[求救] 中木馬後不斷遭攻擊
1. 敘述問題:
一開始是Lab收到計中通知說實驗室某IP中木馬,於是開始大掃毒,
掃完之後還是不停收到病毒或木馬,小紅傘一直逼不停,
不曉得是小紅傘或是木馬把C槽空間一點一滴吃光,
必須每隔一段時間就刪暫存檔...可以刪到1.5G多
後來一度懷疑是遭受封包攻擊,但是下載了ARP Protector後,
這軟體不停跳出"有問題需關閉"...
直接用命令字元執行arp -a,也很神奇的視窗半秒鐘就自己關掉
連ipconfig也是,看不到是否是遭受同網域的攻擊...
附上小紅傘掃到的內容
http://hotfile.com/dl/37884103/61648b6/Virus.jpg.html
有很多是.exe或是.script檔
2. 系統資料:
OS: WINDOWS XP
防毒: 小紅傘10.0
3. 分析報告:
Combofix報告:很神奇的完全無法下載,都會出現以下網頁
Security Warning!
Access to this website is prohibited: subs.geekstogo.com/ComboFix.exe
Infection Type: Malware and Spyware
Malware: Malware
Description: High risk malicious programs are hosted on these sites that have
the potential to cause damage to your PC, secretly install a backdoor into your
computer or silently steal sensitive information.
Hijackthis :http://sun.cis.scu.edu.tw/~92a39/upload/39129.txt
SRENG :http://sun.cis.scu.edu.tw/~92a39/upload/39131.txt
麻煩各位了! 謝謝
--
※ 發信站: 批踢踢實業坊(ptt.cc)
◆ From: 140.116.71.105
→
04/14 21:30, , 1F
04/14 21:30, 1F
推
04/14 21:45, , 2F
04/14 21:45, 2F
→
04/14 21:47, , 3F
04/14 21:47, 3F
→
04/15 09:14, , 4F
04/15 09:14, 4F
推
04/15 09:26, , 5F
04/15 09:26, 5F
推
04/15 09:28, , 6F
04/15 09:28, 6F
→
04/15 16:42, , 7F
04/15 16:42, 7F
→
04/15 16:42, , 8F
04/15 16:42, 8F
推
04/15 23:07, , 9F
04/15 23:07, 9F
推
04/15 23:10, , 10F
04/15 23:10, 10F
AntiVirus 近期熱門文章
PTT數位生活區 即時熱門文章
