¥O¦C¡A»P¨Ï¥ÎªÌ©M¤u§@¶¥¬q ID¡C
¡E¥ô¦ó¨Æ¥óÄݩʪº¥i³]©w»P¥i²¾°Ê¦¡Äæ¦ì¡C
¡E¿z¿ï¾¹¥i¥H¹ï¥ô¤@¸ê®ÆÄæ¦ì¶i¦æ³]©w¡A¨ä¤¤¥]¬A¨Ã«D³]©w¦¨¸ê®Æ¦æªºÄæ¦ì¡C
¡E°w¹ï¼Æ¦Ê¸UÂ^¨úªº¨Æ¥ó©M GB ªº°O¿ý¸ê®Æ¡A¾Ö¦³¶i¶¥ªº°O¿ýµ²ºc³W¼Ò¡C
¡E³B²z§Ç¾ðª¬¤u¨ãÅã¥Ü©Ò¦³°lÂܤ¤ªº°Ñ¦Ò³B²z§Ç¤§¶¡ªºÃö«Y¡C
¡E­ì¥Í°O¿ý®æ¦¡«O¯d¤F¦b¤£¦Pªº Process Monitor °õ¦æ­ÓÅ餤¸ü¤Jªº©Ò¦³¸ê®Æ¡C
¡EProcess ¤u¨ã´£¥Ü´£¨Ñ²©öÀ˵ø³B²z§Ç¬M¹³¸ê°Tªº¥\¯à¡C
¡E¸Ô²Óªº¤u¨ã´£¥Ü¦b¦s¨ú¤£²Å¦XÄæ¦ì¤¤ªº®æ¦¡¤Æ¸ê®Æ®É¡AÅܱo§ó¬°¤è«K¡C
¡E¥i¨ú®ø·j´M¡C
¡E¶}¾÷®É°O¿ý©Ò¦³¨t²Î°Ê§@¡C




ÀɮפU¸ü¡G


MD5¡G

CODE:  [Copy to clipboard]
059C37FDAF6FC8815DFF3925C1B0E85A


½Ð«ö [Copy to clipboard] ½Æ»s¸ÑÀ£½X¡G

CODE:  [Copy to clipboard]

PS. ½Ðª`·N¡G

¦p³nÅé»Ý¯S®í¤å¥ó¡A¦Ó±z¥u¤U¤£¦^ªº¸Ü¡A¨º¤£¦n·N«ä¡A§Y¨Ï±z PM ¦V§Ú¸ß°Ý¡A§Ú¤]·|¾Ç±z·í­Ó¼ç¤ôªÌ¡A¤£¤©¦^À³¡A½Ð§O©Ç§Ú¡A³o¥»¬O§©|©¹¨Ó¡A¤j®a¤¬¬Û¡A©Ò¥H¡A·q½Ð¦U¦ì¤j¤j«O«ù½×¾Âªº¨}¦n­·®ð¡A¾i¦¨¦³¤U¦³¦^ªººô¸ô§»ö¡AÁÂÁ±zªº°t¦X !!
§@ªÌ: yoyo007     ®É¶¡: 2007-10-9 08:38 AM    ¼ÐÃD: Process Monitor ¬ÛÃö¨Ï¥Î»¡©ú



  Quote:

¦¬¿ý¶i¡G¥Î Process Monitor ¬Ý¬Ýµ{¦¡·d¤°»ò°­ #39




  Quote:
¤@¡B¥Î Process Monitor §ä¥Xµ{¦¡ÄÀ©ñªº»y¨¥ÀÉ














































  Quote:
¤G¡BProcess Monitor °ò¥»¾Þ§@±Ð¾Ç

Âà¸ü¦Û¡Ghttp://blog.darkthread.net...08/18/977.aspx

¡i¯ù¥]®g¤â±MÄæ¡jProcess Monitor °ò¥»¾Þ§@±Ð¾Ç

¦³ºô¤Í¦b°Ý Process Monitor ¦p¦ó¨Ï¥Î¡A§Ú·Q¤F·Q¡A³o¦ì¯ù¥]¤@­ô¦b¥» Blog ¥X¥Í¤J¦º¯}®×µL¼Æ¡A«oÁÙ¯uªº¨S¥¿¦¡¤¶²Ð¹L¥¦ªº¾Þ§@¨Ï¥Î¤è¦¡¡C©Ò¥H¡AProcess Monitor ªºªì¯Å¨Ï¥Î±Ð¾Ç¨Ó¤F!

SysInternals ªº¨â¦ì¤Ñ¤~³Q«õ¥h·L³n«áªº²Ä¤@­Ó¥Nªí§@¡A´N¬O±N­ì¥»ªº File Monitor (FileMon) »P Registry Monitor (RegMon) ¨â®M¤u¨ã¡Aª÷­è¦XÅ馨 Process Monitor¡A³o¯u¬O­Ó¥s¤H·P°Ê¸¨²\ªºÁ|°Ê§r~~~

¥H©¹¦b±Æ°£°ÝÃD®É¡A±`±`­n¦P®É¯d·N File ¤Î Registry ¦s¨úª¬ªp¡A©Ò¥H´N­n¦P®É¶} FileMon¸ò RegMon¡A¬G·NÅý°ÝÃD¦Aµo¥Í¡AµM«á¦P®ÉÃö³¬ FileMon ¤Î RegMon¡A¶}©l¤ñ¹ï¤GªÌªº°O¿ý: §ä¥X FileMon Ū¨ú A Àɪº®ÉÂI¡A¹ï·Ó¨ì RegMon ¬Ý·í®ÉŪ¤F­þ­Ó Registry¡A¦bÁÙ¨S¦³·d¥XÂù¿Ã¹õ¤§«e¡A§ÚÁÙ±`±o§â RegMon ªº°O¿ýÀÉ Copy ¨ì Notebook ¤W¡A¤@²´¬Ý PC¡A¤@²´¬Ý Notebook ¤è«K¤ñ¹ï¡C¹ï¤£°_¡A§Ú¤S¶}©l¸H¸H°á¤F¡A³o¨Ç¦Y¿»Á¦ÅÒªº¦^¾Ð¡AÁÙ¬O¯dµ¹¤¤¦~¤H¿W¦Û«~À|¦n¤F¡CXD

Á`¤§¡AProcMon §â RegMon »P FileMon ªººÊ±±©ñ¦b¤@°_¡A¹ê¦b¬O¦ò¤ß¨ÓµÛ!

­n¥Î ProcMon ªº²Ä¤@¨B·íµM­n¥ý¥h¤U¸ü¡Aºô§}¦b ³o¸Ì¡A§K¦w¸Ë¡A§Ú³£¥u¸Ñ EXE ÀÉ¥X¨Ó©ñ¦b®à­±´N¶}©l·F¬¡¡C




¶}±Ò«á¡A§A·|¬Ý¨ì¦p¤W¹Ïªºµe­±¡A³q±`§Ú³£¥u¥Î¨ì Toolbar ªº¨º¤@±Æ«ö¶s´Nª±±o¤£¥ç¼Ö¥G¡C§Ú¥ÎÃC¦â¼Ð¥X¨Ó´X­Ó­«­n¥\¯à¡A»¡©ú¦p¤U:

1 ¶}±Ò/°±¤î°O¿ý¨Æ¥ó: ¥´ X ®Éªí¥Ü²{¦b°±¤î®·®»¨Æ¥ó

2.¦Û°Ê¤U±²: ¥Ñ©óºÊÅ¥¹Lµ{¤¤¡A²M³æ·|¤£Â_¼Wªø¡A§A¥i¥H¿ï¾Ü ProcMon ¥Ã»·Åã¥Ü²M³æ³Ì¤U¤èªº³Ì·s°O¿ý¡C¤£¹L²M³æ³q±`ªø±o«Ü§Ö¡A·|±²¨ì§A²´ªá¡C

3.²M°£¥Ø«e²M³æ¤¤ªº°O¿ý

4.³]©wFilter: ¶W­«­n! ProcMon¬O¼oÅK©Î¬OÄ_¼C¥þ¬Ý§A·|¤£·|³] Filter¡A«á­±¦A°µ¸Ô²Ó¤¶²Ð

5.«ü©w®à­±µ{¦¡: ³o­Ó¤pºË·Ç¾¹¦b SPY++ ¸Ì«Ü¦³¦W¡C¦pªG§A¤µ¤Ñ·Q­nÆ[¹î¬Y­Ó®à­±µ{¦¡Åª¤F­þ¨Ç Registry¡B¼g¤F­þ´X­Ó File¡A±N¤pºË·Ç¾¹©ì©Ô¨ì¨º­Óµ{¦¡ªº UI ¤W¡AProcMon ´N·|¦b Filter ¤¤¥[¤J­­©w¸Óµ{¦¡ªº±ø¥ó («ü©w Process ID)

6.·j´M: ¦b²{¦³ªº°O¿ý¤¤§ä´M¯S©w¤å¦r

7.¸õ¦ÜRegistry/File: ¯»¤è«Kªº¥\¯à! ¦b°O¿ý¤¤·|¬Ý¨ì¬Y¨Ç Registry ©Î File ªº¦WºÙ¡AÂI¿ï¨º¤@¦C°O¿ý«á«ö¤U¥h¡A­Y¬O Registry °O¿ý´N·|¶} Registry Editor °±¦b¸Ó Registry Key ¤W¡A­Y¬O File ´N·|¶}±Ò FileMonitor °±¦b¸ÓÀɮתº©Ò¦b¥Ø¿ý¤W¡C¦b°O¿ý¤W«ö¥kÁä¤]¦³­Ó Jump To¡A®ÄªG¬Û¦P¡C

8, 9, 10: ¥Î¨Ó«ü©w§A­nºÊÅ¥ªº½d³ò¡A¤À§O¬O Registry¡BFile ¤Î Process ¬¡°Ê¡A¦pªG§A¥uÃö¤ß File ¦s¨ú¡A´N¥u¶}±Ò File¡A¯u¥¿ªº½u¯Á¤~¤£·|³Q®IÂæb¤@¤j°ï¨S¥Îªº Registry °O¿ý¤¤¡C

¦n¤F¡A±µµÛ¨Ó¬Ý ProcMon ¾Þ§@ªººëµØ©Ò¦b¡A³]©w Filter!!




¨C¤@«h Filter ±ø¥ó¤À¬°¤T­Ó³¡¤À¡A²Ä¤@³¡¤À¬OÄæ¦ì¡A¨C¤@µ§°O¿ý¦³«Ü¦hÄæ¦ì¡A§A¥i¥H­­©w¬Y­ÓÄæ¦ì¥²¶·²Å¦X¬Y­Ó±ø¥óªº¨Æ¥ó¤~­n"Åã¥Ü"¡A²Ä¤G³¡¤À¥i«ü©w­nµ¥©ó¡B¥]§tµ¥¹Bºâ¤l¡A²Ä¤T³¡¤À«h¬O¯S©wªº¦r¦ê­È¡A³Ì«á­n«ü©w³o­Ó±ø¥ó­n¥]§t¶i¨ÓÁÙ¬O±Æ°£±¼¡C

ª`·N¨ì¨S¦³¡A§Ú­è¤~»¡ Filter «üªº¬O"Åã¥Ü"±ø¥ó¡A¦Ó¤£¬O"®·®»"±ø¥ó®@! ²Ä¤@±i¹Ïªº Status Bar ¤¤¦³­Ó Showing 11,894 of 39,380¡A·N«ä¬O ProcMon «O¯d¤F¥|¸Uµ§°O¿ý¡A¨Ì²{¦bªº Filter ±ø¥ó¥u Show ¨ä¤¤ªº 30%¡A¥i¥H¨Æ«á¦A­×§ï±ø¥ó¡A¿z¿ï¤£¦Pªº°O¿ý¨Ó¬Ý¡C³o¤S¬O¤@­Ó¥»µÛ¦ò¤ßªº·s³]­p¡A¹L¥h¨Ï¥Î FileMon/RegMon ®É±`µo¥Í¦]±ø¥ó¤ÓÄY¨S§ì¨ìÃöÁä¨Æ¥ó¡A¥u¦n§ï±ø¥ó¦A¨Ó¤@¦¸ªºª¬ªp¡A²{¦b Filter ¥i¥H¨Æ«á¦A Tune¡A¸`¬Ù¤F«Ü¦h­«ÀY¨Ó¹Lªº®É¶¡¡C

¤£¹L­×§ï Filter ªº¾Þ§@¦³ÂI©_¯S¡A¦b¤U¤è²M³æÂI¨â¤U¡A¸Ó±ø¥ó·|±q²M³æ¤¤²¾°£¡A²¾¨ì¤W¤è¡A­×§ï«á­n«ö Add §â¥¦¥[¦^²M³æ¡A¦pªG§A§ï§¹ª½±µ«ö OK¡A±ø¥ó´N®ø¥¢¤F¡A­è¶}©l¥Î­nªáÂI®É¶¡²ßºD¡C

¥Î­Ó¹ê¨Ò¨Ó»¡¡A¦pªG§Ú·Q¦b XP/2003/Vista ¤UÆ[¹î IIS ªº¬¡°Ê¡A¥i¥H³]©w¥H¤Uªº Filter:



Process Name is 'w3wp.exe' ³o¼Ë¤l ProcMon ·|§ì¨ì©Ò¦³ w3wp.exe ¹ï File ¤Î Registry ªº¦s¨ú¡A­Y§Aªº IIS ¦³¦h­Ó Application Pool¡A«h·|¦³¦h­Ó PID ¤£¦Pªº w3wp.exe¡A§A¥i¥H¸ÕµÛ¦A§ä¨ìÃöª`¹ï¶Hªº Process ID¡A¶i¤@¨BÁY¤p½d³ò¡C



«ö¤UàÏ©l®·®»«á¡A·|±o¨ì¦p¤W¹Ïªº¤@¤j¦ê°O¿ý¡A²M³æ¤¤ Operation ¬O RegOpenKey¡BRegCloseKey¡BRegQueryValue ªº¬O Registry °O¿ý¡ACreateFile¡BCloseFile¡BReadFile µ¥«h¬O File ¦s¨ú°O¿ý¡C¦b¨C«h°O¿ý¤W«ö¥kÁäÁÙ¦³¦n´X­Ó¶K¤ßªº¥\¯à¡A§A¥i¥H¥Î Exclude/Include ¥[¤J»P³oµ§°O¿ý¬ÛÃöªº Filter ±ø¥ó«á¥ß§Y¥Í®Ä¡C³o¼Ë§Ú­Ì¥i¥H¥ý³]¸û¼eªº Filter ²Õ¦X¡A¦bÀ˵øµ²ªGªº¦P®É¦A¤@¤@±Æ°£µLÃöªÌ¡A¨³³tÁY¤p½d³ò¡CProperty «h¥i¬Ý¨ì¸Óµ§°O¿ýªº¥þ³¡²Ó¸`¡A¨Ò¦p: µo¥Í Access Denied ®É¡A¬Æ¦ÜÁÙ¥i¥H¬Ý¨ì Impersonate ªº±¡§Î¡C

¤W¹Ï¤¤¨SÅã¥Ü¥X¨Ó¡A¦ý Path «á¤èÁÙ¦³­Ó­«­nÄæ¦ì¥s Result¡A´N¬O³o­Ó°Ê§@ªº°õ¦æµ²ªG¡ANOT FOUND/ACCESS DENIED ¤§Ãþªº¡A³q±`¬O­È±o§Ú­ÌÃöª`ªºµJÂI¡C

¤µ¤Ñªº Process Monitor °ò¥»¨Ï¥Î½Òµ{´NÁ¿¨ì³o¸Ì¡A¤U½Ò!!



  Quote:
¤T¡B¨Ï¥Î ProcMon ¤­¤ÀÄÁ¤º¯}®×ªº¸g¨å®×¨Ò

Âà¸ü¦Û¡Ghttp://blog.darkthread.net/blogs/......10/959.aspx

¡i¯ù¥]®g¤â±MÄæ¡j¨Ï¥Î ProcMon ¤­¤ÀÄÁ¤º¯}®×ªº¸g¨å®×¨Ò

Could not load file or assembly 'System.EnterpriseServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' or one of its dependencies. Access is denied.

¤p²Õ¸Ì¦³¥x"¾x°­"(µù)ªº´ú¸Õ¾÷¾¹¡A¦Ñ·R¥X¨Çµ}©_¥j©Çªº¿ù»~¡C¤µ¤Ñ°õ¦æ¬Y¤ä ASPX ®É¡Aµo¥Í¥H¤W¿ù»~...

¤@¯ë¤H¹J¨ì³oºØª¬ªp¡A°£¤F­«Äé .NET Framework¡B­«Äé IIS¡B­«Äé Windows¡B¥h¦æ¤Ñ®c«ô«ô¸ò§ï¦æ¤£¼gµ{¦¡¤§¥~¡A¦h¥b´N¥u¯à§ô¤âµLµ¦¡C¤£¹L¦pªG¦³ Process Monitor ¦b¤â¡A±¡ªp´N¤£¤@¼Ë¤F¡C

¹J¨ì Access Denied «¬ªº Error ªº¡A§Úªº¤Ï®g°Ê§@´N¬O¶}±Ò Process Monitor¡F¥Ñ©ó³o­Ó¿ù»~°T®§«Üºë½T¦a«ü¥XµLªk¦s¨úªºÀɮ׬O System.EnterpriseServices.dll¡A¦]¦¹¥[­Ó Path Contains "System.EnterpriseServices" ªº Filter¡A¦AÂsÄý¤@¦¸¦³°ÝÃDªº URL¡A¥ß§Y´N§ä¨ì Access Denied ªºÃÒ¾Ú¡C



§Q¥Î Jump To ª½±µ¸õ¦Ü GAC ¤Uªº°ÝÃD Folder¡AÀˬd¤@¤UÅv­­¡AªGµM! ¤£ª¾«ç»ò¦a¡A¸Ó¥Ø¿ý¥u³Ñ¤U SYSTEM ¸ò Administrators ¦³ÅvŪ¨ú¡AÃø©Ç¥Î NETWORK SERVICE °õ¦æªº w3wp.exe ·|¦Y³¬ªùü¡C°Ñ¦Ò¨ä¥LÃþ¦ü¥Ø¿ý¡A¸É¤WÅv­­¡A°ÝÃD´N®ø¥¢¤F! «e«á¥uªá¤F¤£¨ì¤­¤ÀÄÁ¡C



Á¿¨ìSystemInternalsªº³o¨Ç¦n¤u¨ã¡A306´Á iTHome ªº«Ê­±¬G¨Æ­è¦n´N¥H¥¦¬°¥DÃD¡A¦Ó¨â¦ì MVP (¿àºa¼Ï¡B¾G¤læ£) »P§Ú¤]¤À¨É¤F¦Û¤vªº¨Ï¥Î¤ß±o («y... ÁÙ¦³·Ó¤ù®@¡A­nñ¦Wªº¤H½Ð±a¶g¥Z¨p¤U§ä§Ú¡A¥Ø«e¨S¦³¿ìñ®Ñ·|ªº­p¹º)¡A¦³¿³½ìªº¤H¥i¥H¥h§ä¨Ó½½¡C

====== §Ú¬O¤À¹j½u ======

µù: ©Ò¿×"¾x°­"¦³¨âºØ¸ÑÄÀ: ¤@¬O«ü¾÷¾¹¤W±`¥X²{µLªk²z¸Ñªº©Ç²{¶H¡AÅý¤Hª½©I¨£"°­"¤F¡F²Ä¤GºØ¬O¦³µ{¦¡³Â¥Ê¡B¹q¸£¥Õ¥Ø¦b·d"°­"¡A¶i¦æ¦UºØ¤£¥i«äijªº¨t²Î­×§ï»P³]©w¡A¥ô½Ö³£²q¤£¥X°ÝÃD·|¥X¦b³oºØ¦a¤è¡C



  Quote:
¥|¡B¨Ï¥Î Process Monitor + Syscheck ²¾°£¤ì°¨

Âà¸ü¦Û¡Ghttp://hi.baidu.com/drzebra......7ddfbb3fb9569.html


¡uIEHelper_*.dll¡v¤ì°¨²Õ¥óªº§R°£¡Asyscheck ¤Ï¶Â¤u¨ã ¡Ï Process Monitor ²Õ¦X®±¥XÀ»¡I

¤@¡BIEHelper_*.dll ¤ì°¨ªººØÃþ¡A¦s¦b¦ì¸m©M¦M®`

§Ú·j¯Á¤F¤@¤UIEHelper_*.dll¦Ü¤Ö¦³¥H¤U´X­Óª©¥»¡G

IEHelper.dll  
IEHelper_5001.dll   Iehelper_5012.dll  Iehelper_5013.dll
Iehelper_5016.dl    Iehelper_5025.dll  Iehelper_5026.dll   
Iehelper 5048.dll   IEHelper_5058.dll  IEHelper_5066.dll  
Iehelper_5068.dll   Iehelper_5078.dll  IEHelper_5201.dll
IEHelper2006829_4702.dll

¸Ó¤ì°¨¦s¦bªº±`¨£¦ì¸m¬°¡G

%System%\IEHelper.dll
X:\Program Files\BB\IEHelper
X:\Documents and Settings\All Users\Application Data\Microsoft\UserData\IEHelper_*.dll
X:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper_*.dll

¦M®`/¦MÀIµ{«×¡G

1.³o¤ì°¨²Õ¥ó¥Î¨ÓÄdºI«öÁä¡AÄdºIÁä½L«H®§¡CIEHelper.dll ³B²z¦bÂsÄý¾¹¤¤¿é¤J¼Æ¾Ú©Ò¤Þµoªº IE ¨Æ¥ó¡C¨Ã±NÄdºIªº¼Æ¾Ú¤ÎURL¦s©ñ¦b %system%Passlogx.log ¤¤[1]¡C
2.IEHelper ¦p¤£¤Î®É²M°£¡A·|¤Þ¶i¼Æ¤QºØ¤ì°¨¡AÄY­«ªº¾É­P­pºâ¾÷¨t²Î±Y¼ì¡BÂÅ«Ì¡A¸û»´ªº¾É­P¹B¦æ³t«×·¥ºC¡C
3.¼vÅT¨t²Îí©w©Ê¡AIE µLªk¥´¶}¡A¤£©w´Á¸õ¥X¤£©úºô­¶IE¼u¥X¼s§i¡C

¤G¡Bºôµ¸¤Wªº¸Ñ¨M¿ìªk (¨S¦³ÅçÃÒ¡A¤£¤@©w¦³®Ä¡I)

¤èªk1¡G[2]

A.¥ýÃö³¬ IE ÂsÄý¾¹;
B.¦A[¶}©l]->[¹B¦æ]-> regsvr32 /u x:\xx\iehelper_¡Ñ.dll;
C.¨ì IEhelper.dll ªº¦w¸Ë¥Ø¿ý¤U¡Aª½±µ§R°£¥¦;
D.²M²z¤@¤Uµù¥Uªí¡A¹ï¡uIEHelper_¡Ñ.dll¡v°µ¹ý©³²M°£¡C

¤èªk2¡G[3]

A.ª÷¤s¬rÅQ¤¤±a¦³¤å¥ó¯»¸H¾÷³o­Óµ{§Ç¡A§Ú´N¥Î³oµ{§Ç§â¡uIEHelper_5066.dll¡vª½±µ¯»¸H
B.¯»¸H«á¦³·|¥X²{­Ó¡uKKKKKKKKK¡vªº¤å¥ó¡AµM«á¦b§â³o¤å¥ó°Å¶K¨ì¥t¥~¤@­Ó¤å¥ó§¨¤U¡A¤§«á DEL ª½±µ§R°£¡C
C.²M²z¤@¤Uµù¥Uªí¡A¹ï¡uIEHelper_¡Ñ.dll¡v°µ¹ý©³²M°£¡C

¤èªk3¡G ¸Ó¤èªk¦³ÂI·d¯º¡H

A.¥ý§ä¨ì DLL ¤å¥óªº¥Ø¿ý
B.µM«á§â IEHelper_¡Ñ.dll °Å¤Á²¾°Ê¨ì®à­±¤W
C.§R°£³o­Ó DLL ¤å¥óªº¤W¤@¯Å¥Ø¿ý,¦n¹³¬O userdata,
D.µM«á¦^¨ì®à­±,§â¨º­ÓDLL¤å¥óª½±µ©ì¨ì¦^¦¬¯¸¸Ì,³Ì«á²MªÅ¦^¦¬¯¸À³¸Ó´N·d©w¤F.

¤T¡B¥»¯¸´£¨Ñªº¸û¬°±M·~ªº¤â°Ê²M°£¿ìªk

­º¥ý,¤U¸ü¨â­Ó¤u¨ã¡G

1¡Csyscheck ¤Ï¶Â¤u¨ã¡Ghttp://free5.ys168.com/?wangsea
2¡CProcess Monitor ¶iµ{ºÊµø³n¥ó¡G¥»©«¤U¸ü¡C

(¤@) ²©ö¤èªk¡G  °w¹ï IEHelper_X.dll ªºª`¤J iexplore.exe ¶iµ{ªº±¡ªp

A. ¥´¶}¤@­ÓIEÂsÄý¾¹µ¡¤f
B.¡i¹B¦æ syscheck1.0061¡j->¡i¶iµ{ºÞ²z¡j->
C. «ö¤U©³¤U¡i¨¾¤îÅX°Êªý¤î­×´_¡j¡A¦P®É¿ï¨ú¡i¸T¤î¥~³¡½uµ{³Ð«Ø¡j->
D. ¿ï©w¡iiexplore.exe¡j->¬d¬Ý¬É­±¤U¥b³¡¤À¡i¼Ò¶ô«H®§¡j

µù¡G¡i¼Ò¶ô«H®§¡j¤¤¥]§t¤F IE ÂsÄý¾¹¥[¸üªº©Ò¦³ DLL,OCX ¤å¥ó«H®§

E. ¿ï©w¡i¼Ò¶ô«H®§¡j¤¤ªº IEHelper_¡Ñdll ¶µ-> ÂIÀ»¹«¼Ð¥kÁä->¡i¨ø¸ü¼Ò¶ô¨Ã§R°£¤å¥ó¡j
F. µ¥¤W´X¬íÄÁ¡AIEHelper_¡Ñ.dll ´N³Q§¹¥þ§R°£¤F¡C
G. ³Ì«á²M²z¤@¤Uµù¥Uªí¡A·j¯Á¡uIEHelper_¡Ñ.dll¡v¤º®e¡A¹ý©³²M°£¡C

¥Î¥H¤Wªº¤èªk¥i¥H§R°£³Ì¼F®`ªº¯f¬r/¤ì°¨¡A¨S¦³¤£¦¨¥\ªº¡I
IceSworld§R°£¤£¤Fªº¡Asyscheck¤]¥i¥H¨þ¡I
¦A¦¸ÁÂÁ¬õ¸­¤j½¼¡A¶}µo¥X¦p¦¹Àu¨qªº¤Ï¶Â³n¥ó¡I

(¤G)°ª¯Å¤èªk¡G °w¹ï rookit §Þ³Nªº¯f¬r¥Dµ{§ÇÄÀ©ñ¥X/­×´_ IEHelper_¡Ñ.dll ªº±¡ªp

A. Process Monitor ºÊµø¤å¥ó IEHelper_X.dll ªº¬¡°Ê¡AÀˬd¨äª`¤J¨ì­þ­Ó¶iµ{¡A©Î¥Ñ­þ­Ó¯f¬r¥Dµ{§ÇÄÀ©ñ¡C

¡i¹B¦æProcess Monitor 1.0¡j-> ¸õ¥X¡iProcess Monitor Filter¡j¿ï¶µ¡G

          ¡iAuhentication ID¡j¤U©Ô¿ï¤¤ path (¸ô®|)->
          ¡iis¡j¤U©Ô¿ï¤¤ contains (¥]§t)->
          ¡i¡jªÅ¥Õ³B¿é¤J IEHelper->
          ¡iInclude¡j¤£­n§ó§ï->
           ÂIÀ»¡iAdd¡j«ö¶s->
           ÂIÀ»¡iok¡j«ö¶s->

³]¸m¦n¤F¡A±µ¤U¨Ó¡A§A­n­@¤ßµ¥«Ý3¡Ð5¤ÀÄÁ....¡A¦]¬° Process Monitor ±N¹ï©Ò¦³ªº¨t²Î®ø®§ (¦Ü¤Ö40¸U±ø) ¶i¦æ¿z¿ï¡C¥]§t¡iIEHelper¡j¤º®eªº¤å¥óŪ¼g,µù¥Uªí¾Þ§@,½uµ{¶iµ{¬¡°Ê³£·|³Q®·Àò¡A§A¥i¥H¤@ÄýµL¾l¤F¡C

B. ª½±µ¥h IEhelper_*.dll ªº¦w¸Ë¥Ø¿ý¤U,°µ¤@¤U§R°£¾Þ§@

µù¡G·íµM§R¤£±¼ªº°Õ¡A¥u¤£¹L¬O¿E¬¡¤@¤U¤ì°¨¡A¬Ý¬Ý¨ì©³¬O­þ­ÓÁôÂ꺶iµ{¦b«OÅ@¥¦¡C
    ¥u­n¤ì°¨¯f¬r¦³¬¡°Ê¡AProcess Monitor ´N·|±N³o¨Ç¬¡°Ê°O¿ý¦b®×¡A«¢«¢¡I

C. ¦^¨ì Process Monitor ¬É­±¡A¬d¬Ý·s¼W¥[ªº¥]§t IEhelper ªº®ø®§¡C
§A¥u­n¬d§ä path Ä椤§t¦³§Aªº IEhelper_*.dll ªº«H®§¡A¬Ý¬Ý Process Name ¬O½Ö¡H

D. ¦pªGµo²{¬O explorer.exe, svhost.exe,lsass.exe,rundll32 ¤§Ãþªº¨t²Î¶iµ{¡A¨º»¡©ú IEhelper_*.dll ¬Oª`¤J¨ì¨t²Î¶iµ{¤¤¨Óµo´§§@¥Î¡C

¸Ñ¨M¤èªk¨£ (¤@) ²©ö¤èªk.....--->¡i¨ø¸ü¼Ò¶ô¨Ã§R°£¤å¥ó¡j§Y¥i

E. ¦pªGµo²{ Process Name ¬O«D¨t²Î¶iµ{ªº­¯¥Í exe¡A¨º´N¬O¯f¬r¥Dµ{§Ç°Õ¡C
°O¤U¦ì¸m¡A¥H¤Î exe ¤å¥ó¦W¡C

¡i¹B¦æ syscheck1.0061¡j->¨ì¡i¶iµ{ºÞ²z¡j¬Ý¬Ý->¯f¬r¥Dµ{§Ç¬O§_¦b¶iµ{¸Ì->
¦bªº¸ÜÂIÀ»¹«¼Ð¥kÁä->¡i§R°£¶iµ{¨ì¦^¦¬¯¸¡j

©Î

¡i¶Èµ²§ô«ü©w¶iµ{¡j->µM«áÂIÀ» syscheck¡i¤å¥óÂsÄý¡j

->Ãþ¦üwindows¸ê·½ºÞ²z¾¹¾Þ§@¡A¨ì¯f¬r¥Dµ{§Ç©Ò¦b¦ì¸m
(¤U³¡¦³¤@­Ó¡i¶ÈÅã¥Ü¦³ÁôÂÃÄݩʪº¤å¥ó¡j¡A¦³®É¬Ý«DÁôÂÃÄݩʤå¥ó­n¥h±¼«e­±ªº¹_)
->¿ï©w¯f¬r¥Dµ{§Ç->ÂIÀ»¹«¼Ð¥kÁä->¡i§R°£¤å¥ó¡j
(©Î¡i¶Ç°e¨ì¨ä¥¦¤å¥ó§¨¡j¡A§@¬°¯f¬r¼Ë¥»«O¦s)

F. ³q¹L¨BÆJ¡iE¡j¡A¯f¬r¥Dµ{§Ç¤]³Q§Ú­Ì·F±¼¤F¡C¦³®É¯f¬rªº«OÅ@µ{§Ç¤£¤î¤@­Ó¡A¦¹®É°Ñ·Ó¡iU ½L¯f¬rMVS.exe¡AMVH.exe¡AALMV.exe¡ARCS.exe ªº²M°£¡j¾Þ§@¡C

G. ¦¹®Éªº IEhelper_*.dll ¤w¸g¦¨¬°©t®a¹è¤H¡Aª½±µ§R±¼´N¬O¡C
H. ³Ì«á²M²z¤@¤Uµù¥Uªí¡A·j¯Á¡uIEHelper_*.dll¡v¤º®e¡A¹ý©³²M°£¡C

¦pªG¥H¤W¾Þ§@µL»~¡A¨Ã¸Ñ¨M¤F°ÝÃD¡A¦Ó¥B·F±o«Ü§Q¯Á...
®¥³ß¡I§A¤w¸g¨B¤J§R¬r°ª¤â¤§¦C¡C
¥H«á¤°»ò¤ì°¨¯f¬r¡A¨Ì¸¬Äªµe¼Ë²Î²Î³£·d©w!

[ Last edited by yoyo007 on 2007-10-9 at 08:52 AM ]
§@ªÌ: osk     ®É¶¡: 2007-10-9 08:47 AM
®¥³ß±z..²×©ó©ñ±¼¤ß¤¤ªº¤@¶ô¤j¥Û..¥i³ß¥i¶P  ^^

Windows ¶i¶¥ºÊ±±¤u¨ã..¬O§_¬O§@·~³nÅé¦Û±aµ{¦¡?
¤U¸üºN¯Á¬Ý¬Ý..
·PÁ ª©¥S µL¨p¤À¨É  ^^

¤U¸ü´ú¸Õ«á..º¡·N«×100%
¦]¦³"¬G¨Æ®Ñ(¹Ï¸Ñ)..¬Ý¹Ï»¡¬G¨Æ..¤@¸ô¶¶ºZ...Æg°Õ!
¦A¦¸·PÁ ±zªº¤À¨É..¥[±z100¤À..«¢..«¢  ^^

[ Last edited by osk on 2007-10-9 at 12:13 PM ]
§@ªÌ: xp20060726     ®É¶¡: 2007-10-9 11:41 AM    ¼ÐÃD: ·PÁ´£¨Ñ¤À¨É!

²{¦b¤@¨Ç´c©Ê³nÅé¤j³¡¥÷³£¨««áªù¨Ó¶Ã·d,
¥ý«e´¿¤U¸ü"³q°T°ðÅ¥¶E¾¹'©M"ºô¸ô³s½uºÊ±±"
¨â­Ó³nÅé,¥i¬O¦Û¤v¥\¤O¤£¹L,¤£¤Ó·|¨Ï¥Î,
¤µ¤U¸ü頋³nÅé,ª©¥Sªº»¡©ú¤Î¾Þ§@±Ð¾Ç"«Ü²M·¡,
¥i¥H¨Ó¦n¦n¬ã¨s¾Ç¾Ç½u¤WºÊ±±.

·PÁ±z´£¥\ªº§¹¾ã¾Þ§@µ{§Ç¤À¨É!!!
§@ªÌ: a2213572     ®É¶¡: 2007-10-9 11:47 AM
­ì¨Ó¤j¤j³o´X¤Ñ¬O¦b·d³o­Ó³nÅé.¥ú¬Ý³o¨Ç¦r¦ê´N·w¤F!
·PÁ¤j¤j¤À¨É.
§@ªÌ: ¤p³Ç¡FJay     ®É¶¡: 2007-10-9 02:35 PM


  Quote:
Originally posted by yoyo007 at 2007-10-9 08:38 AM:









[ Last edited by yoyo007 on 2007-10-9 at 08:52 AM ]

YoYo¥S
±z¯u¥Î¤ß  ÁÙ°µ¬ÛÃö±Ð¾Ç
±z¯u¬O¤@¦ìÀu¨qªºª©¥D©M½Ķ®a
§@ªÌ: dear168     ®É¶¡: 2007-10-9 04:43 PM
·PÁ°ò¥»±Ð¾Ç¡A¤£¹L³oªù¥\½Ò¦n¹³Ãø­×¡A§V¤O¾Ç¾Ç¬Ý¡C
·P¿E±zªº¤À¨É¡I
§@ªÌ: soro     ®É¶¡: 2007-10-9 05:01 PM
¤U¸ü¥ô¦ó¤@­Óµ{¦¡³Ì­«­nªº¬O¯à¦³®Äªº¹B¥Î,¨º¤~¦³·N¸q.

¦³¤F yoyo ª©¤jªº°ª¤ô·Ç¤¤Ä¶¥H¤ÎºëÅPªº¨Ï¥Î»¡©ú,·Q¤£¤U¸ü¨Ó¨Ï¥Î

³£«ÜÃøªº.

·PÁ¤j¤jªº¤À¨É!
§@ªÌ: tenhon     ®É¶¡: 2007-10-9 06:13 PM
¦nªF¦è§r¡IÁÙ¦³³o»ò¸ÔºÉªº¸Ñ»¡¡A¯u¬O¨¯­W¤F...
·P¿EYO¤jµL¨pªº¤À¨É....¤£¦^Âйê¦b»¡¤£¹L¥h¡I
§@ªÌ: ammo     ®É¶¡: 2007-10-9 07:46 PM
yoyo ¤j¹ê¦b¼F®`Ëç

¤¤¤å¤Æ¬O­Ó¦Y¤O¤£°Q¦nªº¤u§@
¤]¬O
¤@±ø§¢©VÃø¨«ªº¸ô
¾a¤@¤v¤§¤O±qµL¨ì¦³
¯uªº³£¬OÂIºw¦b¤ßÀY
¬°ªº¥u¬OÅý¤j®a¯à°÷¥Î¿Ë¤Áªº¨Ï¥Î³nÅé
«Ü¨ØªA³oùئ³¨º»ò¦h¼ö¤ßªº¤j¥JÄ@·N¥I¥X
§ó¨ØªA¯à°÷¤£Âèp
¤£¬¯Ä£ªººë¯«

´Nºâ¤£¤U¸ü¤]­n³»°Õ
¤£³»¤£¬O¤H¼K
¥[ªo³á
­n°í«ù¤U¥h
§@ªÌ: btsky     ®É¶¡: 2007-10-9 08:08 PM
³áMY GOD
¤j¤j §Ú¯uªA¤F§A
³o¤@½g¬O¶WºëµØ ¶WºëµØ ¶WºëµØ

§Ú´N¬O¦b§ä³oºØªF¦è ~ ¤j¤j §A³yºÖ¤F¦n¦h¤Hªü
¦³¤F³o¤@®M³nÅé
°£¤F¤j¤j©Ò»¡±þ¬r ¨¾Àb ¤¤¤å¤Æ..µ¥ ¤§¥~
§ó¯à»´©ö§ä¥X³nÅé°õ¦æ°ÝÃD
¥u­n·f°t¬ÛÃö³nÅé  EX:°tµêÀÀ³nÅé ~~~~¥\¯à¤Ó±j¤j¤F

¬Æ¦Ü©ó
¤@¨Ç¤u·~¥Î³nÅéÀ³¥Î¤W­Y¦³³nÅé/µwÅé°õ¦æµ{§Ç°ÝÃD
¥i¥H³z¹L¥L¨Ó¥[³t§ä¥X°ÝÃDÂI
ÁÙ¦³ ¥i¥HÀ°§U³nÅéÀu¤Æ
³Ì­«­nªº¤@ÂI........................................¥L  ·| Åý  §A
¤µ¤Ñ·|°µ¦n¹Ú

¨¥»yÃø¥H§Î®e
³o¬O­ÓÄ_ªü.·P®¦¤j¤j ¨¯­W ·P®¦©Ò¦³ªO¤j ¤Î¤À¨Éªº¤H
¦p¦PÁ¤Ѥ@·N ..¦]¬°­n­n·PÁªº¤H¤Ó¦h¤F ..©Ò¥H¤@»y±H»a¤Ñ

QQ³Ì«á¨º¤@¥y§Ú§ïªº~.~
·P®¦ªº¤ß ·PÁ¦³§A

[ Last edited by btsky on 2007-10-9 at 08:13 PM ]
§@ªÌ: benleung     ®É¶¡: 2007-10-9 09:21 PM
YOYO¤j³o¶K ¤¤¤å¤Æ©M±Ð¾Ç¦P¼Ëªººë±m,
¦p¨S¦³¤j¤jªº±Ð¾Ç¯uªº«ÜÃø©ú¥Õ¦p¦ó¹B¥Î(²{¤µ¤]¥u¬O©ú¤@³¡¥÷),
¤U¸ü¨Ó¦A²Ó¬Ý°Ñ³z¤@¤U,Á¹L¤j¤j
§@ªÌ: e722146     ®É¶¡: 2007-10-10 12:27 PM
¦n±j¤jªº¤@´ÚWindows ¶i¶¥ºÊ±±¤u¨ã³á¡I
¥[¤W¤j¤j¼ö¤ß§U¤Hªº¹Ï¸Ñ»¡©ú¡I
Åý¤H¤@¬Ý´Nª¾¹D­n¦p¦ó¾ÞÁa³á¡I
¦hÁµL¨p´£¨Ñ»P¤À¨É³á¡I
§@ªÌ: PLUS+     ®É¶¡: 2007-10-12 01:26 AM
¬Ý¤F¤¶²Ð..
¥\¯à¯u¬O¦h¦h
ª½±µ¥ÎCyberArticle¥´¥]¦^¥h¬Ý¤F

yoyo¤j¤À¨É¤¤¤å¤Æ¹Lµ{¯u¬O§Ú­Ì³Ì¦nªº¾Ç²ß¹ï¶H
¸Õ¥Î§¹¦A¨Ó»¡»¡·P·Q
·PÁ±z
§@ªÌ: «n¼Ö     ®É¶¡: 2007-10-12 01:57 PM
µ{«×¤£°÷¼Ð·Ç¡AÆ[¬Ý»¡©ú´N²´ªá¼º¶Ã¡A¥ý¤U¸ü¡A¦³ªÅ¦bºCºC¬ã¨s¡A¦³ª©¥D¦p¦¹¦³­@¤ßªº¦n¦Ñ®v¡A©w·|ºCºCÁA¸Ñ¡AµL³Ó·P¿E¡AÁÂÁ¡C
§@ªÌ: pjabc     ®É¶¡: 2007-10-15 11:38 AM
³o½g¹ê¦b¤Ó¹ê¥Î¡A§Ô¤£¦í­n¨Ó¦^À³¤@¤U ^^  :XD
§@ªÌ: ¹Ú¿ò¯«µ£     ®É¶¡: 2007-10-17 12:11 AM
§Ú»¡yoyoªü~
§A³o¨ÇÁ|°Ê...
Åý§Ú«Ü·Q¨è¤@¶ô°ÐÃBµ¹§A­C!
§@ªÌ: yoyo007     ®É¶¡: 2007-10-17 10:13 AM


  Quote:
Originally posted by ¹Ú¿ò¯«µ£ at 2007-10-17 00:11:
§Ú»¡yoyoªü~
§A³o¨ÇÁ|°Ê...
Åý§Ú«Ü·Q¨è¤@¶ô°ÐÃBµ¹§A­C!

²ö«D¬O¶Ç»¡¤¤ªº... ­µ®e [­b] ¦b !!
§@ªÌ: mm2     ®É¶¡: 2007-10-17 11:31 AM
Process Monitor v1.25 (¶i¶¥ºÊ±±¤u¨ã),
¦³§¹¾ã»¡©ú¾Þ§@¤èªk,·PÁ¤À¨É¬ÛÃö±Ð¾Ç.
¥ý¤U¸ü¨Ï¥Î¬Ý¬Ý,·PÁ¦A·PÁÂ.
§@ªÌ: lin5105     ®É¶¡: 2007-10-17 11:08 PM
«z!³o¤@´Ú°÷±M·~!!
§Ú¤@ª½³£¬O¥ÎDTaskManager¨Ó¬Ý¨t²Î¹B§@ª¬ºA,¦ý¤ñ°_Process Monitor¦³Ãþ¦ü¬ö¿ýlogªº¥\¯à´N»¹¦â³\¦h!!
»°§Ö¨Ó¾Ç¾Ç,§Æ±æ§Ú¤]¯à¦³©Ò¤ß±o!!
Thnaks~~
§@ªÌ: chen68     ®É¶¡: 2007-10-26 10:46 PM
³o»ò¦nªºªFªF¡F²{¦b¤~µo²{¡F«ç¥i¿ù¹L¡I¦¬ÂóƥΤF¡IÁÂÁÂyo¤j¤À¨É¤Î¹Ï¤å¸Ñ»¡¡I
§@ªÌ: ¹F¤H©_§L     ®É¶¡: 2007-10-30 03:44 PM
³o¼Ë¦nªº¤@´ÚºÊ±±¤u¨ã¤£¤U¸ü¹ê¦b¤Ó¶d­t¼Ó¥Dªº¦n·N

¼Ó¥D¨¯­W§A·P®¦¤º!!!!!
§@ªÌ: ªÎ¿ß     ®É¶¡: 2007-10-31 12:13 AM
¨¯­W¤j¤j¤F.....¦³¨ºï»¸ÔºÉªº±Ð¾Ç.....ÁÂÁ±zªº¤À¨É....
§@ªÌ: ¤C±m¯[¼þ«B     ®É¶¡: 2007-11-30 12:05 PM
ÁÂÁ¦n¦³¨¯­WªºÁc¤Æ¥H¤Î¸ÔºÉªº»¡©ú
¤U¸ü¬ã¨s¦¬ÂÃ~~
§@ªÌ: rambocnc     ®É¶¡: 2008-5-11 12:37 PM
¬Ý¤FProcess Monitor¥|­Ó±Ð¾Ç¤èªk¡Aª½Ä±³o­Óµ{¦¡«Ü¦n¥Î¡C
¤w¥h·L³nªººô¤U¸ü¤FProcess Monitor1.32ª©¡A¦^¨Ó¸Õ¸Õ¡C
§@ªÌ: wellsss     ®É¶¡: 2008-6-19 08:54 AM
³oªF¦è­è¦n¤pªº»Ý­n ÁÂÁ½Ķ¨¯­W¤F¡I
§@ªÌ: wellsss     ®É¶¡: 2008-6-20 10:21 PM
³o¬O±½´yªºµ²ªG¡G

http://www.virustotal.com/zh-tw/ ... 2a6a79856f10158d2da

Ikarus        T3.1.1.26.0        2008.06.20        Virus.Win32.Neptunia.IH
Sunbelt        3.0.1153.1        2008.06.15        VIPRE.Suspicious
Webwasher-Gateway        6.6.2        2008.06.20        Worm.Win32.Malware.gen (suspicious)

­Y³o¬O±z­Ó¤H¼ö¤ß¤¤¤å¤Æªº³nÅé¡A¨º¥i¥H¦w¤ß¨Ï¥Î§a¡H
¦³¨Ç¤£¤j©ñ¤ß¡C

------------------------------------------------------------------------
¥H¤U¬O¸ü¦Û©x¤è 1.33 ªO±½´yµ²ªG¡G

http://www.virustotal.com/zh-tw/ ... 2686923934f7a4e4060

ÀÉ®× Procmon.rar ±µ¦¬©ó 2008.06.20 15:05:09 (CET)
·í«eª¬ºA:
µ²ªG: 0/33 (0%)

ÁöµM­Ó¤H¤]¤ñ¹ï¹L CPU-Z ¤¤¤å¤Æ«e¸ò¤¤¤å¤Æ«áªºµ²ªG¡A
¤j­P¤W¬O¦]¬°­×§ï¤º®e¹L¬G³Q§PÂ_¥X¨Ó¡C
¦ý°ò¥»¤Wºâ«D´c·N³nÅé¡C

¤]§Æ±æ¤j¤j«e½ú¡A¯à¦V¤pªº»¡©ú¤@¤U­ì¦]¦ó¦b¡H
§@ªÌ: yoyo007     ®É¶¡: 2008-6-20 11:09 PM


  Quote:
Originally posted by wellsss at 2008-6-20 22:21:
³o¬O±½´yªºµ²ªG¡G

http://www.virustotal.com/zh-tw/ ... 2a6a79856f10158d2da

Ikarus        T3.1.1.26.0        2008.06.20        Virus.Win32.Neptunia.IH
Sunbelt        3.0.1153.1        2008.06.15        VIPR ...

¨¾¬r³nÅé¹ï´ßªº»~§P¡F±½ºËµ²ªG¥u¬O°_°Ñ¦Ò§@¥Î¡C¨C®a¨¾¬r³nÅé¨Ï¥Îªº§Þ³N¤£¦P¡A±Ó·P«×¤£¦P¡A±½ºË¥X¨Óªºµ²ªG¤]´N¤£¤@¼Ë¡C±z®³©x¤èªº¥hÀ£¤@¤U´ß¦A¤W¶Ç±½ºË´N¯à²z¸Ñ¤F¡A­YÁÙ¬O¤£©ñ¤ß¡A§âÀɮקR°£§Y¥i¡I
§@ªÌ: wellsss     ®É¶¡: 2008-6-21 09:14 AM


  Quote:
Originally posted by yoyo007 at 2008-6-20 11:09 PM:


¨¾¬r³nÅé¹ï´ßªº»~§P¡F±½ºËµ²ªG¥u¬O°_°Ñ¦Ò§@¥Î¡C¨C®a¨¾¬r³nÅé¨Ï¥Îªº§Þ³N¤£¦P¡A±Ó·P«×¤£¦P¡A±½ºË¥X¨Óªºµ²ªG¤]´N¤£¤@¼Ë¡C±z®³©x¤èªº¥hÀ£¤@¤U´ß¦A¤W¶Ç±½ºË´N¯à²z¸Ñ¤F¡A­YÁÙ¬O¤£©ñ¤ß¡A§âÀɮקR°£§Y¥i¡I ...

­ì¨Ó¬O³o¼Ëªü¡I
±z³o¼Ëªº»¡©ú´N°÷¤F¡A¨º¤pªº¥i¥H©ñ¤ß¨Ï¥Î¡A¦¹´Ú³nÅéÃø±o¦³¤¤¤å¤Æ¡C
¸Ñ¶}¤F¤ß¤¤ªººÃ°Ý¡C

¤U­±³o¬O­Ó¤Hµo¦b¤Ú«¢¤p«Îªº¤å³¹¡A³o¬O³Ìªñ process monitor ªº¤ñ¹ï¤ß±o¡C

http://home.gamer.com.tw/blogDetail.php?owner=wellss&sn=5080

¤pªº·|§â§A­Ó¤Hªº¸Ñµª¸É¤W¥H¥¿µøÅ¥¨Ã¯d¬°¸Éµù»¡©ú¡C
¦p¹ï­Ó¤HÂà¶K±zªº³o½g¤å³¹¦³¥ô¦ó·N¨£©Î«IÅv°ÝÃDÅwªï»¡©ú¡A§Ú·|§Y®É­×§ï¡A
thks very much
§@ªÌ: otobaby     ®É¶¡: 2008-6-21 09:21 AM
§Æ±æ­þ¤Ñ¤]¥i¹³yoyo007¤@¼Ë¥\¤O²`«p.ÁÂÁ§Aªº¤À¨É!
§@ªÌ: wellsss     ®É¶¡: 2008-6-23 03:43 PM
¦^³ø¡G¦¹³nÅé©ó WINXP SP3 ¨t²Î¤U¦ü¥GµLªk¥¿±`¹B§@
´ú¸Õ 1.33ª©¥i¥H¨Ï¥Î
¥ý«e SP2 ¤U¥i¥H¹B§@¡A¦ý§ó·s¨ì SP3 ¤Ï¦Ó¤£¦æ¡C

-------------------------------------------------------------------------------
­è­è§ä¨ì¤j³°ºô¤Í»s°µªº Process Monitor v1.32²Å骩
¨Ãªþ¤W¤U¸üÂI¸ò VIRUSTOTAL ±½´yµ²ªG¡G

Process Monitor v1.32²Å骩¸üÂI¡G
http://www.cncrk.com/downsoft/6166.html

--------------------------------------------------------------------------------
Process Monitor v1.32²Å骩 VIRUSTOTAL ±½´yµ²ªG¡G
http://www.virustotal.com/zh-tw/ ... d2f432ced16f7ef87ea

ÀÉ®× Procmon1.32.exe ±µ¦¬©ó 2008.06.23 09:37:49 (CET)
·í«eª¬ºA:
µ²ªG: 0/33 (0%)

µ²ªG¡G¥þ³¡±¾¹s¡C

--------------------------------------------------------------------------------
¦³¥i¯à¬O¤¤¤å»s§@ªº¬ÛÃö²Õ¥ó¦³°ÝÃD©Ò­P¡C
¸Û¤ß«Øij~~(­Ó¤H¤£·íµo¤å³¡¥÷¤w§R°£)

[ Last edited by wellsss on 2008-6-25 at 02:30 PM ]
§@ªÌ: yoyo007     ®É¶¡: 2008-6-24 12:31 AM


  Quote:
Originally posted by wellsss at 2008-6-21 09:14:

­ì¨Ó¬O³o¼Ëªü¡I
±z³o¼Ëªº»¡©ú´N°÷¤F¡A¨º¤pªº¥i¥H©ñ¤ß¨Ï¥Î¡A¦¹´Ú³nÅéÃø±o¦³¤¤¤å¤Æ¡C
¸Ñ¶}¤F¤ß¤¤ªººÃ°Ý¡C

¤U­±³o¬O­Ó¤Hµo¦b¤Ú«¢¤p«Îªº¤å³¹¡A³o¬O³Ìªñ process monitor ªº¤ñ¹ï¤ß±o¡C

http://home.gamer.com.tw/blogDetail.php?owner=wellss&sn=5080

¤pªº·|§â§A­Ó¤Hªº¸Ñµª¸É¤W¥H¥¿µøÅ¥¨Ã¯d¬°¸Éµù»¡©ú¡C
¦p¹ï­Ó¤HÂà¶K±zªº³o½g¤å³¹¦³¥ô¦ó·N¨£©Î«IÅv°ÝÃDÅwªï»¡©ú¡A§Ú·|§Y®É­×§ï¡A
thks very much



  Quote:
Originally posted by wellsss at 2008-6-23 15:43:

©Ò¥H°ÝÃD¥X¦b­þ¸Ì¡A¤pªº¤£¦h»¡¡C
¤]¦³¥i¯à¬O¤¤¤å»s§@ªº¬ÛÃö²Õ¥ó¦³°ÝÃD©Ò­P¡C
¸Û¤ß«Øij~~

1. ÁÂÁ§iª¾¡AÅwªïÂà©«¡F

2. «Øij±z¤F¸Ñ¤@¤U´ß»P¨¾¬r³nÅ骺Ãö«Y¡Ghttp://blog.seekinfo.com.tw/70.html¡F

3. ¬Ý§¹¥H¤W¤å³¹¡A¥i¥H²z¸Ñ¤¤¤å¤Æª©¡Bº~¤Æª©¡B©x¤èª©¤§¶¡¡A¬°¦ó±½ºËµ²ªG¦³®t²§¤F¶Ü¡H

4. 1.25 ¨ì 1.33 ¤¤¶¡¸g¹L´X­Óª©¥»ªº§ó·s¡H±zÀ³¸Ó®³©x¤è 1.25 ¨Ó´ú¸Õ XP SP3 Àô¹Ò¤U¯à¤£¯à°õ¦æ¡A¦Ó¤£¬O®³ 1.33 ¨Ó¤ñ¸û 1.25¡C

5. ¦A»¡¤@¦¸¡GVirusTotal ªº±½´yµ²ªG¥u¬O°_°Ñ¦Ò§@¥Î¡A°ò¥»§Ú¥[´ß¥u¦Ò¼{´X­Ó¤@¯ë±`¥Îªº¨¾³nªº±½´yµ²ªG¡A³q±`±a´ß­n¹L 33 ­Ó¨¾³n°»´ú¡A­n¤£¬O¦ÑµPÀ£ÁY´ß¡B­n¤£´N¬O·s¶}µoªº´ß¡B­n¤£´N¬O¥[±Kªº³s¨¾³n¤]µLªk¿ëÃѪº´ß¡A©Î»¡¡A¥[±K/«OÅ@¯S¼x²Å¦X¨¾³nªº¯S¼x½X¡A©Î±Æ°£¦b¨¾³nªº¯S¼x½X¤§¥~... µ¥µ¥¡C

6. ¥Îªº¤£¦w¤ß¡A§âÀɮקR°£§Y¥i¡A©Î«D¥Î¤£¥i¤S¦³ºÃ¼{¡A«Øij Sandbox ©³¤U´ú¸Õ¡F¥t¥~¡A33 ­Ó³£¯à¹L¡A¤£ªí¥ÜÀÉ®×´N¤@©w¦w¥þ¡A¥t¤@ºØ±¡ªp¬O¡G·í®É¯à¹Lªº´ß¡A«á¨Ó¦b³Q¯f¬r¤ì°¨ÀݥΪº±¡ªp¤U¡Aµ²ªG´N¬OºG¾D¨¾³n¥þ­±«Ê±þ¡A³o¬O«ÜµL©`ªº¨Æ¡C

7. ª`­«³nÅé¦w¥þ¬O­Ó¦n²ßºD¡A¦ý§Æ±æ±z¯à¾Ç·|¿ëÃѤ@¤U¥i¯àªº­ì¦]¡A¥H¤Î¨ú±Ë°Ñ¦Ò¨Ì¾Ú¡A§_«h¥u¬O¦ÛÂZÂZ¤H½}¤F¡C

¥H¤W¡A¤]¸Û¤ß«Øij¡C1.33 §ÚÁÙ¨S¦³¤¤¤å¤Æªº¥´ºâ¡C
§@ªÌ: yoyo007     ®É¶¡: 2008-6-24 12:33 AM
¸É¥R¤@¤U¡G

§Ú¦ü¥G¨S¦³©ñ¤ì°¨¯f¬rªº¥²­n¡C
§@ªÌ: wellsss     ®É¶¡: 2008-6-24 08:00 AM


  Quote:
Originally posted by yoyo007 at 2008-6-24 12:33 AM:
¸É¥R¤@¤U¡G

§Ú¦ü¥G¨S¦³©ñ¤ì°¨¯f¬rªº¥²­n¡C

­Ó¤H¤£¬O·t«ü±z¦³©ñ¤ì°¨¯f¬r¡C
¦Ó¥u¬O·Q´£¿ô¤j¤j±zªº¤¤¤å¤Æ¤Î²æ´ß¡B°»´ß®M¥ó¥i¯à¦³¤¤¬rªº°ÝÃD¸òºÃ°Ý¡C
§Ú­Ó¤H¹q¸£¥Î¨Ó°µwinrarªºSFX¦Û¸ÑÀÉ´N´¿¸g¤¤¤F¯f¬r¤@¦¸¡A¤§«áÁÙ¬O§ì¤F¨S°ÝÃDªº
ª©¥»´À´«¥ý«eªºSFX¦Û¸Ñ¼Ò²Õ¡A©Ò¥H­Y¨ä²Õ¥ó¤¤¬r¡A°µ¥Xªº¦Û¸ÑÀɤ]¥i¯à¤]¦P¼Ë
¦³°ÝÃD¡A³o¬O­Ó¤H·Q»¡ªº¦a¤è¡A¦Ó³o¤£¤@©w¬O§@ªÌ°ÝÃD¥»¨­¡A¤]«Ü¦³¥i¯à¬O¨ä¥¦
ªº¦]¯À³y¦¨¡C
¤pªº¥ç»{¬°¤]¤£¥Î·Q¨º»ò¦h¡C
­Ó¤H¶È¥u¬O´£¥XºÃ°Ý¡A¨Ã´£¨Ñ¤@­Ó§ä¨ìªºÂ²ÅéªOµ¹±z°Ñ¦Ò¡A³o¼Ë¹ï±z©¹«á¤¤¤å¤Æ
¦¹³nÅé¬ÛÃö®M¥ó¤]·|§ó¤è«K¡A¤]§ó¦³°Ñ¦Ò¹ï©¤¤¤¤å§@«~ªº¨Ì¾Ú¡C
¨ä¦¸¬O¡A²Å餤¤åª½±µÂà´«¥¿Å餤¤å¡A¬Ù²¤Â½­^¤å¦r¦êªº¹Lµ{¡C

¤pªº¦Ûª¾¤£¤~¡A¥u¬O´N¨Æ½×¨Æ¡C
¤]«D±`·PÁÂYOYO¤j¤jªº¦^µª¡A¤pªº·|±N¬ÛÃö°Q½×©ñ¤p«Îµo¤å¡C
·íµM¡A§@«~­Ó¤H¨Ì´L­«³Ð§@­ì«h¡A¤@©w³s¦P¨Ó·½¥æ«Ý²M·¡¬O½Öªº¤å³¹¡C
·íµM¡A¦¹¦¸ªºµo²{­Ó¤H¤]µo©ó­Ó¤H¤p«ÎBLOG¡Aµy«á·|¤@¨Ö¸É¤W±zªº¸Ñµª¡C
¦Ó­Ó¤H¤]·|ÂÔ·V¤p¤ßªº¾Ç²ß¡C

PS:1.25 ­^¤åª©«ÜÃø§ä¡A­ì¤åºô¯¸¤]¬Oª½±µ³s¨ì©xºô¡A©Ò¥H³£¥u¸üªº¨ì1.33­^¤åª©
©Ò¥H«Ü©êºp³o³¡¥÷¤pªºµLªkµ¹±z¥æ«Ý¡A¥u¯à§ä¨ì1.33­^¤åª©¸ò1.32²Å骩¡C
§Ú·Q¹L¤£¤[²Åé1.33ª©¤]·|¥X¨Ó¤F¡C
(¨ä¹êµo¤W­±¨º½g¤å«e´N§ä¹L¡A§ä¤£¨ìµLªk¤ñ¹ï)

THKS ¤¤¤å¤Æ¨¯­W¤F

[ Last edited by wellsss on 2008-6-24 at 08:06 AM ]
§@ªÌ: yoyo007     ®É¶¡: 2008-6-24 07:22 PM


  Quote:
Originally posted by wellsss at 2008-6-24 08:00:

­Ó¤H¤£¬O·t«ü±z¦³©ñ¤ì°¨¯f¬r¡C
¦Ó¥u¬O·Q´£¿ô¤j¤j±zªº¤¤¤å¤Æ¤Î²æ´ß¡B°»´ß®M¥ó¥i¯à¦³¤¤¬rªº°ÝÃD¸òºÃ°Ý¡C
§Ú­Ó¤H¹q¸£¥Î¨Ó°µwinrarªºSFX¦Û¸ÑÀÉ´N´¿¸g¤¤¤F¯f¬r¤@¦¸¡A¤§«áÁÙ¬O§ì¤F¨S°ÝÃDªº
ª©¥»´À´«¥ý«eªºSFX¦Û¸Ñ¼Ò²Õ¡A©Ò¥H­Y¨ä²Õ¥ó¤¤¬r¡A°µ¥Xªº¦Û¸ÑÀɤ]¥i¯à¤]¦P¼Ë
¦³°ÝÃD¡A³o¬O­Ó¤H·Q»¡ªº¦a¤è¡A¦Ó³o¤£¤@©w¬O§@ªÌ°ÝÃD¥»¨­¡A¤]«Ü¦³¥i¯à¬O¨ä¥¦
ªº¦]¯À³y¦¨¡C
¤pªº¥ç»{¬°¤]¤£¥Î·Q¨º»ò¦h¡C
­Ó¤H¶È¥u¬O´£¥XºÃ°Ý¡A¨Ã´£¨Ñ¤@­Ó§ä¨ìªºÂ²ÅéªOµ¹±z°Ñ¦Ò¡A³o¼Ë¹ï±z©¹«á¤¤¤å¤Æ
¦¹³nÅé¬ÛÃö®M¥ó¤]·|§ó¤è«K¡A¤]§ó¦³°Ñ¦Ò¹ï©¤¤¤¤å§@«~ªº¨Ì¾Ú¡C
¨ä¦¸¬O¡A²Å餤¤åª½±µÂà´«¥¿Å餤¤å¡A¬Ù²¤Â½­^¤å¦r¦êªº¹Lµ{¡C

¤pªº¦Ûª¾¤£¤~¡A¥u¬O´N¨Æ½×¨Æ¡C
¤]«D±`·PÁÂYOYO¤j¤jªº¦^µª¡A¤pªº·|±N¬ÛÃö°Q½×©ñ¤p«Îµo¤å¡C
·íµM¡A§@«~­Ó¤H¨Ì´L­«³Ð§@­ì«h¡A¤@©w³s¦P¨Ó·½¥æ«Ý²M·¡¬O½Öªº¤å³¹¡C
·íµM¡A¦¹¦¸ªºµo²{­Ó¤H¤]µo©ó­Ó¤H¤p«ÎBLOG¡Aµy«á·|¤@¨Ö¸É¤W±zªº¸Ñµª¡C
¦Ó­Ó¤H¤]·|ÂÔ·V¤p¤ßªº¾Ç²ß¡C

PS:1.25 ­^¤åª©«ÜÃø§ä¡A­ì¤åºô¯¸¤]¬Oª½±µ³s¨ì©xºô¡A©Ò¥H³£¥u¸üªº¨ì1.33­^¤åª©
©Ò¥H«Ü©êºp³o³¡¥÷¤pªºµLªkµ¹±z¥æ«Ý¡A¥u¯à§ä¨ì1.33­^¤åª©¸ò1.32²Å骩¡C
§Ú·Q¹L¤£¤[²Åé1.33ª©¤]·|¥X¨Ó¤F¡C
(¨ä¹êµo¤W­±¨º½g¤å«e´N§ä¹L¡A§ä¤£¨ìµLªk¤ñ¹ï)

THKS ¤¤¤å¤Æ¨¯­W¤F

#28 ªº©«¤l¤w¸g©ú½T»¡©ú¬O [¨¾¬r³nÅé¹ï´ßªº»~§P] ¤F¡A±z¤]¦b #29 µªÂФF¤@¥y [­ì¨Ó¬O³o¼Ëªü]¡A©Ò¥H§Ú·íµM¥H¬°±z¤w¸g²z¸Ñ°Õ¡Aµ²ªG¨S·Q¨ì #31 «o¦A¬Ý¨ì±z´£¥X¦P¼Ëªº°ÝÃD¡H

¨ä¹ê¡A¦³°ÝÃD¤£¬O¤£¯à´£¡A¦pªG±z¤ß¤¤ÁÙ¦³¤°»òºÃ´b¡A½Ð¾¨ºÞ´£¥X¨Ó¤j®a°Q½×¡F§Ú¹ï±z #31 ¤ñ¸û¤£µÎªAªº¬O±z³o¤@¥y¸Ü¡G

  Quote:
Originally posted by wellsss at 2008-6-23 15:43:

©Ò¥H°ÝÃD¥X¦b­þ¸Ì¡A¤pªº¤£¦h»¡¡C

³o¼Ë¦n¹³§Ú°µ¤F¤°»ò¨£¤£±o¥úªº¨Æ¡H¨­¥¿¤£©È¼v±×¡A±z¥B¦h»¡µL§«¡A©Î¬O±z­n´£¥æµ¹¨¾³n¥h°µ¤ÀªRÀË´ú¡A¤]¨SÃö«Y§r¡A§Ú¨Ã¤£¾á¤ß·|¦³¥ô¦ó¤£§Qªºµ²ªG¡A¦óªp #32 §Ú¤]µ¹¥X¤@½g [´ß(Packer)»P¨¾¬r³nÅé] ªº¤å³¹À°§U±z²z¸Ñ¤F¡A­Õ­Y±zÁÙ¬O¤£©ú¥Õ¨s³º¬O«ç»ò¤@¦^¨Æ¡A¨º»ò¡A½Ð±z«ö·Ó§Ú¥H¤Uªº¨BÆJ°µ¡G

-------------------------------------------------------------------->

1. ¨ì MPRESS ©x¤è¤U¸ü MPRESS 1.21¡Ghttp://www.matcode.com/mpress.htm

2. ¤U¸ü Discover ¥S¼gªº MPRESS Shell¡Ghttp://www.centurys.net/viewthread.php?tid=258081

3. ¤U¸ü Process Monitor v1.33¡Ghttp://technet.microsoft.com/zh- ... b896645(en-us).aspx

4. ¥H¤WÀɮפU¸ü«á¡A¥þ¸ÑÀ£ÁY¨ì¦P¤@­Ó¥Ø¿ý¤U¡F±½ºË¯f¬r¡C

5. MPRESS ©M Process Monitor ³£¬O±q©x¤è¤U¸üªº¡A¥i¥H©ñ¤ß§a¡H

6. °õ¦æ [MPRESS Shell.exe]¡A¦A§â [Procmon.exe] ©ì©ñ¨ì [MPRESS Shell.exe] µøµ¡¤º¡A«ö [¶}©l°õ¦æ] §Y¥i¡C

7. ¦pªG¹ï Discover ¥S¼gªº MPRESS Shell ¤£©ñ¤ß¡A±z¥i¥H§ï¥Î«ü¥O¤è¦¡¾Þ§@ MPRESS¡G

CODE:  [Copy to clipboard]
mpress -b Procmon.exe


½Æ»s¥H¤W¥N½X¦s¦¨ [*.bat]¡A¸ò [Procmon.exe]¡B[mpress.exe] ©ñ¨ì¦P¤@­Ó¥Ø¿ý¤U¡A¦AÂù«ö [*.bat] §å¦¸ÀÉÀ£ÁY [Procmon.exe]¡AÀ£ÁY§¹¥Ø¿ý¤U·|¦³¤@­Ó [Procmon.exe.bak] ³Æ¥÷ÀÉ¡A³o¬O­ì©l¥¼¥[´ßªºÀɮסA±z§â¥[´ß«á©M¥¼¥[´ßªºÀɮפÀ§O¶Ç°e¨ì VirusTotal ±½ºË¡A¬Ý¬Ý·|¦³¤°»òµ²ªG¡A¦A¦^¹LÀY¨Ó«ä¦Ò«e­±´X©«´£¥Xªº°ÝÃD¡C

<--------------------------------------------------------------------

¥t¥~¡A¦b #28 µªÂбzªº°ÝÃD¤§«e¡A§Ú¥i¥H½T»{§Úªº¤¤¤å¤Æ¤u¨ã (¥]§t´ß¬ÛÃö¤u¨ãµ¥) ¨S³Q·P¬V¯f¬r¡A¦Ó±z´£¨ìªº SFX ¤£¥i§_»{¬O­Ó«Ü¦nªº­ÉÃ誺¨Ò¤l¡C¨ä¦¸¡A§Úª¾¹D 1.32 ¦³Â²Å骩¡A¦ý§Ú¯Âºé¥u·Q°µ­^¤åª©ªº¤¤¤å¤Æ¡A¦]¬°Â½Ä¶­·®æ¤£¤@¼Ë¡B¥Î¦r»ºµü¤£¤@¼Ë¡B¶ñ¸É¤è¦¡¤£¤@¼Ë¡B¦r¦ê¿z¿ï½»P¤£Â½¤]¤£¤@¼Ë...

Åwªï±zÄò°Q½×¡A¦ý¥ô¦ó¨Æ±¡³£½Ð±Ô­z²M·¡¡A¥H§K¤j®aÆ[ÂI¤£¦P¡B¸ÑŪ¤£¦P³y¦¨»~¸Ñ¡F¨ä¥¦«Øij #32 ³£»¡¤F¡A´N¤£Âب¥¤F¡C

µù¡G1.25 §Ú¤]¥u«O¯d¤F¤¤¤å¤Æªº³Æ¥÷¡AºpÃø´£¨Ñ´ú¸Õ¡A½Ð½Ì¸Ñ¡C
§@ªÌ: ic2266     ®É¶¡: 2008-6-25 03:54 PM    ¼ÐÃD: ¦^Âе¹ wellsss¤j

­è­è¥h±zªº Blog¬Ý¤F¤@¤U,
ı±o±z¦b¤å³¹¸Ìªºªí¹Fªº¦³¥¢¤½¥­,¨Ã¹ï yoyo¥Sªº¸ÑÄÀ¦³ÃhºÃ,
¥B¼v®g yoyo¥S¦³¥i¯à¦b³nÅ餺°Ê¤â¸},¹ê¬°¤£§´·íªº¥Îµü~

­Ó¤Hı±o±zªº¨¥µü¤ÏÂеL±`:

  Quote:
­º¥ý¡A´N¥ý»¡©ú³o Process Monitor v1.25 ¬OÔ£¦ÌªF¦è§a¡I
³o­Ó¤u¨ã¹ï©óµ{¦¡®v°£¿ù¸òÀb«È¥i¬O¬Û·í¼ôªºªF¦è¡A¬Æ¦Ü¥i»¡¤£¥i©Î¯Ê¡C
§Ú¶¢¨ÓµL¨Æ´N¥h·L³n©x¤è§ì¤F³Ì·sªº 1.33 ªO¸ò¥h§Ú³ß¦n½×¾Â­ì§@ªÌ¨¯­W
¦Û½ªº 1.25 ¥á VIRUSTOTAL ¤ñ¹ïµ²ªG¡A·íµM­Ó¤H§PÂ_¤¤¤å¤Æªºµ{¦¡¨SÔ£
¦Ì°ÝÃD¡A¦ý«o³Q¬Y¨Ç¨¾¬r³nÅé»~§P¬°Ä¯ÂΡB¤ì°¨¡B¯f¬r¤]¬O«Ü±`¨£ªº¡C

³Ì¨å«¬ªº¤j·§´Nºâ³\¦hª±®a³£·|¥Îªº CPU-Z CPU«¬¸¹¤º®e°»´ú¤u¨ã¡A
³o­ÓªF¦è§ì©x¤èªºª©¥»¸ò¤¤¤å¤Æ¹Lªºª©¥»¡A¸g¹L VIRUSTOTAL ¤ñ¹ï33®M
½u¤W±½´yªºµ²ªGµw¬O¤£¦P¡I
©x¤èªºª©¥»¬O­^¤åª©¡A±½¹L«áªÖ©w©Ò¦³¨¾¬r±¾¹s¡C
¦ý¤¤¤å¤Æ¹Lªº³nÅé·Q ALL PASS ±¾¹s²ª½Ãø¦pµn¤Ñ¡C

¦b¥H¤W±zı±o:
·íµM­Ó¤H§PÂ_¤¤¤å¤Æªºµ{¦¡¨SÔ£
¦Ì°ÝÃD¡A¦ý«o³Q¬Y¨Ç¨¾¬r³nÅé»~§P¬°Ä¯ÂΡB¤ì°¨¡B¯f¬r¤]¬O«Ü±`¨£ªº¡C

¦b¦¹±z¤S¦Û¦æ§PÂ_¬°¯f¬r»P¤ì°¨:

  Quote:
Ikarus T3.1.1.26.0 2008.06.20 Virus.Win32.Neptunia.IH
Sunbelt 3.0.1153.1 2008.06.15 VIPRE.Suspicious
Webwasher-Gateway 6.6.2 2008.06.20 Worm.Win32.Malware.gen (suspicious)

¦n§a¡C
³o­Óµ{¦¡ÁöµM¬O³Q±½¥X§PÂ_¦³¤@¨Ç°ÝÃD¡A¦Ó¥B§PÂ_¥X°ÝÃDªº¨º´X®M¤]¬O¤£¿ùªº¨¾³n¡C
Ikarus ¦ü¥G¬O·í¦¨ office ¯f¬r¡H
Sunbelt §PÂ_»¡©ú¥æ«Ý¤£²M...Á`¤§´N»¡¥¦¬O¡G´c·Nµ{¦¡¡C
Webwasher-Gateway ³o®a§ìªº¦³ÂI¥û¡A¸g¸Ó®a§PÂ_¬°ºô¸ô¶¡¿ÒįÂΡC

Suspicious ¡÷ ¤@µüÀ³¸Ó¬O«ü ¥iºÃ¡BÃhºÃµ¥·N«ä§a~(¤]´N¬O»¡¥u¬O¥iºÃ¡BÃhºÃÀɮצ³°ÝÃD,¨Ã¤£½T©w³á)
¦Ó±z«o±N¥¦§P©w¬°¬O office ¯f¬r¡B´c·Nµ{¦¡¡Bºô¸ô¶¡¿ÒįÂΡC

¦b¥H¤U±z¤S¶}©lÃhºÃ¤F:

  Quote:
¤@¨Ç¤º®e¸Ó½g«K¤w»¡©ú¹L¡A©Ò¥H¥»½g²³æ¦aªí¹F¨Æ¹ê¡A¦Ó¥B¤W¦¸±N¹q¸£§ó·s WINXP SP2
¡÷WINXP SP3¡A¾É­P1.25¤¤¤åª©µLªk¬Û®e¨Ï¥Î¡A¬G¯S¦a¤S¥h§ä¤F¤j³°ºô¤Í»s§@ªº 1.32 ²
Å餤¤åª©¡A³o¤~µo²{¤F¤@¨Ç¨Æ¡G
(¨ä¹ê­Ó¤H»{¬°»s§@ªÌªº¤¤¤å¤Æ¼Ò²Õ®M¥ó¦³°ÝÃD¤]·|¦³¦¹·N¥~¡A¤£¤@©w¬O¨è·Nªº´c·N´Ó¤J)



  Quote:
¼K.... ³o°ÝÃD¥X¦b¦ó³B¡A§Ú·Q°ÝÃD°£¤F°Ý¥»¤H¥~¡A¥t¥~¤@­Ó­ì¦]
¬O»s§@ªÌªº¤¤¤å¤Æ¤Î²æ´ß®M¥ó¦³°ÝÃD©Ò­P¡C
¤@¯ëªº¥¿±`±¡ªp´N¬O¦p¦¹¡A·íµM¡A³o¨Ç¶È¨Ñ°Ñ¦Ò¡C

Process Monitor ³o®M±j¤j¥\¯àªº³nÅé¬O·L³nµo¥Xªº¡A§¹¥þ§K¶O¨Ï¥Î¡I
©Ò¥H²Å餤¤åª©¡A³o¤@­Ó¬O¥i¥H«H¿à¨Ï¥Î¡C
¤£±o¤£¨ØªA¤j³°ºô¤Í¡A¤¤¤å¤Æ¬O¤@ªù¾Ç°Ý¤£¦n¯AÂyªº»â°ì¡A¤×¨ä¬O·|¨Ï¥Î
³o¤u¨ãªºª±®a¤£¦h¡A¥u¬O¥¿Å餤¤å¼Æ¶q°¾¤Ö¡A³o¤]¬O³Ì¤jªº¤£¦P¤§³B¡C

¡°µù¡G°»´ß¡B²æ´ß³oÃþ³nÅé¹ï¨¾¬r³nÅé±Ó·P«×«Ü°ª¡A«Ü¦h³£·|³Q§P©w¬°´c·N³nÅé¡C
¡@¡@¡@§ó§O»¡µ{¦¡¤uµ{®v±`¥Îªº¤Ï²ÕĶÀˬdµ{¦¡½X¤Î°ïÅ|(Stack)±M¥Î¤u¨ã
¡@¡@¡@¡yOllyDBG¡z¡B¡yKAM¡zµ¥µ¥±Ó·P³nÅé....

¦p¦¹ªº±½´yµ²ªG¡A¤~¬O­Ó¤H¯u¥¿·Q­nªº¡C
¤]¬O»¡¡A·í§ì¤U¤@­Ó¤¤¤å¤Æ§K¶O¤À¨ÉÀɮ׫á¡A½ÐºÉ¶q¸ò©x¤è´£¨Ñªº³nÅé¥æ
¤e¤ñ¹ï¡A³o¤~¬O¦w¥þªº¦Û«O¤§¹D¡A²{¦bµsª©¾î¦æ¡B§K¶O³nÅ麡¤Ñ­¸¡B¯}¸Ñ
¾÷­Á¬B§Y¬O¡A¨­¦bºô¸ôÂOªLªº§Ú­Ì¡A°Z¯à¤£·V¡C

±z¦A¦Aªº¹ï ©Ò¦³¬°ÁcÅ餤¤å¤ÆÀqÀq¥I¥Xªº¤H­Ì,¤£«H¥ô¡B¤£¬Û«H¡B¨Ã¥B·N¦³©Ò«üªº¼v®g ¤¤¤å¤Æ§@ªÌ¦³¥i¯à·|¦b³nÅé°Ê¤â¸},¹êÅý­Ó¤HµLªk±µ¨ü³o²ö¶·¦³ªº¼v®g,¨C¦ì¤¤¤å¤Æªº§@ªÌ¨ÃµLÁ~¸ê¥iì,¥X¦Û¤@¤ù¼ö¸Û,µL«D·QÅý°ê¤H¦³­Ó¸û¿Ë¤Áªº¾Þ§@¤¶­±,¦b¨Ï¥Î¤W§ó±o¤ßÀ³¤â,¨S·Q¨ì«o±o¸¨±o¦¹¤U³õ,¬°©Ò¦³¤¤¤å¤Æ§@ªÌ·P¨ì´d«s~

¦b¥H¤U§Ú´NÅý±z»{¬°¬O¥i¥H«H¿à¨Ï¥Î,¤£±o¤£¨ØªA¤j³°ºô¤Í»s§@ªº 1.32 ²Å餤¤åª©,¤@¼ËÅý±z¥¢±æ:(Àɮפ@¼Ë°e¨ì±z»{¬°³Ì°ª«ü¼Ðªº virustotal ¨ü´ú):

¥H¤U¬° yoyo¥Sªº Procmon(­Ó¤H²æ´ß§¹­«·s¥[ Aspack´ß):
http://www.virustotal.com/zh-tw/ ... ba0ad95dea63eab0375

¥H¤U¬° ¤j³°ºô¤Í»s§@ªº 1.32 ²Å餤¤åª©:
Procmon.rar ¥[ASProtect´ß:
http://www.virustotal.com/zh-tw/ ... 29ad892bf83cb237f3a

Procmon.exe(¨S¥Î rarÀ£ÁY,¦]¬°À£»P¤£À£³£¤@¼Ë) ¥[ASProtect´ß:
http://www.virustotal.com/zh-tw/ ... dab9ae1be9e9d608eb9

Procmon.exe(¨S¥Î rarÀ£ÁY,¦]¬°À£»P¤£À£³£¤@¼Ë) ¥[RLPack´ß:
http://www.virustotal.com/zh-tw/ ... a73ffd33daa650fcd6e

­YÃhºÃ­Ó¤H³y°²,Åwªï±zÀH®É¦V§Ú­nÀÉ®×~

¸Ó»¡ªº¤w»¡,¸Ó°µ¸ÕÅç¤]¤w°µ¤F,±z¦Û¦æ¥h§PÂ_,­Y±zı±o¦b±zªº Blog¸Ìªº¤å³¹¨S¦³¥ô¦ó¤£§´,¨º´N¤£¶·­×¥¿~

©Î³\±N¨ÓÁcÅ餤¤åªº³nÅéÅܤ֤F,ÁcÅ餤¤å¤Æ§@ªÌÅܤ֤F,¨º»ò¤j®a¶}©l¥Î­^¤åª©ªº³nÅé,©ÎªÌ¤j®a¶}©l¾Ç²ß¬Ý²Åé¦r,¥Î²Å骩ªº³nÅé§a~

³o¥H¤W¥u¬O­Ó¤Hªº¬Ýªk»P·Qªk,¨Ã¤£¥Nªí ºô»Ú»Pºô¤Í­Ì¤]»{¦P,
­Y¦³¥¢¨¥³B ½Ð wellsss¤j®ü¨ç,¨Ã¯¬ºÖ±z¨Ï¥Î²Å骩¥i¸û¦w¤ß.´r§Ö~
§@ªÌ: Discover     ®É¶¡: 2008-6-25 06:03 PM
¸É¥R¤@¤U¡G©x¤è³nÅé¨Ã«Dªí¥Ü´N¬O¸U¯à¡A¯à³q¹L©Ò¦³¦ÒÅç¡A°¸º¸¨¾¬r¬ÛÃö³nÅé»~§P¤]¬O·|µo¥Í¡C

´N¹³§Ú¦Û¤v¼gªºMPRESS Shell¡A¦b½sĶ§¹¡A¥¼¥[´ßªº±¡§Î¤U¨ü´ú¡F¤]¬O´ú¥X¨â¶µ¡A¤@­Ó³ø¡u¥iºÃ¡v¡A¥t¤@­Ó«h¬OÅã¥Ü¡uMalware¡v¡C¦pªG¥H¤W¦¨¥ß¡A¬Û«H¤£·|¥u¦³¨â­Ó¤ÏÀ³¡Aªp¥Bĵ§iªºÁÙ¤£¬O¨¾¬r¤j¼tªº³nÅé¡C
¤Ï¤§¡A¦P¤@­ÓÀɮסA¸ÕµÛ¥Î¡uUPX¡v¥[´ß¡Aµ²ªG¥u³Ñ¤U¤@­Ó¡u¥iºÃ¡vªº¦^³ø¡F
¥Î¡uPECompact¡v¥[´ß¡Aµ²ªG¨Ì¬O¨â­Ó¡A¦ý¤ÏÀ³ªº³nÅé«o´«¤F¡F
³Ì«á¡A¥Î¡uMPRESS¡v¥[´ß¡A«h¥X²{¤F¤­­Ó¤ÏÀ³¡A¤@¼Ë¤£¬O¨¾¬r¤j¼tªº¦³¨Æ¡C

¥H¤W¥u¬OÅý§Aª¾¹D¡A³nÅ饻¨­¦³¨S¦³·tÂæM¾÷¨Ã¤£¤@©w²M·¡¡A¦ý©Òªþ¥[ªºPacker¡A«h¬O·|¹ê»Ú¼vÅT¨ü´ú«áªºµ²ªG¡Cªp¥B²{¦b´ú¤£¥X¨Ó¡A¤£¥Nªí´N¬O¨S¦³¡A¦³¥i¯à¬O³nÅ饻¨­¥¼¥[¤J§PÂ_¡A©Î¬O¥[´ß³nÅé¤Ó·s¡A¤ñ¹ï¨Ò¤l¤£¨¬¡C»¡¤£©w¹L¤@°}¤l¦b´ú¡Aµ²ªG¥i¯à·|¥X¥G§Aªº¹w®Æ¡C
ªp¥B¦³¨Ç³nÅé¥u¬O§â´ß¦C¤Jĵ§i§@¬°°Ñ¦Ò¡A¦ý¥¼©ú½T«ü¥X³nÅé¹ê»Ú©w¦ì¬O¯f¬r¡B¤ì°¨©Î¬O¨ä¥LÃþ«¬¡A¤Ï¥¿¥Î¨ì¦¹´ßªº¤@«ß³q±þ¡C¦Ó·|¥X²{³oºØ±¡§Îªº¡A©¹©¹³£¬O¦]¬°¦­¥ý³Q¥Î¨Ó¯f¬r¥[´ß¹L¦h©Ò¾É­Pªº«á¿ò¯g¡A¦]¦¹¡A¤£¥Nªí¥[¦¹ºØ´ßªº´N¬O¤£¦nªºªF¦è¡C

³Ì«á¡A¥@¬É¤W¨S¦³100 %·Ç½Tªº§PÂ_¤è¦¡¡A¦pªG¦³¤H§i¶D§A¥Lªº³nÅ馳¦¹¥\®Ä¡A¨º¥u¯à»¡§A³QÄF¤F¡A¦]¬°³s¥@¬Éª¾¦Wªº¨¾¬r¤j¼t¦h¦~¨Óªº¸gÅç³£¤£´±±¾«OÃÒ¡C¯à°µªº´N¬O¦h°µ¦¬¶°¡B¤ñ¹ï¡A§ä¥X¡u±µªñ¡v§¹¬üªº§PÂ_¡A¦Ó¤£¬O¤@¦¸´N©w¥Í¦º¡C
§@ªÌ: Discover     ®É¶¡: 2008-6-25 06:17 PM
¥t¥~¡AMPRESS Shell¦bµo¥¬·í®É¡A§Ú«e­±´£¹L¡A¥¼¥[´ß¬O2­Ó¡A¦ý¥[´ß«á§Ú´ú¹L¬O6­Ó¡A¦ý¹j¤£¨ì¤@¤Ñ¡A¦P¤@ÀɮצA´úªºµ²ªGÅܦ¨¬O7­Ó¡A¬°¤°»ò·|³o¼Ë¡A¬Û«H§A·|À´§a¡E¡E¡E

[ Last edited by Discover on 2008-6-25 at 06:18 PM ]
§@ªÌ: wellsss     ®É¶¡: 2008-6-27 02:31 AM


  Quote:
Originally posted by ic2266 at 2008-6-25 03:54 PM:
­è­è¥h±zªº Blog¬Ý¤F¤@¤U,
ı±o±z¦b¤å³¹¸Ìªºªí¹Fªº¦³¥¢¤½¥­,¨Ã¹ï yoyo¥Sªº¸ÑÄÀ¦³ÃhºÃ,
¥B¼v®g yoyo¥S¦³¥i¯à¦b³nÅ餺°Ê¤â¸},¹ê¬°¤£§´·íªº¥Îµü~

­Ó¤Hı±o±zªº¨¥µü¤Ï ...

­º¥ý¡A­Ó¤H¥²¶·¹ï¦Û¤v¤£°÷ÂÔ·Vªº¨¥µü¸ò«e­±¦^ÂЪº¤j¤j¹Dºp¡C
¤pªº¥H«e¤]°µ¹L³nÅ餤¤å¤Æ¾å±o¤¤¤å¤Æ³nÅé¡A¹ê¬O¥ó²Ö¤Hªº¨Æ¡C
Ãö©ó­Ó¤H¤p«ÎBLOG¤@¨Ç¤£·íªº¨¥µü¡A§Ú·|§R°£¡C
¤§©Ò¥H¤Þµo¤@¨Çµ{«×©ÊªºÃhºÃ¡A¤]³\©Î¦h©Î¤Ö¬O¨ü¨ìÆ[¬d¹ï©¤
»s§@§K±þ¤ì°¨±½´yµ²ªG²£¥Íªº²qºÃ¡C
¤£¹L¤ì°¨´N¬Y¦ì¨ã³o¤è­±¸gÅ窺ª±®a§iª¾¡A¥u­n¼ô±xHIPS¤÷¤l
¶iµ{§Y¥i¡AVIRUSTOTAL¥u¬O°µ°Ñ¦Ò¡C
·íµM¡A­Ó¤H¤]»{¦PYOYO¤j©Ò»¡ªº¡A33®M¥þ¹L¤£¥Nªí¤@©w¦w¥þ
¡A¦¹¤è­±­Ó¤Hµ´¤£¤Ï¹ï¡C

TO  ic2266
«D±`·PÁ±zªº«ü¥¿¡C
¨ä¹êÃö©ó¦¹¤è­±­Ó¤H¤´¦³³\¦h¥²¶·¾Ç²ßªº¦a¤è¡C
¦Ó±zªº´ú¸Õ¤pªº¬O¬Û«H¨äµ²ªG¡C
¤]Åý¤pªº¶}¤F²´¬É¡C
¤£¸g¤@ÃÑ¡A«h¤£ªø¤@´¼¡C

¤£¹L­Ó¤H­n»¡©ú¤@¤U¡A¤£¥ÎYOYO¤jªº1.25ªO¤£¬O¦]¬°¹ï¥Lªº³nÅé
¤£©ñ¤ß¡A¬O¦]¬°1.25ªO¦bWINXP SP3¤UµLªk°õ¦æ¦Ó¤w¡C
©Ò¥H¤~¥Î 1.32²ÅéªO¡A·íµM¡A­Ó¤HÀô¹Ò¤U°õ¦æ¤×¨ä¬O¨Ó¦Û¬ã¨s§K±þ
¤w¦³«Üªø¤@¬q®É¤éªº¤j³°¡A¨ä­·ÀI¦ÛµM§ó°ª¡A­Y¦]¦¹¨Ï¥Î²ÅéªO¦Ó¾É
­P­Ó¤H·l¥¢¡A·íµM³o¨Ç§¹¥þ¥Ñ­Ó¤H¦Û¤v­t¾á¡C
´N­Ó¤H©Òª¾¡A¥Ø«e§K±þ¤ì°¨¤§¶i«×º¯³z²v¥i¹F90%¥H¤W¡A·íµM¡A³o¤]
¥]¬A33®M¥þ¹Lªº¥i¯à©Ê¡A¤Î¯}Ãa¡B¶¹L¨¾³nªºHIPS¦b¤º¡C

¤pªº¨¥µü¤W©Ò»¡¡AÁö¾å±o¤¤¤å¤Æ«e«á¤§®t²§¡A¦ý­Ó¤HÁÙ¬O¸[«ù¤p¤ßªººA
«×¦b»¡©ú¡A·íµM¡A±z¥i¥H³æ¯Â¥Î¤ß±o¤å¨Ó¬Ý«Ý­Ó¤H¤§¤å³¹¡C
¥¿Å餤¤åªº¼Æ¶q½T¹ê«Ü¤Ö¡A­Yµo®i¦Ü¨S¤HÄ@·N®¼¨­¦Ó¥X¤¤¤å¤Æªº
µ²ªG...¨º¤pªº¹L¿ù¥i¯u¤j¤F¡A±o¤£Àv¥¢¡AÁÙ¤£¦p¤£­n´ú¸Õ¡C
­Ó¤H¦^³ø¦¹½g¨Ã§iª¾­Ó¤H¤p«Îºô§}¡A¥XµoÂI¤]¬O´L­«¥»½×¾Âªº«e½ú¡C
¸g ic2266»¡©ú±oª¾¤pªº¤p«Îªº»¡©ú¨ä¨¥µü½T¦³¤£·í¤§³B¡A·|ºÉ³t­×¥¿¡C
¤£·íµo¨¥¤§³B¤]·|§R°£¡A©¡®É±z¤]¥i¥H¨ì¤pªº¤p«ÎBLOGÀˬd¤@¤U¡A
«Ü©êºp³y¦¨³o¨Ç¤p¤p¯ÉºÝ¡C
­Ó¤H¨Ã¤£¬O¦b»¡YOYO¤jªºÃa¸Ü¡A¯uªº¨S¦³³o¼Ë»¡¡C
¦b¤U­Y¦³»~¸ÑYOYO«e½ú¤§³B¡A¤]½Ð®ü²[¡C

TO   Discover¡B  yoyo007

·PÁ±z­Ìªº¦^µª¡A§Ú·|©âªÅ¥h´ú¸Õªº¡A¨Ã±Nµ²ªG¦^³ø¤W¨Ó¡A
´ßªº³¡¥÷½T¹ê¼vÅT«Ü¤j¡A·íµM¤£¦Pªº´ß³£·|²£¥Í¤£¦Pªºµ²ªG
¡A¤pªº¦A¦¸»¡©ú¡A­Ó¤H¸òyoyo007¨S¥Ê¨S¸¯¡A¨S¥²­n»s³y¥Lªº
³Â·Ð¡C
¥u¬O±N¨äºÃ°Ý¤§³B´£³ø¨Ã»¡©ú¡A¨ä¹êyoyo007©Ò°µªº°»´ß®M¥ó
¤pªº¤]¦³¤U¸ü¨Ï¥Î¡AASMASK¤]«ôyoyoªº¤¤¤å¤Æ¦Ó±o¥H¦³¿Ë¤Á
¤¶­±¤§¨Ï¥Î¡A¨Ã´¿±N¦¹Àu½è¤¤¤å¤Æ³nÅ餶²Ð¦n¤Í¨Ï¥Î¡C

¨S·Q¨ì¹L´X¤Ñ¦Ó¤w¡A¦^ÂЪº¤j¤j³o»ò¦h...
¦A¦¸·P¨ì¦³¨Ç´q®£¡A¤]ÁÂÁ±z­Ì»{¯uªº¦^Âиò»¡©ú¡C
­Ó¤H¤]²M·¡¡A­Y¬O¤@¦W´c·N³]­pªÌ¡A¬O¤£·|¥h¸ò¤@­Ó¤H»¡¨º»ò¦hªº¡C
¤j¥i¥H¤£­n²zªö...

¤£¸g¤@ÃÑ ¤£ªø¤@´¼ ·PÁ¦U¦ì«e½úªº¦^µª
THKS

WELLSS
§@ªÌ: wellsss     ®É¶¡: 2008-7-3 08:05 PM
³o½g¸É¤W¦^ÂСA­Ó¤H¬O±q·L³n©xºô§ì­ì©lªº1.33ªO¥[´ß«á±½´y±o¨ìªºµ²ªG¡A
­ì©lÀɬO¨S¥[´ßªº¡A¥i¬O¥[¹L´ß«á·|¥X¤@¨Ç°ÝÃD¡A¸Ô²Ó­ì¦]¤£©ú¡A
³o¬O­Ó¤H·§²¤´ú¸Õ­ì©l­^¤å 1.33ªOªº³ø§i¡A¬Ý¬Ý°Ñ¦Ò´N¦n¡G
¤]·PÁ¦U¦ìªº½ç±Ð¡I

¥[ ASPACK V2.12´ß
http://www.virustotal.com/zh-tw/ ... b312efd06411e055e46

ÀÉ®× Procmon.exe ±µ¦¬©ó 2008.07.03 13:18:32 (CET)
·í«eª¬ºA:
µ²ªG: 1/33 (3.04%)

Webwasher-Gateway        6.6.2        2008.07.03        Win32.Malware.gen#ASPack!84 (suspicious)


¥[ ASProtect 1.4´ß¡A±Ò¥Î¸ê·½«OÅ@¡B³Ì¨ÎÀ£ÁY¡BÀˬdÁ`­È¡B¤J¤f¯S¼xµ¥«OÅ@¡F
­Y¬Ò¤£±Ò¥Î¡A«h´î¤Ö¬° 6®a¡A¨ä¾lµ²ªG¤£ÅÜ¡C

http://www.virustotal.com/zh-tw/ ... b2d2100c9a8d776385d

ÀÉ®× Procmon0.exe ±µ¦¬©ó 2008.07.03 13:39:51 (CET)
·í«eª¬ºA:
µ²ªG: 7/33 (21.22%)

Avast        4.8.1195.0        2008.07.03        Win32:Bifrose-CLS
CAT-QuickHeal        9.50        2008.07.02        (Suspicious) - DNAScan
GData        2.0.7306.1023        2008.07.03        Win32:Bifrose-CLS
Ikarus        T3.1.1.26.0        2008.07.03        Virus.Win32.Bifrose.CLS
Sunbelt        3.1.1509.1        2008.07.03        VIPRE.Suspicious
VBA32        3.12.6.8        2008.07.02        Trojan-Spy.Win32.Banker.llk
Webwasher-Gateway        6.6.2        2008.07.03        Win32.Malware.gen (suspicious)

¸É¥R¡G
http://www.virscan.org/      
³o¤@®a¤]¬Oºî¦X½u¤W±½´yºô¯¸¡A¥æ¤¬°Ñ¦Ò¡C

[ Last edited by wellsss on 2008-7-3 at 08:11 PM ]
§@ªÌ: yoyo007     ®É¶¡: 2008-7-6 05:33 AM


  Quote:
Originally posted by wellsss at 2008-7-3 20:05:
³o½g¸É¤W¦^ÂСA­Ó¤H¬O±q·L³n©xºô§ì­ì©lªº1.33ªO¥[´ß«á±½´y±o¨ìªºµ²ªG¡A
­ì©lÀɬO¨S¥[´ßªº¡A¥i¬O¥[¹L´ß«á·|¥X¤@¨Ç°ÝÃD¡A¸Ô²Ó­ì¦]¤£©ú¡A
³o¬O­Ó¤H·§²¤´ú¸Õ­ì©l­^¤å 1.33ªOªº³ø§i¡A¬Ý¬Ý°Ñ¦Ò´N¦n¡G
¤]·PÁ¦U¦ìªº½ç ...

ASPr ¤£¦Ü©ó³s Avast ³£Äµ³ø¡A©³¤U¬O 1.4 ¥[ªº 1.35 ­^¤åª©¡A±z¸Õ¸Õ¡G

http://www.xun6.com/file/C886AD7C1/

¸ÑÀ£½X¡G
CODE:  [Copy to clipboard]
Just A tEST By Aspr 1.4 - CENTURYS
§R°£³sµ²¦pµu°T¡F¥t¡A1.35 ¤¤¤å¤Æ¤w°µ¦n¡G

http://www.centurys.net/viewthread.php?tid=259733

¸Õ¸Õ XP SP3 ¬O§_¯à¥Î¡CÁÂÁ±z´£¨Ñ¥t¤@­Ó½u¤WÀË´úºô¯¸¡C



Åwªï¥úÁ{ ºô»Ú½×¾Â (http://www.centurys.net/) Powered by Discuz! 2.5