最新消息:本站【魔域私服发布网】每日更新魔域相关资讯文章,每日发布精选魔域私服,各种版本,应有尽有。来吧!兄弟!一起体验经典吧!

魔域私服被360提示有木馬 Wegame登陆时提示电脑感染木马的解决过程

魔域怀旧服 admin 12浏览 0评论

近期发现网吧客户机随机出现登陆wegame时会提示有木马的问题,今天说的只是其中一个原因,因为发现非以下环境也有人反馈,只是还没有远程看过的,因为要先找到有这样问题的机器,然后找到病毒,然后部署PM工具抓怎么来的。

发现问题

先说下现象吧,开机登陆wegame就随机会出现如下图的情况,然后这个机器重启下就又正常了。

分析问题

昨天,也就是6月4日,QQ用户“俺们划船不用桨”给我找到了现象的机器,本来我是想给wegame的人远程看的,可是没有回我消息,毕竟找到这样的环境也是不容易的,平常都是重启掉的了。我远程后输入完账号,到输入密码的地方就会提示木马了,鼠标放到输入地方就会提示。

这个时候我也没什么思路,就问了我们公司牛人,也就是打狗英雄,我们都叫他老蒋。他让我下个腾讯的PC管家看看,结果真的查出来有木马,。

魔域私服被360提示有木馬

注入RegAsm进程

CurrentUser\Microsoft\\Windows NT\\CurrentVersion\\Winlogon

CurrentUser\Microsoft\\Windows\\CurrentVersion\\RunOnce

魔域私服被360提示有木馬

腾讯安全御见威胁感知系统聚类出T-F-278915恶意家族,经分析该家族样本会窃取多种虚拟货币、窃取多国(包含中文、日文、希腊语)银行账户登录凭证,删除用户的浏览器信息,并利用用户电脑进行IQ虚拟货币挖矿等行为。

IOCS

“credit card,tor browser,Adanced Cash,socks5,order complete,nixmoney,investing,free credit score,payment gateway,order summary,confirm id,confirm your id,payment confirm,confirm payment,deepweb,order status,remote desktop,mutual funds,paysafecard,credit rating,credit report,online trading,delivery status,qiwi,cryptocurrency exchange,moneypolo,online investing,registrar,e-pin,payroll service,checkout,add money,proof of id,ebay,banking services,paytm,payment,credit union,pay,banque,e-cheque,transaction,personal banking,domain services,id scan,webmoney,proof of address,e-wallet,moodle,trade bitcoin,prepaid,payment complete,dwolla,ftp://,identity scan,invoice,banking,internet bank,forgot password,carding,e-kzt,credit check,about tor,filezilla,shopping cart,ssh login,sell bitcoin,银行D,university,solidtrust pay,ftp details,neteller,domain name registration,add to balance,add funds,buy bitcoin,securecode,payment method,liqpay,paxum,web hosting services,hosting details,comdirect,unistream,okpay, account,money voucher,payeer,college,domain management,paypal,completed pay,perfect money,domain name services,order details,ria money transfer,alipay,logmein,e-voucher,telephone banking,z-payment,visa qiwi,savings account,ewallet,τ¨®ρ?άπDε?ζ?α¨¢,photo id,admin panel,paymer,バ¤Dン¤¨®ク¤¡¥,chequing account,bill payment,yandex,money,cpanel,skrill,payza,idram,moneygram,pay stub,dark web,teamviewer,online banking,business banking,amazon workspace,bank of,putty,western union,deposit funds,internet banking,banco,account details,paysera,bank account,payment sent,bank,ssh session,payment succe,capitalist:,digital currency,investments,epese,deep web,epay global payment, by visa,3d secure,debit card,verify,verification,card balance,account balance,hacked,carding,american express,imps transfer,bank transfer,cash deposit,moneypak,gofundme,crowdfunding,cashout,check balance,topup,top-up,recharge,top up,refill card,e-commerce,purchase tokens,available balance,payment info,jabber,icq,blockchain,coinbase,coinmama,localbitcoins,bitpay,digital signature,walmart,routing number,transit number”

转载请注明:魔域私服发布网 » 魔域私服被360提示有木馬 Wegame登陆时提示电脑感染木马的解决过程

发表我的评论
取消评论
表情