��ӭ��endurer@bokee

BaiDu/�ٶ��˲�ֹ

2008-09-04T21:31:30Z

��һͬ��˵��ĵ��Թػ�ʱ��ס�ˣ��ż��æ��

��п��ȫ��ּ����BHO�и�BaiDu�Ķ��ж��~

��~

��ͬ��װʲô��ʱ��С�ĸ�װ��ȥ�ˡ�

BaiDu��LJ��վ��ʼ��һֱʹ�ñ��ı��å��XX�ѰԺ�XX��Ѱԣ��ڱ��Э��Ϊʮ��å��󣬻��Ƕ�ϰ��ģ��Űٶ��BaiduBar.Tool��Ϊ��û��Կ��~

BaiDu��US��У��һ��ʹ�˾��׬Ǯ�ģ��Զ��û��ʲô��~

ֻ��BaiDu��˲�ֹ~

BaiDu/�ٶ��˲�ֹ

2008-09-03T23:48:42Z

��һͬ��˵��ĵ��Թػ�ʱ��ס�ˣ��ż��æ��

��п��ȫ��ּ����BHO�и�BaiDu�Ķ��ж��~

��~

��ͬ��װʲô��ʱ��С�ĸ�װ��ȥ�ˡ�

BaiDu��LJ��վ��ʼ��һֱʹ�ñ��ı��å��XX�ѰԺ�XX��Ѱԣ��ڱ��Э��Ϊʮ��å��󣬻��Ƕ�ϰ��ģ��Űٶ��BaiduBar.Tool��Ϊ��û��Կ��~

BaiDu��US��У��һ��ʹ�˾��׬Ǯ�ģ��Զ��û��ʲô��~

ֻ��BaiDu��˲�ֹ~

s.exe,4f4.exe,8g4.dll,fh8.dll

2008-09-02T22:34:19Z

�ļ�˵�� : C:\WINDOWS\system32\s.exe
�� : A--R
��ǩ��:��
PE�ļ�:��
�� : ��(�й�)
�ļ��汾 : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
˵�� : Windows Progman Group Converter
��Ȩ : Copyright Zhongsou(C) 2005
��Ʒ�汾 : 5.1.2600.2180
��Ʒ�� : Microsoft(R) Windows(R) Operating System
��˾�� : Microsoft Corporation
�ڲ�� : GrpConv
��ʱ�� : 2008-8-8 12:9:38
�޸�ʱ�� : 2008-7-26 9:48:34
��С : 98304 �ֽ� 96.0 KB
MD5 : e989fd3e1b34e9beb26c6d9744143b5e
SHA1: BA27F06F5C76B7DD78D80414ADC9DC97E2647BC0
CRC32: 443ca0a9

�ļ� s.exe �� 2008.09.02 07:56:02 (CET)

��	�汾	��	ɨ��
AhnLab-V3	2008.9.2.0	2008.09.02	-
AntiVir	7.8.1.23	2008.09.01	-
Authentium	5.1.0.4	2008.09.02	-
Avast	4.8.1195.0	2008.09.01	-
AVG	8.0.0.161	2008.09.01	-
BitDefender	7.2	2008.09.02	-
CAT-QuickHeal	9.50	2008.08.29	-
ClamAV	0.93.1	2008.09.02	-
DrWeb	4.44.0.09170	2008.09.01	-
eSafe	7.0.17.0	2008.09.01	-
eTrust-Vet	31.6.6062	2008.09.01	-
Ewido	4.0	2008.09.01	-
F-Prot	4.4.4.56	2008.09.02	-
F-Secure	7.60.13501.0	2008.09.02	-
Fortinet	3.14.0.0	2008.09.02	-
GData	19	2008.09.02	-
Ikarus	T3.1.1.34.0	2008.09.02	Trojan.Win32.Jhee.V
K7AntiVirus	7.10.435	2008.09.01	-
Kaspersky	7.0.0.125	2008.09.02	-
McAfee	5374	2008.09.01	-
Microsoft	1.3807	2008.09.02	Trojan:Win32/Jhee.V
NOD32v2	3406	2008.09.02	-
Norman	5.80.02	2008.09.01	-
Panda	9.0.0.4	2008.09.02	-
PCTools	4.4.2.0	2008.09.01	-
Prevx1	V2	2008.09.02	Malware Downloader
Rising	20.60.02.00	2008.09.02	-
Sophos	4.33.0	2008.09.02	-
Sunbelt	3.1.1592.1	2008.08.30	-
Symantec	10	2008.09.02	-
TheHacker	6.3.0.8.069	2008.09.01	-
TrendMicro	8.700.0.1004	2008.09.02	TROJ_JHEE.BU
VBA32	3.12.8.4	2008.09.01	-
ViRobot	2008.9.1.1359	2008.09.01	-
VirusBuster	4.5.11.0	2008.09.01	-
Webwasher-Gateway	6.6.2	2008.09.01	-

��Ϣ
File size: 98304 bytes
MD5...: e989fd3e1b34e9beb26c6d9744143b5e
SHA1..: ba27f06f5c76b7dd78d80414adc9dc97e2647bc0
SHA256: 106ab625564ca6909f70cc3e935530043046c5435275f642c48cdf66a2e02a68
SHA512: be682cd2432cf677db5a1511f8626a2f898e12ec56bd0ca438ab4a38aa143bf1 717e21d0aab5f47121e39bfbc88a9dd8ea8c2b0a1dd6e9573c74880fdae52240
PEiD..: Armadillo v1.71
TrID..: File type identification Win64 Executable Generic(59.6%) Win32 Executable MS Visual C++ (generic) (26.2%) Win32 Executable Generic (5.9%) Win32 Dynamic Link Library (generic) (5.2%) Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x40777e timedatestamp.....: 0x488a8272 (Sat Jul 26 01:48:34 2008) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0xea15 0xf000 6.56 bc21b827dc08dc0a38b7f037cbacd830 .rdata 0x10000 0x20a0 0x3000 3.53 5d06b741269a1ab50e725000971ad5b4 .data 0x13000 0x5da8 0x4000 1.80 cf3cbe4050c51c06a50c399959f21f72 .rsrc 0x19000 0x3a8 0x1000 1.01 d4e889dabc877175e20b2ef2f4be76dd ( 2 imports ) > KERNEL32.dll: GetModuleHandleA, GetEnvironmentVariableA, SetStdHandle, IsBadCodePtr, IsBadReadPtr, ReadFile, Sleep, GetLastError, GetModuleFileNameA, GetShortPathNameA, CreateProcessA, CreateDirectoryA, LoadLibraryA, GetProcAddress, FreeLibrary, GetWindowsDirectoryA, GetVersionExA, CloseHandle, CreateToolhelp32Snapshot, Process32First, Process32Next, OpenProcess, MultiByteToWideChar, WideCharToMultiByte, RtlUnwind, RaiseException, GetCommandLineA, GetVersion, ExitProcess, HeapFree, HeapAlloc, HeapReAlloc, TerminateProcess, GetCurrentProcess, LCMapStringA, LCMapStringW, GetCPInfo, HeapSize, GetACP, GetOEMCP, SetUnhandledExceptionFilter, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, HeapDestroy, HeapCreate, VirtualFree, WriteFile, VirtualAlloc, IsBadWritePtr, SetFilePointer, FlushFileBuffers, GetStringTypeA, GetStringTypeW > ADVAPI32.dll: ControlService, RegQueryInfoKeyA, SetServiceStatus, RegisterServiceCtrlHandlerA, StartServiceCtrlDispatcherA, DeleteService, StartServiceA, QueryServiceStatus, CreateServiceA, ChangeServiceConfig2A, RegCreateKeyA, RegSetValueExA, RegCloseKey, OpenSCManagerA, OpenServiceA, CloseServiceHandle, DeregisterEventSource, GetUserNameA, CreateProcessAsUserA, OpenProcessToken ( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=09D2F541009E3A18805B016D663C340007832D56
ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=e989fd3e1b34e9beb26c6d9744143b5e

�ļ�˵�� : C:\WINDOWS\system32\4f4.exe
�� : ---R
��ǩ��:��
PE�ļ�:��
�� : ��(�й�)
�ļ��汾 : 7, 0, 6000, 381
˵�� : Windows Update Automatic Updates
��Ȩ : Copyright Zhongsou(C) 2005
��Ʒ�汾 : 7, 0, 6000, 381
��Ʒ�� : Microsoft(R) Windows(R) Operating System
��˾�� : Microsoft Corporation
�ڲ�� : wuauclt
��ʱ�� : 2008-8-14 19:39:15
�޸�ʱ�� : 2008-8-18 9:23:23
��С : 114688 �ֽ� 112.0 KB
MD5 : 7d9d179ed12d26eff1a7c5d2aadc1884
SHA1: 42608AD8247C89CD6C52697AF082FBCA213FA5CC
CRC32: c44ee596

�ļ� 4f4.exe �� 2008.09.02 07:51:50 (CET)

��	�汾	��	ɨ��
AhnLab-V3	2008.9.2.0	2008.09.02	-
AntiVir	7.8.1.23	2008.09.01	-
Authentium	5.1.0.4	2008.09.02	-
Avast	4.8.1195.0	2008.09.01	Win32:Trojan-gen {Other}
AVG	8.0.0.161	2008.09.01	-
BitDefender	7.2	2008.09.02	Trojan.Generic.667569
CAT-QuickHeal	9.50	2008.08.29	-
ClamAV	0.93.1	2008.09.02	-
DrWeb	4.44.0.09170	2008.09.01	-
eSafe	7.0.17.0	2008.09.01	-
eTrust-Vet	31.6.6062	2008.09.01	-
Ewido	4.0	2008.09.01	-
F-Prot	4.4.4.56	2008.09.02	-
F-Secure	7.60.13501.0	2008.09.02	Trojan.Win32.BHO.gdt
Fortinet	3.14.0.0	2008.09.02	-
GData	19	2008.09.02	Trojan.Win32.BHO.gdt
Ikarus	T3.1.1.34.0	2008.09.02	Trojan.Win32.Jhee.V
K7AntiVirus	7.10.435	2008.09.01	-
Kaspersky	7.0.0.125	2008.09.02	Trojan.Win32.BHO.gdt
McAfee	5374	2008.09.01	-
Microsoft	1.3807	2008.09.02	Trojan:Win32/Jhee.V
NOD32v2	3406	2008.09.02	a variant of Win32/BHO.NCY
Norman	5.80.02	2008.09.01	-
Panda	9.0.0.4	2008.09.02	-
PCTools	4.4.2.0	2008.09.01	-
Prevx1	V2	2008.09.02	Malicious Software
Rising	20.60.02.00	2008.09.02	Trojan.Win32.BHO.fef
Sophos	4.33.0	2008.09.02	-
Sunbelt	3.1.1592.1	2008.08.30	-
Symantec	10	2008.09.02	-
TheHacker	6.3.0.8.069	2008.09.01	-
TrendMicro	8.700.0.1004	2008.09.02	-
VBA32	3.12.8.4	2008.09.01	-
ViRobot	2008.9.1.1359	2008.09.01	-
VirusBuster	4.5.11.0	2008.09.01	-
Webwasher-Gateway	6.6.2	2008.09.01	-

��Ϣ
File size: 114688 bytes
MD5...: 7d9d179ed12d26eff1a7c5d2aadc1884
SHA1..: 42608ad8247c89cd6c52697af082fbca213fa5cc
SHA256: 923b711004868c4b93fda6ded1c75b05097d0ad7901c18a3b9cf4fac21392c06
SHA512: b7873b2bb3169c353aba5657da10e6685adf71bbfac998f330819ed01684757d c829419cf9105695c7d4aac685a2127868e610e623bc9fba2f31d322dfb9aaff
PEiD..: Armadillo v1.71
TrID..: File type identification Win64 Executable Generic (59.6%) Win32 Executable MS Visual C++ (generic) (26.2%) Win32 Executable Generic (5.9%) Win32 Dynamic Link Library (generic) (5.2%) Generic Win/DOS Executable (1.%)
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x40d7ce timedatestamp.....: 0x48a8cf0b (Mon Aug 18 01:23:23 2008) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x148a5 0x15000 6.58 9540ea1874c6abf2d0412723de0fd4ef .rdata 0x16000 0x2636 0x3000 3.92 d3825aad0a09cace49691d3fb795bdfa .data 0x19000 0x4068 0x2000 3.46 f23487b12d7926a9080d896434f01aac .rsrc 0x1e000 0x420 0x1000 1.11 7e1601bbdaf4774922a6674fbd7eb714 ( 4 imports ) > KERNEL32.dll: ReadFile, CreateFileA, DeviceIoControl, GetModuleHandleA, lstrlenA, MultiByteToWideChar, WideCharToMultiByte, LocalFree, SetEndOfFile, SetStdHandle, IsBadCodePtr, Sleep, GetLastError, GetModuleFileNameA, CreateDirectoryA, GetFileAttributesA, DeleteFileA, CreateProcessA, WaitForSingleObject, CloseHandle, SetFileAttributesA, CopyFileA, GetPrivateProfileStringA, LoadLibraryA, GetProcAddress, GetVersionExA, FreeLibrary, GetWindowsDirectoryA, IsBadReadPtr, GetStringTypeW, GetStringTypeA, FlushFileBuffers, SetFilePointer, IsBadWritePtr, VirtualAlloc, RtlUnwind, RaiseException, GetCommandLineA, GetVersion, ExitProcess, HeapFree, HeapAlloc, HeapReAlloc, TerminateProcess, GetCurrentProcess, LCMapStringA, LCMapStringW, GetCPInfo, HeapSize, GetACP, GetOEMCP, SetUnhandledExceptionFilter, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, HeapDestroy, HeapCreate, VirtualFree, WriteFile > ADVAPI32.dll: RegisterServiceCtrlHandlerA, RegEnumValueA, SetServiceStatus, StartServiceCtrlDispatcherA, ControlService, DeleteService, StartServiceA, QueryServiceStatus, CreateServiceA, ChangeServiceConfig2A, RegCreateKeyA, RegSetValueExA, OpenSCManagerA, OpenServiceA, CloseServiceHandle, DeregisterEventSource, RegQueryInfoKeyA, RegOpenKeyExA, RegCloseKey > ole32.dll: CoUninitialize, CoGetClassObject, StringFromCLSID, CoInitialize > OLEAUT32.dll: - ( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=1A741BE600E22A09C07901CE1AE8BF0084B630EB

�ļ�˵�� : C:\WINDOWS\system32\8g4.dll
�� : ---R
��ǩ��:��
PE�ļ�:��
�� : Ӣ��(��)
�ļ��汾 : 6, 0, 2900, 3395
˵�� : Internet Extensions for Win32
��Ȩ : Copyright 2007
��ע :
��Ʒ�汾 : 6, 0, 2900, 3395
��Ʒ�� : Microsoft(R) Windows(R) Operating System
��˾�� : Microsoft Corporation
�ڲ�� : wininet.dll
��ʱ�� : 2008-8-16 7:28:49
�޸�ʱ�� : 2008-8-18 9:24:6
��С : 53248 �ֽ� 52.0 KB
MD5 : 8b0f13a77904747fa97c94ca9d385820
SHA1: DEEA688792B17F0963627910AEFCDEEF1C29A93A
CRC32: 5f208cad

�ļ� 8g4.dll �� 2008.09.02 08:03:07 (CET) ��: 7/36 (19.45%)

��	�汾	��	ɨ��
AhnLab-V3	2008.9.2.0	2008.09.02	-
AntiVir	7.8.1.23	2008.09.01	ADSPY/Bho.aeu
Authentium	5.1.0.4	2008.09.02	-
Avast	4.8.1195.0	2008.09.01	-
AVG	8.0.0.161	2008.09.01	-
BitDefender	7.2	2008.09.02	Adware.BDSearch.1
CAT-QuickHeal	9.50	2008.08.29	-
ClamAV	0.93.1	2008.09.02	-
DrWeb	4.44.0.09170	2008.09.01	Adware.Sogou.119
eSafe	7.0.17.0	2008.09.01	-
eTrust-Vet	31.6.6062	2008.09.01	-
Ewido	4.0	2008.09.01	-
F-Prot	4.4.4.56	2008.09.02	-
F-Secure	7.60.13501.0	2008.09.02	-
Fortinet	3.14.0.0	2008.09.02	-
GData	19	2008.09.02	-
Ikarus	T3.1.1.34.0	2008.09.02	AdWare.Bdsearch.1
K7AntiVirus	7.10.435	2008.09.01	-
Kaspersky	7.0.0.125	2008.09.02	-
McAfee	5374	2008.09.01	-
Microsoft	1.3807	2008.09.02	-
NOD32v2	3406	2008.09.02	-
Norman	5.80.02	2008.09.01	-
Panda	9.0.0.4	2008.09.02	-
PCTools	4.4.2.0	2008.09.01	Adware.WSearch.O
Prevx1	V2	2008.09.02	-
Rising	20.60.10.00	2008.09.02	-
Sophos	4.33.0	2008.09.02	DesktopMedia
Sunbelt	3.1.1592.1	2008.08.30	-
Symantec	10	2008.09.02	-
TheHacker	6.3.0.8.069	2008.09.01	-
TrendMicro	8.700.0.1004	2008.09.02	-
VBA32	3.12.8.4	2008.09.01	-
ViRobot	2008.9.1.1359	2008.09.01	-
VirusBuster	4.5.11.0	2008.09.01	-
Webwasher-Gateway	6.6.2	2008.09.01	Ad-Spyware.Bho.aeu

��Ϣ
File size: 53248 bytes
MD5...: 8b0f13a77904747fa97c94ca9d385820
SHA1..: deea688792b17f0963627910aefcdeef1c29a93a
SHA256: 5f98c4e22ab2101045c5f6f50fd03e2b43603b277389ddfeae1b6ab77ab5642d
SHA512: e5f314dbe88bdf68a89a4676cd3459abd8b1c88b42e19318f4489b7a4e57bc5b 3fbf105077ec0c123c6732fa5c8292927518bd3791ce3d3f8627f20d66de4c4a
PEiD..: Armadillo v1.xx - v2.xx
TrID..: File type identification DirectShow filter (52.6%) Windows OCX File (32.2%) Win32 Executable MS Visual C++ (generic) (9.8%) Win32 Executable Generic (2.2%) Win32 Dynamic Link Library (generic) (1.9%)
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x10007153 timedatestamp.....: 0x48a8ced7 (Mon Aug 18 01:22:31 2008) machinetype.......: 0x14c (I386) ( 5 sectins ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x6846 0x7000 6.12 bf6c802cab768d06827795f8a039bd62 .rdata 0x8000 0x1f42 0x2000 5.09 70d66633da7462cc773003a3c24c6e86 .data 0xa000 0x2250 0x1000 1.78 24134641bcf54f63f31c909833171a5e .rsrc 0xd000 0xed0 0x1000 4.09 d331bda4646b0bb8d6cc9254ce2dea02 .reloc 0xe000 0xef2 0x1000 5.15 2be4cafb06c52c0d0369dbfad86010c7 ( 8 imports ) > MFC42.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, - > MSVCRT.dll: memcmp, strlen, strcpy, memset, _access, realloc, malloc, free, _EH_prolog, strcat, strrchr, strncpy, strncmp, __dllonexit, _onexit, _except_handler3, _terminate@@YAXXZ, _initterm, _adjust_fdiv, __1type_info@@UAE@XZ, __CxxFrameHandler, _purecall, _mbslwr, memcpy, sprintf > KERNEL32.dll: InterlockedDecrement, LocalAlloc, LocalFree, GetModuleHandleA, DeviceIoControl, CreateFileA, CreateDirectoryA, GetTempFileNameA, GetDriveTypeA, SearchPathA, GetFileAttributesA, WaitForSingleObject, SetFileAttributesA, GetVolumeInformationA, OpenMutexA, GetWindowsDirectoryA, GetSystemDirectoryA, CreateProcessA, CloseHandle, GetVersionExA, GetProcessHeap, GetLogicalDrives, lstrcatA, lstrcpyA, LoadLibraryA, GetProcAddress, HeapDestroy, IsDBCSLeadByte, lstrcpynA, lstrcmpiA, LoadLibraryExA, GetLastError, FindResourceA, LoadResource, SizeofResource, FreeLibrary, WideCharToMultiByte, GetShortPathNameA, lstrlenA, MultiByteToWideChar, GetModuleFileNameA, InitializeCriticalSection, DeleteCriticalSection, LeaveCriticalSection, InterlockedIncrement, EnterCriticalSection, CopyFileA, lstrlenW > USER32.dll: CharNextA > ADVAPI32.dll: RegEnumValueA, RegCreateKeyExA, RegDeleteValueA, RegCloseKey, RegOpenKeyExA, RegEnumKeyExA, RegSetValueExA, RegQueryInfoKeyA, RegDeleteKeyA, RegCreateKeyA, RegQueryValueA, RegSetValueA, RegSetKeySecurity, RegUnLoadKeyA, RegNotifyChangeKeyValue, CloseServiceHandle, OpenServiceA, OpenSCManagerA, QueryServiceStatus, RegQueryValueExA > ole32.dll: CoTaskMemAlloc, CoTaskMemRealloc, CoCreateInstance, CoTaskMemFree > OLEAUT32.dll: -, -, -, -, -, -, - > MSVCP60.dll: _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z, __1_Winit@std@@QAE@XZ, __0_Winit@std@@QAE@XZ, __1Init@ios_base@std@@QAE@XZ, __0Init@ios_base@std@@QAE@XZ, _substr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBE_AV12@II@Z, __8std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@PBD@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@ABV01@@Z, __Hstd@@YA_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@ABV10@0@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z, _npos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@2IB, __C@_1___Nullstr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@CAPBDXZ@4DB, __Hstd@@YA_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@ABV10@PBD@Z, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, __Tidy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEX_N@Z, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z ( 4 exports ) DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer

�ļ�˵�� : C:\WINDOWS\system32\fh8.dll
�� : ---R
��ǩ��:��
PE�ļ�:��
�� : ��(�й�)
�ļ��汾 : 4, 1, 0, 3936
˵�� : MS DTC administrative component
��Ȩ : ��Ȩ�� (C) 2006
��Ʒ�汾 : 4, 1, 0, 3936
��Ʒ�� : Microsoft Distributed Transaction Coordinator
��˾�� : Microsoft Corporation
�ڲ�� : msdtcui
��ʱ�� : 2008-8-16 7:28:49
�޸�ʱ�� : 2008-8-18 9:24:8
��С : 679936 �ֽ� 664.0 KB
MD5 : 5cc9d394a169a062f7ff5a083e1d2f16
SHA1: DA8F216AFD1A4E61DDD93B447BB697520D0AC697
CRC32: 5e40c01c

�ļ� fh8.dll �� 2008.09.02 08:12:20 (CET) ��: 20/36 (55.56%)

��	�汾	��	ɨ��
AhnLab-V3	2008.9.2.0	2008.09.02	-
AntiVir	7.8.1.23	2008.09.01	TR/Agent.49152
Authentium	5.1.0.4	2008.09.02	-
Avast	4.8.1195.0	2008.09.01	Win32:Agent-GRW
AVG	8.0.0.161	2008.09.01	Generic_r.D
BitDefender	7.2	2008.09.02	Adware.BDSearch.1
CAT-QuickHeal	9.50	2008.08.29	AdWare.BHO.cox (Not a Virus)
ClamAV	0.93.1	2008.09.02	-
DrWeb	4.44.0.09170	2008.09.01	Adware.Sogou.120
eSafe	7.0.17.0	2008.09.01	-
eTrust-Vet	31.6.6062	2008.09.01	-
Ewido	4.0	2008.09.01	-
F-Prot	4.4.4.56	2008.09.02	-
F-Secure	7.60.13501.0	2008.09.02	AdWare.Win32.BHO.cox
Fortinet	3.14.0.0	2008.09.02	Adware/DesktopMedia
GData	19	2008.09.02	Win32:Agent-GRW
Ikarus	T3.1.1.34.0	2008.09.02	Virus.Win32.Agent.GRW
K7AntiVirus	7.10.435	2008.09.01	Trojan.Win32.Malware.1
Kaspersky	7.0.0.125	2008.09.02	not-a-virus:AdWare.Win32.BHO.cox
McAfee	5374	2008.09.01	potentially unwanted program Adware-DesktopMedia
Microsoft	1.3807	2008.09.02	Adware:Win32/Rugo
NOD32v2	3406	2008.09.02	-
Norman	5.80.02	2008.09.01	-
Panda	9.0.0.4	2008.09.02	-
PCTools	4.4.2.0	2008.09.01	-
Prevx1	V2	2008.09.02	Worm
Rising	20.60.10.00	2008.09.02	AdWare.Win32.Mnless.ahb
Sophos	4.33.0	2008.09.02	-
Sunbelt	3.1.1592.1	2008.08.30	Adware.Bdsearch
Symantec	10	2008.09.02	-
TheHacker	6.3.0.8.069/td>	2008.09.01	-
TrendMicro	8.700.0.1004	2008.09.02	-
VBA32	3.12.8.4	2008.09.01	AdWare.Win32.BHO.cox
ViRobot	2008.9.1.1359	2008.09.01	Adware.BHO.679936.D
VirusBuster	4.5.11.0	2008.09.01	-
Webwasher-Gateway	6.6.2	2008.09.01	Ad-Spyware.BDSearch.1.45

��Ϣ
File size: 679936 bytes
MD5...: 5cc9d394a169a062f7ff5a083e1d2f16
SHA1..: da8f216afd1a4e61ddd93b447bb697520d0ac697
SHA256: f230b2961b14d6f817312d09786e3b8270eb85571e0f6acfff0e6a9aed56f6ab
SHA512: d73fbdd486596eda659f1f05e9f532496a02f18625ca4c1801cc18811c88024a 2127f14f1f7d2163749c364f920b729ebedd2704792146bdd1e78e97e1759fbb
PEiD..: -
TrID..: File type identification Win32 Executable MS Visual C++ (generic) (53.1%) Windows Screen Saver (18.4%) Win32 Executable Generic (12.0%) Win32 Dynamic Link Library (generic) (10.6%) Generic Win/DOS Executable (2.8%)
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x10044883 timedatestamp.....: 0x48a8ce36 (Mon Aug 18 01:19:50 2008) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x79f76 0x7a000 6.62 daa7ab1749d0349d0d49b08f790012dd .rdata 0x7b000 0xc4ce 0xd000 4.73 470ce27f912cec8a2fb64d136a712951 .data 0x88000 0x52e2c 0xd000 2.61 31fa3a006582c503094bbf1d8a2c44ce .rsrc 0xdb000 0x1258 0x2000 3.01 9f55d89a8fd45e9f03a4f5db7ab987b7 .reloc 0xdd000 0xe674 0xf000 5.83 a465aad81a0719d36866c17035df8794 ( 9 imports ) > WS2_32.dll: -, -, - > ole32.dll: CoTaskMemRealloc, CLSIDFromString, CLSIDFromProgID, CoGetClassObject, OleLockRunning, CoTaskMemAlloc, StringFromGUID2, OleUninitialize, OleInitialize, CreateStreamOnHGlobal, CoCreateInstance, CoUninitialize, CoInitialize, CoTaskMemFree > WININET.dll: InternetOpenA, InternetReadFile, GetUrlCacheEntryInfoA, InternetCrackUrlA, DeleteUrlCacheEntry, InternetConnectA, InternetCloseHandle, HttpOpenRequestA, HttpSendRequestA > urlmon.dll: URLDownloadToFileA > KERNEL32.dll: RaiseException, InitializeCriticalSection, DeleteCriticalSection, GetLocalTime, CloseHandle, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, OpenFileMappingA, ReleaseMutex, FlushViewOfFile, WaitForSingleObject, CreateMutexA, FindClose, FindFirstFileA, GetLastError, GetSystemTimeAsFileTime, SetErrorMode, MultiByteToWideChar, GetShortPathNameA, GetTempFileNameA, GetTempPathA, CopyFileA, Sleep, SetFileAttributesA, GetWindowsDirectoryA, DeleteFileA, GetVolumeInformationA, GetSystemDirectoryA, FindNextFileA, lstrcmpA, lstrcatA, lstrcpyA, CreateDirectoryA, GetVersionExA, SetProcessWorkingSetSize, GetCurrentProcess, GetTickCount, InterlockedExchange, GetACP, GetLocaleInfoA, GetThreadLocale, EnterCriticalSection, LeaveCriticalSection, FlushInstructionCache, HeapFree, GetProcessHeap, HeapAlloc, WideCharToMultiByte, InterlockedDecrement, lstrlenA, GetCurrentThreadId, GlobalUnlock, GlobalLock, GlobalAlloc, lstrlenW, MulDiv, InterlockedIncrement, GetModuleFileNameA, SetEvent, GetModuleHandleA, FreeLibrary, SizeofResource, LoadResource, LoadLibraryExA, lstrcmpiA, lstrcpynA, IsDBCSLeadByte, GetProcAddress, LoadLibraryA, CreateThread, OpenEventA, CreateProcessA, WaitForMultipleObjects, CreateEventA, Module32Next, Module32First, CreateToolhelp32Snapshot, GetCurrentDirectoryA, Process32Next, Process32First, ReadFile, CreateFileA, TerminateProcess, DeviceIoControl, VirtualAlloc, VirtualFree, SetFilePointer, WriteFile, SetEndOfFile, GetStdHandle, QueryPerformanceCounter, HeapSize, GetCurrentProcessId, SetUnhandledExceptionFilter, IsBadWritePtr, HeapCreate, FlushFileBuffers, HeapDestroy, TlsGetValue, TlsSetValue, TlsFree, SetLastError, TlsAlloc, GetOEMCP, GetCPInfo, LCMapStringW, LCMapStringA, RemoveDirectoryA, GetCommandLineA, HeapReAlloc, VirtualQuery, GetSystemInfo, VirtualProtect, GetFileAttributesA, GetDriveTypeA, FileTimeToLocalFileTime, FileTimeToSystemTime, ExitProcess, RtlUnwind, SetHandleCount, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, UnhandledExceptionFilter, GetStringTypeA, GetStringTypeW, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, IsValidCodePage, IsBadReadPtr, IsBadCodePtr, GetTimeZoneInformation, SetStdHandle, GetLocaleInfoW, CompareStringA, CompareStringW, SetEnvironmentVariableA, LocalFree, FindResourceA, GetFullPathNameA > USER32.dll: GetForegroundWindow, SetForegroundWindow, SystemParametersInfoA, MapWindowPoints, ShowWindow, UpdateWindow, PeekMessageA, GetMessageA, TranslateMessage, DispatchMessageA, EnumWindows, AdjustWindowRectEx, FindWindowExA, PostMessageA, CreateAcceleratorTableA, CharNextA, GetParent, GetClassNameA, RedrawWindow, IsWindow, GetDlgItem, SetFocus, GetFocus, IsChild, GetWindow, DestroyAcceleratorTable, BeginPaint, EndPaint, GetDesktopWindow, InvalidateRgn, InvalidateRect, FillRect, SetCapture, ReleaseCapture, GetSysColor, CreateWindowExA, CallWindowProcA, RegisterWindowMessageA, RegisterClassExA, GetWindowTextLengthA, GetWindowTextA, DefWindowProcA, SetActiveWindow, LoadCursorA, GetClassInfoExA, KillTimer, SetTimer, SetWindowPos, MoveWindow, SetWindowTextA, SendMessageA, GetWindowLongA, SetWindowLongA, DestroyWindow, PostQuitMessage, wsprintfA, SetWindowRgn, ReleaseDC, GetWindowRect, GetClientRect, GetSystemMetrics, LoadImageA, UnregisterClassA, GetDC > GDI32.dll: CreateRectRgn, GetPixel, RestoreDC, CreateSolidBrush, GetStockObject, GetObjectA, GetDeviceCaps, BitBlt, CreateCompatibleBitmap, DeleteDC, SelectObject, CreateCompatibleDC, CombineRgn, SaveDC, DeleteObject > ADVAPI32.dll: RegOpenKeyA, RegQueryValueExA, InitializeSecurityDescriptor, RegSetValueExA, RegCreateKeyA, GetUserNameA, RegCreateKeyExA, RegEnumValueA, RegDeleteKeyA, RegDeleteValueA, RegOpenKeyExA, RegQueryInfoKeyA, RegEnumKeyExA, SetSecurityDescriptorDacl, RegCloseKey > OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, - ( 8 exports ) Always, CallByControl, GetPlayerVersion, HxcDown, HxcUpdate, RunAD, Stop, playAdh
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=52B62B9300B9F45560080A686AD6A100F0A85D5F

��scvhost.exe,kcohj1ba.sys,4f4.exe,w509v.sys,8g4.dll,307b.dll��

2008-09-01T21:45:21Z

��scvhost.exe,kcohj1ba.sys,4f4.exe,w509v.sys,8g4.dll,307b.dll��

endurer ԭ��
2008-09-01 ��1��

��쿪��ʱ��Ҫ��ſμ��Ϊ��׼��̨��Ϊ��õ��̨��Ͳ��ڵĵ��Ϣ��ʾ��307b.dll��б��ˡ�

��Ϣ��Ʊػ�Ӱ��μ��ز��ţ��

�ñ��װ��Kingsoft Internet Security 2008��8��17�յģ��ʱ�޷��

�ý�ɽ��ר��ɨ�裬û�з��ֿ��ɵĶ��

��ָõ��о�Ȼװ��ǿ��ȫ��֣��4.x�İ汾��鿪����Ϸ��˿��ɵĶ��pe_xscan ɨ�貢��£�

/===
pe_xscan 08-08-01 by Purple Endurer
2008-9-1 13:40:48
Windows XP Service Pack 2(5.1.2600)
��Ա�û��
��ģʽ

O2 - BHO BHO Class - {1307E689-5CA1-4a15-9583-F2350790290D} = C:\WINDOWS\system32\oqxovy.dll| 2008-8-17 6:41:44
O2 - BHO Invoke Class - {6B76DDAB-898D-4e5b-917C-2B697C2EA7A4} = C:\WINDOWS\system32\8g4.dll| 2008-8-15 23:28:49
O4 - HKLM\..\Policies\Explorer\Run: [307b] rundll32 C:\WINDOWS\Downlo~1\307b.dll",Run

307ac.job
307b.job
307dc.job
307sc.job

O9 - IE��չ��ťHKLM��֪ʶ�� - {06926B30-424E-4f1c-8EE3-543CD96573DC} - hxxp://blank.la/?h
O9 - IE��߲˵��չ��HKLM�� - {06926B30-424E-4f1c-8EE3-543CD96573DC} - hxxtp://blank.la/?h
O23 - ��: 9bi9m8 (9bi9m8) - System32\DRIVERS\9bi9m8.sys(��)
O23 - ��: ADProt (ADProt) - C:\WINDOWS\system32\drivers\ADProt.sys(ϵͳ)
O23 - ��: kcohj1ba (kcohj1ba) - system32\drivers\kcohj1ba.sys(��)
O23 - ��: oboqyy (Logical Disk Manager Amdinistrative oboqyy) - c:\root\yxyeaholes\scvhost.exe| 2008-7-11 3:14:2(�Զ�)
O23 - ��: OSEvent (OSEvent) - C:\WINDOWS\system32\s.exe| 2008-8-8 4:9:38(�Զ�)
O23 - ��: ThinkpadSer (ThinkpadSer) - C:\WINDOWS\system32\4f4.exe| 2008-8-14 11:39:15(�Զ�)
O23 - ��: w509v (w509v) - system32\drivers\w509v.sys(��)

===/

��Щ��ˣ��ԣ��Ȼ��ٵ��Ǹ��Ϣ��ˡ�

�ļ�˵�� : C:\root\yxyeaholes\scvhost.exe
�� : A---
��ǩ��:��
PE�ļ�:��
�� : ��(�й�)
�ļ��汾 : 1.0.0.0
��Ʒ�汾 : 1.0.0.0
��ʱ�� : 2008-7-11 11:14:2
�޸�ʱ�� : 2008-7-11 11:14:2
��С : 478720 �ֽ� 467.512 KB
MD5 : 84e9c475ffe13cb7c8fd60f5b2995f00
SHA1: BAD9CFAE6813748DF9EB9BC0AD6C5728A267D2B2
CRC32: cdee47b1

�ļ� scvhost.exe �� 2008.09.01 15:25:39 (CET)

��	�汾	��	ɨ��
AhnLab-V3	2008.8.29.0	2008.09.01	Win-Trojan/Xema.variant
AntiVir	7.8.1.23	2008.09.01	TR/Spy.Gen
Authentium	5.1.0.4	2008.09.01	W32/Banload.E.gen!Eldorado
Avast	4.8.1195.0	2008.08.31	Win32:Trojan-gen {Other}
AVG	8.0.0.161	2008.09.01	Downloader.Generic7.AGRS
BitDefender	7.2	2008.09.01	Trojan.Generic.662130
CAT-QuickHeal	9.50	2008.08.29	TrojanDownloader.Delf.mpl
ClamAV	0.93.1	2008.09.01	-
DrWeb	4.44.0.09170	2008.09.01	-
eSafe	7.0.17.0	2008.08.31	-
eTrust-Vet	31.6.6062	2008.09.01	-
Ewido	4.0	2008.09.01	-
F-Prot	4.4.4.56	2008.09.01	W32/Banload.E.gen!Eldorado
F-Secure	7.60.13501.0	2008.09.01	Trojan-Downloader.Win32.Delf.mpl
Fortinet	3.14.0.0	2008.09.01	-
GData	19	2008.09.01	Trojan-Downloader.Win32.Delf.mpl
Ikarus	T3.1.1.34.0	2008.09.01	Trojan-Downloader.Win32.Delf.asz
K7AntiVirus	7.10.435	2008.09.01	Trojan.Win32.Malware.1
Kaspersky	7.0.0.125	2008.09.01	Trojan-Downloader.Win32.Delf.mpl
McAfee	5373	2008.08.29	Generic Downloader.x
Microsoft	1.3807	2008.08.25	-
NOD32v2	3404	2008.09.01	probably a variant of Win32/TrojanDownloader.Delf.ATB
Norman	5.80.02	2008.09.01	-
Panda	9.0.0.4	2008.08.31	-
PCTools	4.4.2.0	2008.09.01	Trojan-Downloader.Delf!sd6
Prevx1	V2	2008.09.01	Cloaked Malware
Rising	20.60.01.00	2008.09.01	Trojan.Win32.Undef.dru
Sophos	4.33.0	2008.09.01	-
Sunbelt	3.1.1592.1	2008.08.30	Trojan-Downloader.Delphi.Gen
Symantec	10	2008.09.01	Trojan Horse
TheHacker	6.3.0.6.069	2008.09.01	-
TrendMicro	8.700.0.1004	2008.09.01	-
VBA32	3.12.8.4	2008.08.31	Trojan-Downloader.Win32.Delf.mpl
ViRobot	2008.9.1.1359	2008.09.01	Trojan.Win32.Downloader.478720.B
VirusBuster	4.5.11.0	2008.08.31	-
Webwasher-Gateway	6.6.2	2008.09.01	Trojan.Spy.Gen

��Ϣ
File size: 478720 bytes
MD5...: 84e9c475ffe13cb7c8fd60f5b2995f00
SHA1..: bad9cfae6813748df9eb9bc0ad6c5728a267d2b2
SHA256: 6925307afc3957989c289dcbcba3eeb220e75d503bc91b4bd6c625a2ba48dbf6
SHA512: 219b328dc82b6d208444b825d18a4c71758a65ccfa21f291e0bc26d458bf11e9 75e5282071dfd603ad54550f72df417ec095702300f6a88a742c99d1ad486f2a
PEiD..: -
TrID..: File type identification Win32 Executable Borland Delphi 7 (69.1%) Win32 Executable Borland Delphi 6 (27.0%) Win32 Executable Delphi generic (1.5%) Win32 Executable Generic (0.8%) Win32 Dynamic Link Library (generic) (0.7%)
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x463f40 timedatestamp.....: 0x2a425e19 (Fi Jun 19 22:22:17 1992) machinetype.......: 0x14c (I386) ( 8 sections ) name viradd virsiz rawdsiz ntrpy md5 CODE 0x1000 0x62fd0 0x63000 6.54 e67f1df4e269a7be7237114c94c9974a DATA 0x64000 0x13b8 0x1400 4.11 dc6afc04a81f1b4d2e6fe22b921b4345 BSS 0x66000 0x1141 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e .idata 0x68000 0x2776 0x2800 5.01 d0b43b14609d2a068b5d2753a50f0afa .tls 0x6b000 0x10 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e .rdata 0x6c000 0x18 0x200 0.20 59ae59073dbfc82e5e0222fb77af1a75 .reloc 0x6d000 0x7204 0x7400 6.66 d8a0e4ffedfa836b07ffcabfcec0d94d .rsrc 0x75000 0x6800 0x6800 4.31 22b9293e6ea466a14872f8b94f2578e2 ( 18 imports ) > kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, ExitThread, CreateThread, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle > user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA > advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey > oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen > kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA > advapi32.dll: ReportEventA, RegisterEventSourceA, RegQueryValueExA, RegOpenKeyExA, RegCloseKey, DeregisterEventSource > kernel32.dll: lstrcpyA, WriteFile, WinExec, WaitForSingleObject, VirtualQuery, VirtualAlloc, SuspendThread, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, ReadFile, MultiByteToWideChar, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalSize, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetUserDefaultLCID, GetTickCount, GetThreadLocale, GetSystemInfo, GetStringTypeExA, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetExitCodeThread, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetComputerNameA, GetCPInfo, GetACP, FreeResource, InterlockedIncrement, InterlockedExchange, InterlockedDecrement, FreeLibrary, FormatMessageA, FindResourceA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle > version.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA > gdi32.dll: UnrealizeObject, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetMapMode, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, Rectangle, RectVisible, RealizePalette, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, LPtoDP, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileDescriptionA, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateEnhMetaFileA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, CloseEnhMetaFile, BitBlt > user32.dll: CreateWindowExA, mouse_event, WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursorPos, SetCursor, SetClipboardData, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostThreadMessageA, PostQuitMessage, PostMessageA, PeekMessageA, OpenClipboard, OffsetRect, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessageTime, GetMessageExtraInfo, GetMessageA, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, CloseClipboard, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout > kernel32.dll: Sleep > oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit > ole32.dll: CreateStreamOnHGlobal, IsAccelerator, OleDraw, OleSetMenuDescriptor, CoTaskMemFree, ProgIDFromCLSID, StringFromCLSID, CoCreateInstance, CoGetClassObject, CoUninitialize, CoInitialize, IsEqualGUID > oleaut32.dll: GetErrorInfo, GetActiveObject, SysFreeString > advapi32.dll: StartServiceCtrlDispatcherA, SetServiceStatus, RegisterServiceCtrlHandlerA, OpenServiceA, OpenSCManagerA, DeleteService, CreateServiceA, CloseServiceHandle > comctl32.dll: ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create > shell32.dll: ShellExecuteA > URLMON.DLL: URLDownloadToFileA ( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=A1F493E60054DB824ECA07D058F4F400F6E383C7

�룾10��Ӧ��ĳ��ȫ��

2008-08-25T12:22:05Z

10 common security mistakes that should never be made
10��Ӧ��ĳ��ȫ��

Author: Chad Perrin
��ߣ�Chad Perrin

��룺endurer 2008-08-25 ��1��

Category: Security, Authentication, Encryption, Risk Management, Privacy
��ࣺ��ȫ��֤��ܣ��չ��˽

Tags: Password, Security, Chad Perrin
��ǩ��룬��ȫ��Chad Perrin

Ӣ��Դ��http://blogs.techrepublic.com.com/security/?p=542&tag=nl.e101

Read about ten very basic, easily avoided security mistakes that should never be made �� but are among the most common security mistakes people make.

һ��Ķ��˽�10��Ӧ��ķǳ��ڱ��ġ��ȴ��Ƿ��ĳ��ȫ��ա�

��endurerע��1��Read about��֪(�ĺ��֪)��

The following is a list of ten security mistakes I see all the time. They��re not just common, though �� they��re also extremely basic, elementary mistakes, that anyone with a modicum of security knowledge should know better than to make.

��һֱ�ڿ��10��ȫ��б��Ȼ��ǲ��ǳ��ġ��Ҳ�ǳ��ģ��Ĵ��󣬼��κξ��һ��İ�ȫ֪ʶ��˶�Ӧ��֪��Ҫ˵��ˡ�

��endurerע��1��all the time��һֱ��

Sending sensitive data in unencrypted email: Stop sending me passwords, PINs, and account data via unencrypted email. Please. I understand that a lot of customers are too stupid or lazy to use encryption, but I��m not. Even if you��re going to give them what they want, in the form of unencrypted sensitive data sent via email, that doesn��t mean you can��t give me what I want �� secure communications when sending sensitive data.

ʹ��δ��ܵĵ��ʼ����ͨ��δ��ܵĵ��ʼ��Ϳ���ʺ��ݵģ��ͣ��ͻ�̫��̫��ʹ�ü��ܣ��Ҳ��ʹ��ͨ��Ե��ʼ��ԷǼ��ݵķ�ʽ��Ҫ�Ķ��ǣ��ⲻ��ζ��㲻��Ҫ�ġ��ڷ��ʱʹͨ�Ű�ȫ��
Using ��security�� questions whose answers are easily discovered: Social security numbers, mothers�� maiden names, first pets, and birthdays do not constitute a secure means of verifying identity. Requiring an end user to compromise his or her password by specifying a question like that as a means of resetting the password basically ensures that the password itself is useless in preventing anyone that is willing to do a little homework from gaining unauthorized access.

ʹ�ô𰸺��׷��ֵġ��ȫ����ᰲȫ��룬ĸ�׵Ļ�ǰ��1���Լ��գ��һ��ʵ��ݵİ�ȫ�ֶΡ�Ҫ��û�ָ��һ��⣬��Ϊһ��ֶΣ��Э��룬��ȷ�ŵ��ǣ��뱾��ڷ��Ϊ��δ��Ȩ�ķ��ʶ�Ը�⻨�㹦��ʱû��á�

��endurerע��1��be willing to��Ը��,��⡷
Imposing password restrictions that are too strict: The number of cases I��ve seen where some online interface to a system that offers the ability to manage one��s finances �� such as banking Web sites �� impose password restrictions that actually make the interface less secure is simply unacceptable. Six-character numeric passwords are dismayingly common, and the examples only go downhill from there. See a previous article, ��How does bad password policy like this even happen?�� for another example in more detail.

��ƹ�ͷ����ο��һ��ṩ��һ��˲��Ĺ��ܵ�ϵͳ��߽ӿڡ��վ��ʵ��ʹ�ӿ�ȱ�ٰ�ȫ��ǿ��Բ��ܽ��ܵġ��λ��˾�㵵��ͬ��Ҹ��ֻ��仵��ǰһƪ��£��Ļ��λ��أ��ӵ��顣

��endurerע��1��go downhill��仵(ÿ��,˥��)��
Letting vendors define ��good security��: I��ve said before that there��s no such thing as a vendor you can trust. Hopefully you were listening. Ultimately, the only security a corporate vendor really cares about protecting is the security of its own profits and market share. While this sometimes prompts a vendor to improve the security of its products and services, it sometimes prompts exactly the opposite. As such, you must question a vendor��s definition of ��good security��, and you must not let vendors tell you what��s important to you.

�ù�Ӧ��塰��õİ�ȫ����ǰ��˵��û��εĹ�Ӧ�̡�ϣ��գ��˾��Ӧ��ı��Ωһ��ȫ��г�ռ��ʵİ�ȫ��Ȼ��ʱ��ѹ�Ӧ��䰲ȫ��Ʒ�ͷ��񣬵��ʱ��ʾ��෴һ�档��һ��ɹ�Ӧ�̡��õİ�ȫ��Ķ��壬�㲻��ù�Ӧ�̸��ʲô�Ƕ��Ҫ�ġ�

��endurerע��1��no such thing��û�е��
2��market share��г�ռ��ʡ�
Underestimating required security expertise: People in positions of authority in corporations often fail to understand the necessity for specific security expertise. This applies not only to nontechnical managers, but to technical IT managers as well. In fact, standards working groups such as the one that produced the WEP standard often include a lot of very smart technologists, but not a single cryptographer, despite the fact they intend to develop security standards that rely explicitly on cryptographic algorithms.

�͹��Ҫ��ȫרҵ����ҵ��Ȩ�߳��ض��ȫ��ı�Ҫ�ԡ��Ǽ��ԵĹ��Ա��ˣ��Ҽ��Ե�IT��ԱҲ��ʵ�ϣ��ڱ�׼��飬��һ��WEP��׼�ģ��˺ܶ�ܴ��ļ��Ա��һ��ߣ��ʵ��Ǵ��ƶ��İ�ȫ��׼��ܻ��Ե��㷨��
Underestimating the importance of review: Even those with security expertise specific to what they��re trying to accomplish should have their work checked by others with that expertise as well. Peer review is regarded in the security community as something akin to a holy grail of security assurance, and nothing can really be considered secure without being subjected to significant, punishing levels of testing by security experts from outside the original development project.

�͹��Ҫ����ʹ��Щ�а�ȫ��ר��ˣ��Ҫ��ͼ��ɵĹ��ͬ��и�ר��˼�顣�ڰ�ȫ��У�ͬ��鱻��Ϊ��ʥ��İ�ȫ��֤��û��ʲô��δ��൱��ⲿ��չ�ƻ��İ�ȫר�ҵĳ��ˮƽ��ԣ��ر��Ϊ��ȫ��

��endurerע��1��akin to��(��,��ͬ��)
2��peer review��ͬ��
3��Holy Grail��ڡ�ʥ��ʥ��
4��be subjected to��ʹ��,ʹ��ܡ�
Overestimating the importance of secrecy: Many security software developers who make the mistake of underestimating the importance of review couple that with overestimation of the importance of secrecy. They justify a lack of peerreview with hand-waving about how important it is to keep security policies secret. As Kerckoffs�� Principle �� one of the most fundamental in security research �� points out, however, any system whose security relies on the design of the system itself being kept secret is not a system with strong security.

�߹��ܵ��Ҫ����һЩ��˵͹��Ҫ�Եİ�ȫ��ͬʱ�߹��ܵ��Ҫ�ԡ��ҡ��Ҫ��ְ�ȫ��ߵ��Ǻε��ҪΪ��Ϊȱ��ͬ��ѡ�Ȼ��Ϊkerckoffs ��ԭ�򡪡��İ�ȫ��о�֮һ��ָ��κα��ȫ��ϵͳ��Ʊ��ܵ�ϵͳ��һ��ǿ��ȫ��ϵͳ��

��endurerע��1��couple with��һ��(��)
2��Kerckhoffs ��ϵͳ��׼��:��ݵİ�ȫ��Ӧ��Կ��㷨�ı��ܡ��
Requiring easily forged identification: Anything that involves faxing signatures, or sending photocopies or scans of ID cards, is basically just a case of security theater �� putting on a great show without actually providing the genuine article (security, in this case) at all. It is far too easy to forge such second-generation (or worse) low quality copies. In fact, for things like signatures and ID cards, the only way for a copy to serve as useful verification is for it to actually be a good enough copy that it is not recognized as a copy. Put another way, only a successful forgery of the original is a good enough copy to avoid easy forgery.

Ҫ��α��֤����漰��ǩ��Ӱӡ��ɨ��֤�ģ��λ��һ��ȫϷԺ��˴��ݳ��ʵ��ȴû��Ʒ��ȫ��£��ĿǰΪֹ��α��ڶ��ģ��ĸ��̫��ˡ��ʵ��ǩ�ֺ��֤�Ķ��һ�ݿ��Ч�˲��õ�Ψһ��Ҫ��һ��Լ��ĸ��仰˵��ֻ��һ��ɹ��Ʒ��Ǳ��α��㹻�õĸ��

��endurerע��1��genuine article��Ʒ
2��serve as��(�䵱,��...��)��
Unnecessarily reinventing the wheel: Often, developers of new security software are recreating something that already exists without any good reason for doing so. Many software vendors suffer from Not Invented Here disease, and end up creating new software that doesn��t really do anything new or needed. That might not be a big deal, if not for the fact that the new software is often not peer reviewed, makes security mistakes that have already been ironed out of the previous implementation of the idea, and generally just screws things up pretty badly. Whenever creating a new piece of software, consider whether you��re replacing something else that already does that job, and whether your replacement actually does anything different that is important. Then, if it is doing something important and different, think about whether you might be able to just add that to the already existing software so you will not create a whole new bundle of problems by trying to replace it.

��Ҫ��ظ����ͨ��°�ȫ��Ŀ��û��ɵ��´��һЩ�Ѿ��ڵĶ��һЩ��Ӧ�̻��˷��ҷ��֢��մ��û��Ҫ��ûʲô��˵ģ��ͨ��δ��ͬ��飬��ǰ�᳹˼��Ѱ�ƽ�İ�ȫʧ��ͨ��Ū��һ��㡣ÿ��һ��ʱ��˼��һ��Ƿ��滻�Ѿ����ı�Ķ��滻�Ƿ�ȷʵ��ش��Ȼ��Ҫ��Ҳ�ͬ�Ĺ��Ƿ��ܰ��ӵ��ִ��У��Ͳ��ͼ�滻��һ��⡣

��endurerע��1��suffer from��(��...��)
2��Not Invented Here Syndrome��ҷ��֢, ָ��Ը��ܾ�ʹ��˷��ļ��
3��big deal��Ҫ��(�ɺ��)
4��iron out��ƽ��ƽ��˳��
5��screw up��š��(ǿ��,��ǿ,��)
Don't ask them to organize the trip, they'll only screw everything up.��֯��У��׼�ð�һ�ж��ˡ�
6��The bad news has shaken her up pretty badly.�ǻ��Ϣһֱʹ��е��Ȳ��
Giving up the means of your security in exchange for a feeling of security: This is a mistake so absurd to make that I have difficulty formulating an explanation. It is also so common that there��s no way I can leave it out of the list. People give up the keys to their private security kingdoms to anyone who comes along and tells them, ��Trust me, I��m an expert,�� and they do it willingly, eagerly, often without thought. ��Certificate Authorities�� tell you who to trust, thus stripping you of your ability to make your own decisions about trust; Webmail service providers offer on-server encryption and decryption, thus stripping you of end-to-end encryption and control over your own encryption keys; operating systems decide what to execute without your consent, thus stripping you of your ability to protect yourself from mobile malicious code. Don��t give up control of your security to some third party. Sure, you may not be able to develop a good security program or policy yourself, but that doesn��t mean the program or policy shouldn��t give you control over its operation on your behalf.

��ȫ�ֶΣ��ȡ��ȫ����һ��󣬻��ڽ��ͣ��ձ飬��޷��嵥��޳��ֻҪ��ƣ��ң��һ��ר�ң��ǾͻὫ��˽��ȫ��Կ��˫�ַ��ϣ��ĸ��Ը��У�ͨ��˼�� ֤��䷢��˭��Ӷ��Լ��ľ��Webmail��Ӧ��ṩ�˷��˵ļ��ܺͽ��ܣ��Ӷ��Ķ˶Զ˼��ܺͶ��Կ�Ŀ��ƣ��ϵͳ��ִ��ʲô��ͬ�⣬�Ӷ��㱣��Լ��ƶ��ֺ��Ҫ��ȫ��ƶ��Ȼ��Լ�δ��ܹ��һ��õİ�ȫ��ԣ��Ⲣ��ζ�Ÿó��Բ�Ӧ��Ϊ��

��endurerע��1��in exchange for��(��)
2��give control over��...��ơ�

÷��Ǿ�ɱ ��͢��ھ�

2008-08-24T09:15:39Z

��ʱ��8��23��12ʱ��29�챱��˻��ڹ��񳲡��졣

��58��ӣ�÷��ų��ֱ��߶��ͻ��Գ��Ž��ڽ��侲��÷֣�

��͢1��0��ǣ��ھ��

��ڰ��ϣ��Ƿ��ص�λ��λ��Ϭ��Ϊ�˵͵��Ҫ��Ա��ޱ��è��ա�

��͢3:0��ʤ ��2��ƣ�ˬ��

2008-08-20T21:32:14Z

��͢3:0��ʤ ��2��ƣ�ˬ��

��19�հ��˻��͢�� vs ��

��ǰδ��͵İ��޲��Ȼ�ð��ӿ��~

��°�ʱ��ʼ7��ӣ��Ӹ��·��÷��ù��ڽ��14�״��Ŵ��б��Զ�ǣ��ǰ7�״��á��ϵ�֮�ء��ײ��1:0��

��ƴ��Ь��ˡ�׼��ѥ?

��58��ӣ��·��÷��̴��Ҳ�ָ��ϵļ��ף��ҽŴ��·��ǰ3�״��Զ�ǣ�2:0��

��75��ӣ�÷��·��ֱ��޽��Ҳ�ת��ѱ��ŵ��˶�÷��ҽ��ư��·��3:0��

��81��ӣ�¬��˹��ֶ��˹��ŵ��Ʒ��£�

��84��ӣ��ά˹��ɨ��˹��ŵ��Ҳ��⡣

��͢��3��0��ʤ��

��ª�ġ�ϡ��ձ��ԭ�Σ�ˬ��

��ɱ��Windows��ͼ��ʾ��

2008-08-19T11:34:16Z

��ɱ��Windows��ͼ��ʾ��

endurer ԭ��
2008-08-19 ��1��

��һλͬ�µĵ��Կ��Windows��ͼ��ʾ��ż��æ��ޡ�

��ǰ��ʱ��滻explorer.exe��Գ��о��ǵ��б��ˡ�

��鿴��̣��Ȼû��explorer.exe��Ҳû�з��쳣��̡�

��½�һ��ʾ��dir��飬��c:\windows�µ�explorer.exe��ڣ��fc��system32\dllcache��explorer.exe��ͬ��ļ��޸�ʱ��2004�꣬��Ƕ��Ļ��Ʒ��

��ǿ��ȫ��ּ��Ҳû�з��쳣��

��explorer.exe��ͼ�궼��ʾ��ˡ�

��Ƿ��ǽҲ��ˣ��ɱ��ʵʱ��û�г��֣��ֶ��ֶ��ʾ�Ѿ��°汾��

��ԣ��ɡ�

��ѯ��ͬ�µ�֪��ء��һ��Ķ��

��᲻��Ķ��Ӱ��ɱ��explorer.exe�޷��أ�

��޸��װ��ɱ��Ȼ��ԣ��ˡ�

�룾ϷŪ�û��Ķ��缰��Ч��

2008-08-16T23:51:59Z

Pranks and their effects
��缰��Ч��

Author: Jeff Dray
��ߣ�Jeff Dray

��룺endurer, 2008-08-16 ��1��

Category: General, Customer Relations, Training, windows, Help desk
��ࣺ��棬�ͻ��ϵ��ѵ��ڣ��

Tags: Computer, Desktops, Productivity, Hardware, Jeff Dray
��ǩ��ԣ��ʣ�Ӳ��Jeff Dray

Ӣ��Դ��http://blogs.techrepublic.com.com/helpdesk/?p=267&tag=nl.e101

Over the years there have been many pranks played on users �C some highly amusing and some downright malicious. When Windows 95 arrived and the new style desktop appeared, we had a great deal of fun with a user who insisted on fiddling with absolutely everything.

��Щ��ϷŪ�û��Ķ��硪��Щ�ǳ��Ȥ��Щ��ȫ�񶾵ġ��Windows 95��·��ʱ��һ��û��صĺܴ��Ȥ�£��û��ֶ��ذ�Ūһ�С�

��endurerע��1��Over the years��
2��play on��(��,��,��...��ҫ,��)
3��insist on��(ǿ��,��Ҫ��,��)
4��fiddle with��Ū,��Ū,Ū��١�

��-

Back in the midst of time �� well, 1995 actually �� I installed my first copy of Windows 95 from a stack of 3.5 inch floppies. It was soon apparent that it was a bit different from the system we had been using up to that point.

��ڡ��ʵ��1995�ꡪ��һ��3.5Ӣ��̰�װ�˵�1��Windows 95�Ŀ��ʹ�õ�ϵͳ��һ�㲻ͬ�漴��֡�

��endurerע��1��in the midst of��...��С�

As soon as it was rolled out to the first users, the problems started to pour in. These were mostly related to unfamiliarity and compatibility, but many questions related to altering settings. There being no security on this version, it was easy for users to destroy the system while trying to customize the appearance.

��һ��һ��û��Ϳ�ʼ��ӿ�֡��Щ��벻��Ϥ�ͼ��йأ��Ҳ��漰��ı��á��汾��ȫ��û��ͼ�Զ��ʱ��ƻ�ϵͳ��

��endurerע��1��As soon as��һ...��
2��roll out��ƽ(ת��)
3��pour in��ӿ��,��ӵ��
4��be related to��...�йء�

One guy became a regular headache, managing to delete important system files on more than one occasion, so we devised our vengeance.

��һ�һ��𽥱�þ��ͷʹ��ڲ�ֹһ��跨ɾ��Ҫ��ϵͳ�ļ�.��ˣ��ƶ��˱��

��endurerע��1��manage to��ɣ��跨��

We took a screenshot of his desktop and set it as his wallpaper.

��ȡ��Ļ��ͼ��ҽ��Ϊ��ǽֽ��

Next we moved all his desktop icons into one stack, with My Computer on the top, then moved the stack onto the image of the My Computer image on the screen shot.

Ȼ��ǽ��ͼ��Ƴ�һ�ѣ��ҵĵ��ԡ��ڶ��ˣ��Ű��Ƶ��Ļ��ͼ�ϵġ��ҵĵ��ԡ�ͼ��ϡ�

Then, we went back to our office and waited for the call.

��ǻص��칫�ҵȴ��绰��

��Hi guys, I��ve got another problem �� could one of you pop up and take a look please?��

��ι��λ��⡪��һλ��𣿡�

��endurerע��1��Hi, guys! ι��λ��

��What seems to be the trouble?��

��ʲô�鷳�أ��

��None of my desktop icons are working.��

��ҵ��ͼ��һ��û��á��

��What, none of them?��
��ʲô��һ��У��

��No.��

��ǵġ��

��Have you tried them all?��

��Ѿ��Ƕ��Թ��𣿡�

This user had set up almost a screen full of shortcuts and spent the next few minutes clicking through all of them. Eventually he returned to the phone:

��û��Ѿ��˼��Ļ�Ŀ�ݷ�ʽ��˽��ļ��ȫ��ػ��

��The only one that is working is My Computer.��

��Ωһ�ܹ��ͼ��ҵĵ��ԡ��

There was a combined drawing in of breath from our side of the phone connection.

�ҷ��ĵ绰��ͳһ�˿ھ��

��endurerע��1��drawing in��ġ�

��Just the My Computer icon, you say?��

��˵��ֻ��ҵĵ��ͼ�ꣿ��

��Yes, is that bad?��

��ǵģ��𣿡�

More sucking of teeth.

��We��ll have to take it in for repair; it��s a well known problem, a new virus called Desktop Paralysis. It might take a day or two to fix.��

��ǽ�ֻ��ȡ��ά�ޣ��һ��֪��⣬һ��Ϊ��̱��Ĳ��Ҫһ��޸��

��endurerע��1��take in��(��,��,��,��ƭ,�ս�,��,��...��Կ��)��

We took a trolley up to the second floor, collected the PC, and brought it back to our lair, where we put it up on a shelf until after the weekend.

��Ƴ��϶�¥��̨��ԣ��ص��ǵ��ѣ��ŵ��ϣ�ֱ��ĩ��

When we returned the unit, minus the screenshot, the user was contrite; he wondered what he could do to avoid any further problems.

��ǻص��λ��ȥ��Ļ��ͼ��Ǹ��û�ʹ��ˣ��֪��Щʲô��κν�һ��⡣

We delivered our demands, in the form of sound advice. We showed him which system folders were out of bounds; we made sure that he connected to the Internet only through our proxy server, rather than through his own dial-up modem; and we brought the company��s policy on the standard corporate desktop image to his attention.

��Ҹ��ʽ��ǵ�Ҫ��Ǳ��ĸ�ϵͳ�ļ��Խ��ˣ��ȷ��ֻͨ��ǵĴ��ӵ��ͨ��Լ��Ĳ��ŵ��ƽ��˸ù�˾�淶��ҵ��ͼ��ע�⡣

��endurerע��1��sound advice��Ҹ�
2��out of bounds��Խ��(Խ��,��ֹ��)
3��bring on��(ʹ�ɳ�,��չ,ǰ��,��)��

Surprisingly, he wrote a letter to the head of IT, praising us to the heights about our caring service, our in-depth product knowledge, and our readiness to help out in a crisis.

��˸е��ǣ��д�Ÿ�IT�쵼��߶ȵس��ǵ��Ĳ�Ʒ֪ʶ��Լ��Σ�ȼ��ݡ�

��endurerע��1��out in��Զ��(��)��

All we had thought of was getting through a couple of days without getting a call from him.

��ȫ�϶��û�нӵ��ĵ绰��

��endurerע��1��thoughts of��˼��, �뷨
2��get through��(��,ͨ��,��)��

�� > ��Ϊ�ķ��δ�ܶ��һ��

2008-08-09T21:11:40Z

Behavior-based AV solutions cannot stand alone
��Ϊ�ķ��δ�ܶ��һ��

Author: Tom Olzak
��ߣ�Tom Olzak

��룺endurer��2008-08-09 ��1��

Category: Security, Virus, Threats, Intrusion Detection, Antivirus, Spyware, Malware, Internet
��ࣺ��ȫ��в��ּ�⣬��

Tags: Malware, Behavior Analysis, Signature Comparison, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Tom Olzak
��ǩ��Ϊ��Ƚϣ�� & ��в��棬��ȫ��Tom Olzak

Ӣ��Դ��http://blogs.techrepublic.com.com/security/?p=531&tag=nl.e101

Someday, behavior analysis might replace signature comparison in AV solutions.  But I don��t think so.  Like all security controls, these two approaches to detecting malware are layered defenses, supporting each other, identifying threats the other misses.

ĳһ�죬��Ϊ��ڷ��ȡ��Ƚϡ��Ҳ��ô��Ϊ��а�ȫ��һ��ּ��ķ��ǲ��֧�֣��Է�©��в��

Not every break-through security product is a good idea, an effective solution for protecting devices from the effects of malware attacks.  This seems to be the case with a new product called NovaShield AntiMalware 2.0.

��ÿ��ͻ��Եİ�ȫ��Ʒ��һ��õ��⣬һ��豸��ܶ��Ӱ��Ч��һ��Ϊŵ�߶ܷ��NovaShield AntiMalware�� 2.0��²�Ʒ��

Earlier this year, NovaShield, Inc. announced that it had received a $500,000 grant from the U.S. National Science Foundation (NSF) to enable completion and introduction of a new behavior-based anti-malware product (RedOrbit, 3 March 2008).   Detecting malware based on behavior instead of the traditional signature comparison approach is touted as being a better defense against zero-day attacks.  Attacks that occur before AV vendors can update customer signature files.  I agree with this view, but I��ve yet to see a product that effectively defense using behavior heuristics alone, without support from signature reviews.  NovaShield AntiMalware 2.0, released this week and priced at $19.95, seems to reinforce this point.

��Щʱ��NovaShield, Inc��յ��ҿ�ѧ��ᣨNSF��500��000��Ԫ����ʹ�µĻ��Ϊ�ķ��Ʒ�ܹ��ɲ��ƽ飨redorbit��2006��3��3�գ��û��Ϊ��ͳ��Ƚϵķ��һ��Ϊ�Ը��չ��ĸ��õķ��ù��ڷ��Ʒ��Ӧ��ͻ��ļ�֮ǰ��ͬ��۵㣬��һ�û�п��һ��ʹ��Ϊ��ʽ��븴��Ч��Ĳ�Ʒ��ܷ��ġ��ۼ�19.95��Ԫ��߶ܷ��2.0��ƺ��Ԯ��һ�㡣

Neil J. Rubenking posted the results of his NovaShield test at pcmag.com.  He gave it a rating of ��Poor,�� with the following bottom line comments:

Neil J. Rubenking��ŵ�߶��pcmag.com��ԵĽ��Poor��ѷ��ȼ��н��ע��ۣ�

��endurerע��1��bottom line��ĩ��,��
NovaShield AntiMalware aims to block malware by detecting malicious behaviors. In testing it was a near-total flop, though it detected several valid utilities as ��high risk�� threats. And it rendered two test systems unusable. There��s no reason to buy this when you can get ThreatFire free.

ŵ�߶ܷ��ּ��ͨ��Ϊ��ڲ��У��ʧ�ܣ��ܼ�⵽�˼��߷��ա��в��Ч��á��ṩ��ϵͳ�޷�ʹ�á��ѵõ�ThreatFireʱ��û��ɹ��ò�Ʒ�ˡ�

��endurerע��1��aim to��Ŀ��(ּ��,־��)
2��ThreatFireǰ��ΪCyberhawk��PCTools�չ��ĸ��ΪThreatFire��һ��ͳ��ȫ��ĸ��,��ֲ��ഫͳ��ȫ��ĵط�,��ThreatFire�Լ��˵��,��ԭ�еķ��ǽ��桷
The only positive Rubenking had to say was it installed quickly.

Ωһ��˵��װ��١�

NovaShield isn��t the only AV vendor trying to get to market with a behavior analysis engine.  As mentioned in the PC Magazine review, ThreatFire is a free behavior detection product, but the company positions its product as a supplement to signature-based solutions.  Not a replacement.  Figure 1 depicts alleged detection improvements when using ThreatFire with popular AV products.

ŵ�߶ܲ��Ωһһ��Ϊ��ȡ�г��ķ��Ʒ��Ӧ�̡�PC Magazine��ᵽ��ThreatFire��һ��ѵ��Ϊ��Ʒ��˾��ò�Ʒ��λΪ��Ľ��Ĳ��䣬��Ǵ��Ʒ��ͼ1��˵�ThreatFire��threatfire��еķ��Ʒ��ʹ��ʱ�ļ��

Figure 1: Increased Protection when Using ThreatFire
ͼ1��ʹ��ThreatFireʱ��ӵı��
All the main AV vendors (e.g. McAfee, Trend, and Symantec) have integrated some level of behavior analysis into their malware defense products.  However, none are making claims that behavior heuristics alone provide sufficient protection.

��е��Ҫ��Ʒ�ṩ�̣��˷�, ��ƿƼ�, �� ˣ��ѽ�һЩ��Ϊ��ɵ��Ʒ�С�Ȼ��û��һ��Ϊ��ʽ��ṩ��ߵı��

Someday, behavior analysis might replace signature comparison in AV solutions.  But I don��t think so.  Like all security controls, these two approaches to detecting malware are layered defenses, supporting each other, identifying threats the other  misses.  Whether located on desktops or in intrusion defense appliances, only a combination of the two provides sufficient protection to networks and end-user devices.
ĳһ�죬��Ϊ��ڷ��참��ȡ��Ƚϡ��Ҳ��ô��Ϊ��а�ȫ��һ��ּ��ķ��ǲ��֧�֣��Է�©��в��ϵͳ��ַ��Ӧ�ó��У�ֻ��ߵĽ�ϲ��ն��û��豸�ṩ�㹻�ı��

��ӭ����endurer@bokee

BaiDu/�ٶ����������˲�ֹ

BaiDu/�ٶ����������˲�ֹ

s.exe,4f4.exe,8g4.dll,fh8.dll

����scvhost.exe,kcohj1ba.sys,4f4.exe,w509v.sys,8g4.dll,307b.dll��

�룾10����Ӧ���ĳ�����ȫ����

÷�������������Ǿ�ɱ ����͢������������ھ�

����͢3:0��ʤ ����2�����ƣ�ˬ��

����ɱ����������Windows�����������������ͼ������ʾ��

�룾ϷŪ�û��Ķ����缰��Ч��

�� > ������Ϊ�ķ������������δ�ܶ���һ��

��ӭ��endurer@bokee

BaiDu/�ٶ��˲�ֹ

BaiDu/�ٶ��˲�ֹ

��scvhost.exe,kcohj1ba.sys,4f4.exe,w509v.sys,8g4.dll,307b.dll��

�룾10��Ӧ��ĳ��ȫ��

÷��Ǿ�ɱ ��͢��ھ�

��͢3:0��ʤ ��2��ƣ�ˬ��

��ɱ��Windows��ͼ��ʾ��

�룾ϷŪ�û��Ķ��缰��Ч��

�� > ��Ϊ�ķ��δ�ܶ��һ��