PCDVD數位科技討論區 - 瀏覽單個文章 - [轉貼] 救救我！台北市生命線協會首頁被植入惡意程式！

執行之後，有下面的行為：

[DLL injection]
C:\WINDOWS\Help\D2C79066.dll (注入某些執行程序如檔案總管等)

[Added file]
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\gmsex[1].exe
C:\WINDOWS\Help\D2C79066.dll
C:\WINDOWS\Help\D2C79066.exe

[Added BHO]
{81E8E92D-D25F-4636-92CC-6EF61595E2C6}-C:\WINDOWS\help\D2C79066.dll

請注意只有下面的防毒軟體可以偵測到這些惡意檔案：

D2C79066.exe:
[ Kaspersky ], “PAK:PE_Patch.PECompact, PAK:PecBundle, PAK:PECompact”
[ HBEDV ], “HEUR/Malware”
gmsex[1].exe:
[ Kaspersky ], “PAK:PE_Patch.PECompact, PAK:PecBundle, PAK:PECompact”
[ HBEDV ], “HEUR/Malware”
D2C79066.dll:
[ Kaspersky ], “PAK:PE_Patch.PECompact, PAK:PecBundle, PAK:PECompact”
[ Nod32 ], “probably a variant of Win32/PSW.Lineage.DN trojan”
[ HBEDV ], “HEUR/Malware”

請各位小心。

詳細資訊，請參考大砲開講部落格