{"id":717,"date":"2011-04-06T11:29:15","date_gmt":"2011-04-06T03:29:15","guid":{"rendered":""},"modified":"2014-03-11T22:38:07","modified_gmt":"2014-03-11T14:38:07","slug":"iexplore-exe%e7%97%85%e6%af%92%e5%88%86%e6%9e%90%e5%8f%8a%e6%b8%85%e9%99%a4%e6%96%b9%e6%b3%95","status":"publish","type":"post","link":"http:\/\/www.xiaoyebailong.com\/index.php\/2011\/04\/06\/717.htm","title":{"rendered":"iexplore.exe\u75c5\u6bd2\u5206\u6790\u53ca\u6e05\u9664\u65b9\u6cd5"},"content":{"rendered":"

iexplore.exe\u662f\u4ec0\u4e48?\u5f88\u591a\u7528\u6237\u53d1\u73b0\u8fdb\u7a0b\u91cc\u6709\u4e24\u4e2aiexplore.exe\u6216\u591a\u4e2aiexplore.exe\u662f\u4ec0\u4e48\u539f\u56e0?iexplore.exe\u4f1a\u662f\u75c5\u6bd2\u5417?iexplore.exe\u75c5\u6bd2\u5982\u4f55\u5224\u65ad?IEXPLORE\u75c5\u6bd2\u5982\u4f55\u6e05\u7406\uff0c\u8bf7\u770b\u672c\u6587\u8be6\u89e3\u3002<\/p>\n

\u3000\u3000iexplore.exe\u662f\u4ec0\u4e48<\/p>\n

\u3000\u3000iexplore.exe\u662fMicrosoft Internet Explorer\u7684\u4e3b\u7a0b\u5e8f\u3002\u8fd9\u4e2a\u5fae\u8f6fWindows\u5e94\u7528\u7a0b\u5e8f\u8ba9\u4f60\u5728\u7f51\u4e0a\u51b2\u6d6a\uff0c\u548c\u8bbf\u95ee\u672c\u5730Interanet\u7f51\u7edc\u3002\u8fd9\u4e0d\u662f\u7eaf\u7cb9\u7684\u7cfb\u7edf\u7a0b\u5e8f\uff0c\u4f46\u662f\u5982\u679c\u7ec8\u6b62\u5b83\uff0c\u53ef\u80fd\u4f1a\u5bfc\u81f4\u4e0d\u53ef\u77e5\u7684\u95ee\u9898\u3002iexplore.exe\u540c\u65f6\u4e5f\u662fAvant\u7f51\u7edc\u6d4f\u89c8\u5668\u7684\u4e00\u90e8\u5206\uff0c\u8fd9\u662f\u4e00\u4e2a\u514d\u8d39\u7684\u57fa\u4e8eInternet Explorer\u7684\u6d4f\u89c8\u5668\u3002\u6ce8\u610fiexplore.exe\u4e5f\u6709\u53ef\u80fd\u662fTrojan.KillAV.B\u75c5\u6bd2\uff0c\u8be5\u75c5\u6bd2\u4f1a\u7ec8\u6b62\u4f60\u7684\u53cd\u75c5\u6bd2\u8f6f\u4ef6<\/a>\uff0c\u548c\u4e00\u4e9bWindows\u7cfb\u7edf\u5de5\u5177\uff0c\u8be5\u8fdb\u7a0b\u7684\u5b89\u5168<\/a>\u7b49\u7ea7\u662f\u5efa\u8bae\u5220\u9664<\/p>\n

\u3000\u3000iexplore.exe\u75c5\u6bd2\u5224\u65ad<\/p>\n

\u3000\u3000\u8fd9\u4e2a\u4e1c\u897f\u53ef\u4ee5\u8bf4\u662f\u75c5\u6bd2\uff0c\u4e5f\u53ef\u4ee5\u8bf4\u4e0d\u662f\u75c5\u6bd2\u3002<\/p>\n

\u3000\u3000\u56e0\u4e3a\u5fae\u8f6f\u7684\u6d4f\u89c8\u5668\u5c31\u662fIEXPLORE.EXE\uff0c\u4f46\u662f\u5b83\u4e00\u822c\u60c5\u51b5\u968f\u7cfb\u7edf\u88ab\u5b89\u88c5\u5728C:Program FilesInternet Explorer\u4e0b\u9762\u3002\u90a3\u4e48\uff0c\u5982\u679c\u53d1\u73b0\u8fd9\u4e2a\u6587\u4ef6\u662f\u5728\u8fd9\u4e2a\u76ee\u5f55\u4e0b\u9762\u7684\uff0c\u4e00\u822c\u60c5\u51b5\u4e0d\u662f\u75c5\u6bd2\uff0c\u5f53\u7136\uff0c\u4e0d\u5305\u62ec\u5df2\u7ecf\u88ab\u611f\u67d3\u4e86\u7684\u60c5\u51b5;\u8fd8\u6709\u4e00\u79cd\u60c5\u51b5\uff0c\u5c31\u662fIEXPLORE.EXE\u5728C:WINDOWSsystem32\u4e0b\u9762\uff0c\u90a3\u4e48\u8fd9\u4e2a\u5341\u6709\u516b\u4e5d\u90fd\u662f\u75c5\u6bd2\u3002<\/p>\n

\u3000\u3000iexplore.exe\u8fdb\u7a0b–\u75c5\u6bd2<\/p>\n

\u3000\u3000\u7cfb\u7edf\u8fdb\u7a0b–\u4f2a\u88c5\u7684\u75c5\u6bd2 iexplore.exe<\/p>\n

\u3000\u3000Trojan.PowerSpider.ac \u7834\u574f\u65b9\u6cd5\uff1a\u5bc6\u7801\u89e3\u9738V8.10\u3002\u53c8\u79f0“\u5bc6\u7801\u7ed3\u5df4”<\/p>\n

\u3000\u3000\u5077\u7528\u6237\u5404\u79cd\u5bc6\u7801\uff0c\u5305\u542b\uff1a\u6e38\u620f\u5bc6\u7801\u3001\u5c40\u57df\u7f51\u5bc6\u7801\u3001\u817e\u8bafQQ\u8d26\u53f7\u548c\u5bc6\u7801\u3001POP3 \u5bc6\u7801\u3001Win9x\u7f13\u5b58\u5bc6\u7801\u53ca\u62e8\u53f7\u8d26\u53f7\u7b49\u7b49\u3002\u8fd9\u4e2a\u6728\u9a6c\u6240\u5077\u5bc6\u7801\u7684\u8303\u56f4\u5f88\u5e7f\uff0c\u5bf9\u5e7f\u5927\u4e92\u8054\u7f51\u7528\u6237\u7684\u6f5c\u5728\u5a01\u80c1\u4e5f\u5de8\u5927\u3002<\/p>\n

\u3000\u3000iexplore.exe\u75c5\u6bd2\u73b0\u8c61\uff1a<\/p>\n

\u3000\u30001.\u7cfb\u7edf\u8fdb\u7a0b\u4e2d\u6709iexplore.exe\u8fd0\u884c\uff0c\u6ce8\u610f\uff0c\u662f\u5c0f\u5199\u5b57\u6bcd<\/p>\n

\u3000\u30002.\u641c\u7d22\u8be5\u7a0b\u5e8fiexplore.exe,\u4e0d\u662f\u4f4d\u4e8eC\u76d8\u4e0b\u7684PROGRAMME\u6587\u4ef6\u5939\uff0c\u800c\u662fWINDOWS32\u6587\u4ef6\u5939\u3002<\/p>\n

\u3000\u3000iexplore.exe\u75c5\u6bd2\u7b2c1\u79cd\u89e3\u51b3\u65b9\u6cd5\uff1a\uff1a<\/p>\n

\u3000\u30001.\u5230C:WINDOWSsystem32\u4e0b\u627e\u5230iexplore.exe \u548c psinthk.dll \u5b8c\u5168\u5220\u9664\u4e4b\u3002<\/p>\n

\u3000\u30002.\u5230\u6ce8\u518c\u8868\u4e2d\uff0c\u627e\u5230HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersion<\/p>\n

\u3000\u3000Run “mssysint”= iexplore.exe,\u5220\u9664\u5176\u952e\u503c\u3002<\/p>\n

\u3000\u3000iexplore.exe\u75c5\u6bd2\u7b2c2\u79cd\u89e3\u51b3\u65b9\u6cd5\uff1a\u5927\u5bb6\u53ef\u4ee5\u628a\u7cfb\u7edf\u91cd\u65b0\u5b89\u88c5\uff0c\u4e5f\u53ef\u4ee5\u8fdbwinpe\u8fdb\u884c\u4fee\u590d!<\/p>\n

\u3000\u3000iexplore.exe\u75c5\u6bd2\u7b2c3\u79cd\u89e3\u51b3\u529e\u6cd5(\u63a8\u8350)\uff1a<\/p>\n

\u3000\u30001\u3001\u4f7f\u7528\u8d44\u6e90\u7ba1\u7406\u5668\u67e5\u770b\u8fdb\u7a0b\uff0c\u6ce8\u610fwinrpcsrv.exe\u3001winrpc.exe\u3001wingate.exe\u3001syshelp.exe\u3001rpcsrv.exe\u3001iexplore.exe\u3001winVNC.exe…\u5747\u4e3a\u75c5\u6bd2(\u6216\u7531\u75c5\u6bd2\u751f\u6210\u7684\u540e\u95e8\u8f6f\u4ef6<\/a>)\uff0c\u751a\u81f3\u5176\u5b83\u7684\u4e00\u5207\u4e0d\u5e38\u89c1\u7684\u8fdb\u7a0b\u90fd\u6709\u53ef\u80fd\u662f\uff0c\u5982\u679c\u4e0d\u80fd\u786e\u5b9a\uff0c\u627e\u4e00\u53f0\u670d\u52a1\u5668\u4e0a\u7684\u8fdb\u7a0b\u6765\u89c2\u5bdf(\u670d\u52a1\u5668\u5e94\u8be5\u4e0d\u4f1a\u88ab\u611f\u67d3)\u3002<\/p>\n

\u3000\u30002\u3001\u5c06\u75c5\u6bd2\u7a0b\u5e8f(\u540e\u95e8)\u7684\u8fdb\u7a0b\u7ed3\u675f\u6389\uff0c\u5bf9\u4e8e\u4e0d\u80fd\u7ed3\u675f\u7684\uff0c\u53ef\u4ee5\u4f7f\u7528\u9644\u4ef6\u4e2d\u7684pskill.exe\u7ed3\u675f\u6389(\u547d\u4ee4\u683c\u5f0f“pskill \u8fdb\u7a0b\u540d”)\u3002<\/p>\n

\u3000\u30003\u3001\u6253\u5f00“\u670d\u52a1”\uff0c\u5728\u670d\u52a1\u5217\u8868\u4e2d\u5c06\u6ca1\u6709“\u63cf\u8ff0”\u670d\u52a1\u8fdb\u884c\u7b5b\u9009\uff0c\u67e5\u627e\u662f\u5426\u6709“Browser Telnet” “Event Thread” “Windows Management Extension”……\u7684\u670d\u52a1\uff0c\u4f9d\u6b21\u5220\u6389\u6ce8\u518c\u8868\u4e2d\u7684<\/p>\n

\u3000\u3000[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesBRWWTELK]<\/p>\n

\u3000\u3000[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesprom0n.exe]<\/p>\n

\u3000\u3000[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesWindows Management Extension]<\/p>\n

\u3000\u3000[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesWindow Remote Service]<\/p>\n

\u3000\u3000[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun(Run Services]<\/p>\n

\u3000\u3000[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun(Run Services]……\u7684\u76f8\u5173\u7684\u5065\u503c(\u8fd8\u6709WinVNC\u7684\u8fdb\u7a0b\uff0c\u6ca1\u6709\u8bb0\u4f4f\u662f\u4ec0\u4e48\u5065\u503c)<\/p>\n

\u3000\u30004\u3001\u5220\u6389[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesdll_reg]<\/p>\n

\u3000\u3000[HKEY_CLASSES_ROOTApplicationswinrpc.exe]\u7684\u5065\u503c\uff0c<\/p>\n

\u3000\u30005\u3001\u5e76\u4fee\u6539[HKEY_CLASSES_ROOTtxtfileshellopencommand]\u7684\u53f3\u4fa7\u7684\u9ed8\u8ba4\u5065\u503c\u4e3a“ %SystemRoot%system32NOTEPAD.EXE %1”\uff0c\u6b64\u65f6\uff0c\u3002txt\u7684\u6587\u4ef6\u65e0\u6cd5\u6b63\u5e38\u6253\u5f00\uff0c\u53ef\u4ee5\u70b9\u51fb\u6587\u672c\u6587\u4ef6\u7684\u53f3\u952e\u9009\u62e9\u5176\u5b83\u65b9\u5f0f\uff0c\u9009\u62e9\u4f7f\u7528Notepad\u5373\u53ef\u3002<\/p>\n

\u3000\u30006\u3001\u5220\u6389\u7cfb\u7edfsystem32\u76ee\u5f55\u4e0b\u7684\u4ee5\u4e0b\u7a0b\u5e8f(\u5927\u90e8\u5206\u53ef\u6267\u884c\u7a0b\u5e8f\u7684\u5927\u5c0f\u90fd\u4e3a78,848\u5b57\u8282)\uff1a winrpcsrv.exe \u3001 winrpc.exe \u3001 wingate.exe \u3001 syshelp.exe \u3001 rpcsrv.exe \u3001 iexplore.exe \u3001 prom0n.exe(\u6ce8\u610f\u4e2d\u95f4\u7684\u662f\u6570\u5b570) \u3001 irftpd.exe \u3001 irftpd.dll \u3001 iexplore.exe \u3001 reg.dll \u3001 task.dll \u3001 ily.dll \u3001 Thdstat.exe \u3001 1.dll \u3001 winvnc.exe<\/p>\n

\u3000\u30007\u3001\u6e05\u7a7a“C:Documents and SettingsDefault User(\u6216Default UesrWINNT)Local SettingsTemporary Internet FilesContent.IE5”\u76ee\u5f55\u4e0b\u9664\u4e86“desktop.ini”\u7684\u6240\u6709\u6587\u4ef6\uff0c\u8be5\u8def\u5f84\u4e0b\uff0c\u53d1\u73b0\u6709\u4e00\u4e9b\u540e\u95e8\u8f6f\u4ef6\u3002<\/p>\n

\u3000\u30008\u3001\u5173\u95ed\u6240\u6709\u76ee\u5f55\u7684\u5b8c\u5168\u5171\u4eab!\u2015\u2015\u8fd9\u662f\u5173\u95ed\u4e86\u8be5\u7a0b\u5e8f\u8fd8\u53ef\u4ee5\u901a\u8fc7\u7f51\u7edc\u611f\u67d3\u7684\u9014\u5f84\u3002<\/p>\n

\u3000\u30009\u3001\u91cd\u65b0\u542f\u52a8\u8ba1\u7b97\u673a\uff0c\u89c2\u5bdf\u662f\u5426\u8fd8\u6709\u7c7b\u4f3c\u8fdb\u7a0b\u51fa\u73b0\uff0c\u5c24\u5176\u662firftpd.exe\uff0c\u8fd9<\/p>\n","protected":false},"excerpt":{"rendered":"

iexplore.exe\u662f\u4ec0\u4e48?\u5f88\u591a\u7528\u6237\u53d1\u73b0\u8fdb\u7a0b\u91cc\u6709\u4e24\u4e2aiexplore.exe\u6216\u591a\u4e2aiexplore.exe\u662f\u4ec0\u4e48\u539f\u56e0?iexplore.exe\u4f1a\u662f\u75c5\u6bd2\u5417?iexplore.exe\u75c5\u6bd2\u5982\u4f55\u5224\u65ad?IEXPLORE\u75c5\u6bd2\u5982\u4f55\u6e05\u7406\uff0c\u8bf7\u770b\u672c\u6587\u8be6\u89e3\u3002…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"topic":[],"class_list":["post-717","post","type-post","status-publish","format-standard","hentry","category-technology"],"_links":{"self":[{"href":"http:\/\/www.xiaoyebailong.com\/index.php\/wp-json\/wp\/v2\/posts\/717","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.xiaoyebailong.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.xiaoyebailong.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.xiaoyebailong.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.xiaoyebailong.com\/index.php\/wp-json\/wp\/v2\/comments?post=717"}],"version-history":[{"count":1,"href":"http:\/\/www.xiaoyebailong.com\/index.php\/wp-json\/wp\/v2\/posts\/717\/revisions"}],"predecessor-version":[{"id":66565,"href":"http:\/\/www.xiaoyebailong.com\/index.php\/wp-json\/wp\/v2\/posts\/717\/revisions\/66565"}],"wp:attachment":[{"href":"http:\/\/www.xiaoyebailong.com\/index.php\/wp-json\/wp\/v2\/media?parent=717"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.xiaoyebailong.com\/index.php\/wp-json\/wp\/v2\/categories?post=717"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.xiaoyebailong.com\/index.php\/wp-json\/wp\/v2\/tags?post=717"},{"taxonomy":"topic","embeddable":true,"href":"http:\/\/www.xiaoyebailong.com\/index.php\/wp-json\/wp\/v2\/topic?post=717"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}