4月28日
某天再次搜索软件, 虽然没有去第一次中招的那个网站, 不料再次中招. 还是木马, 这次的经历却出乎我的意料. 中招后, 首先采用老办法: 用卡巴斯基的免费在线查毒检查病毒, 果然发现好大一捆木马. 在检查的同时使用Windows的添加删除卸载(uninstall)几个明显的木马.
然而这次却出现了很大的不同:
(1) Uninstall中发现的木马名字和上次一样: NetMonitor和Command, 但是在Uninstall的时候却发现两个软件都打开了网页, 而且机器速度变得很慢. 我意识到被欺骗了, 卸载程序在后台偷偷摸摸地安装新的木马, 木马的开发者用心险恶! 虽然最后这两个程序都被删除, 但是显然被安装了其它的东西, sigh~~~
(2)继续采用卡巴斯基查毒, 然而这次木马却在查毒过程中弹出很多窗口, 其中某些窗口出现Javascript运行错误. 可是你一点击错误窗口中的关闭按钮, 所有的浏览器窗口都被关闭, 包括正在在线查毒的卡巴斯基窗口. 因此只能任由这些窗口布满整个屏幕, 无奈.
(3) 然而这两个不同并不是致命的. 最可怕的事情莫过于卡巴斯基也无法查出的木马, 在顺利完成了所有的操作以后, 发现IE仍然弹出各种广告窗口, 期待发现最终解决方案
| Infected Object Name |
Virus Name |
Last Action |
| C:\WINNT\SYSTEM32\1D.tmp |
Infected: Trojan-Proxy.Win32.Ranky.bz |
skipped |
| C:\WINNT\SYSTEM32\23.tmp |
Infected: Trojan-Proxy.Win32.Ranky.bz |
skipped |
| C:\WINNT\SYSTEM32\25.tmp |
Infected: Trojan-Proxy.Win32.Ranky.bz |
skipped |
| C:\WINNT\SYSTEM32\26.tmp |
Infected: Trojan-Proxy.Win32.Ranky.bz |
skipped |
| C:\WINNT\SYSTEM32\28.tmp |
Infected: Trojan-Proxy.Win32.Ranky.bz |
skipped |
| C:\WINNT\SYSTEM32\29.tmp |
Infected: Trojan-Proxy.Win32.Ranky.bz |
skipped |
| C:\WINNT\SYSTEM32\2A.tmp |
Infected: Trojan-Proxy.Win32.Ranky.bz |
skipped |
| C:\WINNT\SYSTEM32\2C.tmp |
Infected: Backdoor.Win32.IRCBot.ex |
skipped |
| C:\WINNT\SYSTEM32\.exe |
Infected: Backdoor.Win32.IRCBot.ex |
skipped |
| C:\WINNT\SYSTEM32\39.tmp |
Infected: Trojan-Proxy.Win32.Ranky.ca |
skipped |
| C:\WINNT\SYSTEM32\3A.tmp |
Infected: Trojan-Proxy.Win32.Ranky.ca |
skipped |
| C:\WINNT\SYSTEM32\3B.tmp |
Infected: Trojan-Proxy.Win32.Ranky.ca |
skipped |
| C:\WINNT\SYSTEM32\3D.tmp |
Infected: Trojan-Proxy.Win32.Ranky.ca |
skipped |
| C:\WINNT\SYSTEM32\3F.tmp |
Infected: Trojan-Proxy.Win32.Ranky.ca |
skipped |
| C:\WINNT\SYSTEM32\40.tmp |
Infected: Trojan-Proxy.Win32.Ranky.ca |
skipped |
| C:\WINNT\SYSTEM32\41.tmp |
Infected: Trojan-Proxy.Win32.Ranky.ca |
skipped |
| C:\WINNT\SYSTEM32\43.tmp |
Infected: Trojan-Proxy.Win32.Ranky.ca |
skipped |
| C:\WINNT\SYSTEM32\44.tmp |
Infected: Trojan-Proxy.Win32.Ranky.ca |
skipped |
| C:\WINNT\SYSTEM32\45.tmp |
Infected: Trojan-Proxy.Win32.Ranky.ca |
skipped |
| C:\WINNT\SYSTEM32\46.tmp |
Infected: Trojan-Proxy.Win32.Ranky.ca |
skipped |
| C:\WINNT\SYSTEM32\48.tmp |
Infected: Trojan-Proxy.Win32.Ranky.ca |
skipped |
| C:\WINNT\SYSTEM32\49.tmp |
Infected: Trojan-Proxy.Win32.Ranky.ca |
skipped |
| C:\WINNT\SYSTEM32\4D.tmp |
Infected: Trojan-Proxy.Win32.Ranky.ca |
skipped |
| C:\WINNT\SYSTEM32\4E.tmp |
Infected: Trojan-Proxy.Win32.Ranky.ca |
skipped |
| C:\WINNT\SYSTEM32\50.tmp |
Infected: Trojan-Proxy.Win32.Ranky.ca |
skipped |
| C:\WINNT\SYSTEM32\57.tmp |
Infected: Trojan-Proxy.Win32.Ranky.ce |
skipped |
| C:\WINNT\SYSTEM32\58.tmp |
Infected: Trojan-Proxy.Win32.Ranky.ce |
skipped |
| C:\WINNT\SYSTEM32\5A.tmp |
Infected: Trojan-Proxy.Win32.Ranky.ce |
skipped |
| C:\WINNT\SYSTEM32\5E.tmp |
Infected: Trojan-Proxy.Win32.Ranky.ce |
skipped |
| C:\WINNT\SYSTEM32\60.tmp |
Infected: Trojan-Proxy.Win32.Ranky.ce |
skipped |
| C:\WINNT\SYSTEM32\15D.tmp |
Infected: Trojan-Proxy.Win32.Ranky.ce |
skipped |
| C:\WINNT\Downloaded Program Files\3631382D2D2D.exe |
Infected: Trojan-Downloader.Win32.Adload.ai |
skipped |
| C:\WINNT\DH.dll |
Infected: Trojan-Clicker.Win32.Small.jf |
skipped |
| C:\WINNT\DH.dll_ |
Infected: Trojan-Clicker.Win32.Small.jf |
skipped |
| C:\windows\keyboard14.exe |
Infected: Trojan.Win32.StartPage.aiy |
skipped |
| C:\windows\mousepad14.exe |
Infected: Trojan-Clicker.Win32.VB.mo |
skipped |
| C:\windows\newname14.exe |
Infected: Trojan-Downloader.Win32.VB.ri |
skipped |
| C:\windows\MTE3NDI6ODoxNg.exe |
Infected: Trojan-Downloader.Win32.Small.buy |
skipped |
| C:\drsmartload1.exe |
Infected: Trojan-Downloader.Win32.Adload.ap |
skipped |
| C:\drsmartload45a.exe |
Infected: Trojan-Downloader.Win32.Adload.aw |
skipped |
| C:\drsmartload46a.exe |
Infected: Trojan-Downloader.Win32.Adload.aw |
skipped |
3月2日
和SE的策略类似, Nokia也是和内容提供商合作, 他们的应用是基于位置的相片标记, 位置信息来源于各种可能的途径, 可能是CellID, 也可能是GPS.
看来无线应用的基本模式如下: 移动设备生产商 + 内容提供商 + 无线运营商
也许这就是一个成功的模式吧
Yahoo launched a tagging app that automatically provides labels or captions for images indicating the place where the photograph was taken. The program works by deriving location data from cellular sites near the photographed location, but users with a Bluetooth GPS unit can find the specific GPS coordinates with a cell ID. Yahoo can determine an exact location for GPS enabled users because the cell ID includes city, state and zip code. The program also uploads the automatically captioned images to Yahoo's photosharing site, Flikr. Currently the service only works with Nokia Series 60 mobile phones, but users say it's full of flaws. Yahoo's response? It'll improve as more people start to use it.
ツール 
