小棗棧 » virus http://www.joe-ho.com What I called myself is small potato. 一個士麼普爹圖既生活點滴 Wed, 08 Feb 2012 01:47:56 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 [轉載] Report: Conficker in attack mode http://www.joe-ho.com/%e8%bd%89%e8%bc%89-report-conficker-in-attack-mode/ http://www.joe-ho.com/%e8%bd%89%e8%bc%89-report-conficker-in-attack-mode/#comments Sun, 03 May 2009 03:08:17 +0000 Joe Ho http://www.joe-ho.com/?p=917 The Conficker threat has a new twist, with the worm now reportedly installing a second mass-mailing virus that many know as Waledac.

According to a report by Xinhua News Agency, Conficker-infected machines are now being turned into servers for e-mail spam. Quoting Vincent Weafer, vice president of Symantec Security Response, Xinhua reported Conficker now installs a [...]]]> The Conficker threat has a new twist, with the worm now reportedly installing a second mass-mailing virus that many know as Waledac.

According to a report by Xinhua News Agency, Conficker-infected machines are now being turned into servers for e-mail spam. Quoting Vincent Weafer, vice president of Symantec Security Response, Xinhua reported Conficker now installs a second virus–Waledac–that sends out e-mail spam without the computer owner’s knowledge.

Read also: Conficker’s estimated economic cost? $9.1 billion

“Expect this to be long-term, slowly changing,” Weafer was quoted as saying of the Conficker impact. “It’s not going to be fast [or] aggressive.”

According to security vendor Trend Micro, the worm also installs malware that masquerades as antivirus software.

Earlier this month, Trend Micro’s advanced threats researcher Paul Ferguson, said Conficker and Waledac originated from the same authors. Waledac has been referred to by some experts as a new version of Storm, a mass-mailing worm that surfaced in early 2007.

This article was originally posted on ZDNet Asia.

]]> http://www.joe-ho.com/%e8%bd%89%e8%bc%89-report-conficker-in-attack-mode/feed/ 1 USP10.DLL病毒手工刪除方法 http://www.joe-ho.com/usp10dll%e7%97%85%e6%af%92%e6%89%8b%e5%b7%a5%e5%88%aa%e9%99%a4%e6%96%b9%e6%b3%95/ http://www.joe-ho.com/usp10dll%e7%97%85%e6%af%92%e6%89%8b%e5%b7%a5%e5%88%aa%e9%99%a4%e6%96%b9%e6%b3%95/#comments Sat, 28 Feb 2009 03:32:18 +0000 Joe Ho http://www.joe-ho.com/?p=847 首先,必須要進入安全模式下管理員權限登錄系統。

打開搜索(按F3鍵),再從“工具”->“文件夾選項”->“查看”->把“隱藏受保護的操作系統文件(推薦)”關閉以及選擇“顯示所有文件和文件夾”。

之後在搜索欄填入“usp10.dll”全盤符搜索。記住,C:\Windows\system32下的usp10.dll和C:\windows\system32\dllcache下的usp10.dll不是病毒,其余文件夾的全都是。

搜索完畢之後可以全部刪除了。但是,在這裡要說明的是,一個在C:\windows下的usp10.dll不能以原名刪除,可以選擇改變其名稱,後綴隨便是什麼。改完之後重新搜索你剛才改的名字,搜到後刪除即可。

回到windows界面下,試著再搜索,如果又找到,再繼續回到安全模式下刪除。如果找不到了,那就是刪掉了。當然也不排除還潛在機器裡,畢竟usp10.dll被破壞了,等待專殺工具吧。

]]> 首先,必須要進入安全模式下管理員權限登錄系統。

打開搜索(按F3鍵),再從“工具”->“文件夾選項”->“查看”->把“隱藏受保護的操作系統文件(推薦)”關閉以及選擇“顯示所有文件和文件夾”。

之後在搜索欄填入“usp10.dll”全盤符搜索。記住,C:\Windows\system32下的usp10.dll和C:\windows\system32\dllcache下的usp10.dll不是病毒,其余文件夾的全都是。

搜索完畢之後可以全部刪除了。但是,在這裡要說明的是,一個在C:\windows下的usp10.dll不能以原名刪除,可以選擇改變其名稱,後綴隨便是什麼。改完之後重新搜索你剛才改的名字,搜到後刪除即可。

回到windows界面下,試著再搜索,如果又找到,再繼續回到安全模式下刪除。如果找不到了,那就是刪掉了。當然也不排除還潛在機器裡,畢竟usp10.dll被破壞了,等待專殺工具吧。

]]> http://www.joe-ho.com/usp10dll%e7%97%85%e6%af%92%e6%89%8b%e5%b7%a5%e5%88%aa%e9%99%a4%e6%96%b9%e6%b3%95/feed/ 0 小心 WORM_STRATION http://www.joe-ho.com/%e5%b0%8f%e5%bf%83-worm_stration/ http://www.joe-ho.com/%e5%b0%8f%e5%bf%83-worm_stration/#comments Tue, 26 Sep 2006 06:19:00 +0000 Joe Ho http://www.joe-ho.com/index.php?/archives/237-guid.html 趨勢科技9/26日發佈重要新病毒通知( WORM_STRATION.WO ), 請更新病毒碼3.791.00(含)以上以便偵測此病毒

病毒碼下載網址:

http://www.trendmicro.com/download/viruspattern.asp

病毒描述: 趨勢科技發現 WORM_STRATION 系列病毒在台灣又出現新型態變種,當感染此病毒,會在Windows資料夾下面產生 t2serv.dll、t2serv.exe ,此為 WORM_STRATION.WO 病毒的複本

WORM_STRATION.WO 利用電子郵件散播,可能的主旨與附加檔案如下:

主旨:

Error Good day Mail Delivery System Mail server report Mail Transaction Failed picture Server Report Status

附加檔案:

*body.zip *data.msg.scr *docs.elm.exe *document.msg.exe *document.txt.pif *text.elm.exe *Update-KB1375-x86.exe *Update-KB1625-x86.exe *Update-KB250-x86.exe *Update-KB281-x86.exe *Update-KB4937-x86.zip *Update-KB531-x86.exe *Update-KB5687-x86.exe *Update-KB8093-x86.exe *Update-KB8656-x86.exe *Update-KB9046-x86.exe *Update-KB9062-x86.exe *Update-KB9125-x86.exe *Update-KB9859-x86.exe

當感染此病毒後,此病毒會嚐試連結下列網址,建議企業用戶可在防火牆阻擋內部與這些網址的所有連線。

[...]]]> 趨勢科技9/26日發佈重要新病毒通知( WORM_STRATION.WO ),
請更新病毒碼3.791.00(含)以上以便偵測此病毒

病毒碼下載網址:

http://www.trendmicro.com/download/viruspattern.asp

病毒描述:
趨勢科技發現 WORM_STRATION 系列病毒在台灣又出現新型態變種,當感染此病毒,會在Windows資料夾下面產生 t2serv.dll、t2serv.exe ,此為 WORM_STRATION.WO 病毒的複本

WORM_STRATION.WO 利用電子郵件散播,可能的主旨與附加檔案如下:

主旨:

Error
 Good day
Mail Delivery System
 Mail server report
Mail Transaction Failed
 picture
Server Report
 Status

附加檔案:

*body.zip
*data.msg.scr
*docs.elm.exe
*document.msg.exe
*document.txt.pif
*text.elm.exe
*Update-KB1375-x86.exe
*Update-KB1625-x86.exe
*Update-KB250-x86.exe
*Update-KB281-x86.exe
*Update-KB4937-x86.zip
*Update-KB531-x86.exe
*Update-KB5687-x86.exe
*Update-KB8093-x86.exe
*Update-KB8656-x86.exe
*Update-KB9046-x86.exe
*Update-KB9062-x86.exe
*Update-KB9125-x86.exe
*Update-KB9859-x86.exe

當感染此病毒後,此病毒會嚐試連結下列網址,建議企業用戶可在防火牆阻擋內部與這些網址的所有連線。

http:// www3.vertionkdaseliplim.com
http:// www2.vertionkdaseliplim.com
http:// www4.vertionkdaseliplim.com
http:// www6.vertionkdaseliplim.com

如果你已使用趨勢科技IWSS/IWSA HTTP閘道器防毒可啟用Intellitrap智慧型掃毒機制或封鎖執行檔 ,可在第一時間阻擋新型變種透過HTTP方式入侵

趨勢科技全球監控中心正24小時待命並監控上述病毒的變化,如有最新變化我們會主動傳遞最新訊息

詳細病毒資訊請參考:

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_STRATION.WO

]]> http://www.joe-ho.com/%e5%b0%8f%e5%bf%83-worm_stration/feed/ 0