| 病毒的IFEO映像劫持技术 |
| 映像胁持的基本原理 |
| PCWorld.COM.CN | 2008-04-21 13:32:36 | |
|
三、映像胁持的基本原理:
NT系统在试图执行一个从命令行调用的可执行文件运行请求时,先会检查运行程序是不是可执行文件,如果是的话,再检查格式的,然后就会检查是否存在。如果不存在的话,它会提示系统找不到文件或者是“指定的路径不正确等等。当然,把这些键删除后,程序就可以运行!
四、映像胁持的具体案例:
引用JM的jzb770325001版主的一个分析案例,蔚为壮观的IFEO,稍微有些名气的都挂了:
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavp.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAgentSvr.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsCCenter.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRav.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRavMonD.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRavStub.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRavTask.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options fwcfg.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options fwsrv.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRsAgent.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRsaupd.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options uniep.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsSmartUp.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsFileDsty.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRegClean.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsðtray.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsðSafe.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsðrpt.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionskabaload.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionssafelive.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRas.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKASMain.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKASTask.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAV32.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVDX.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVStart.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKISLnchr.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKMailMon.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKMFilter.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKPFW32.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKPFW32X.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKPFWSvc.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKWatch9x.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKWatch.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKWatchX.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsTrojanDetector.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsUpLive.EXE.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVSrvXP.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKvDetect.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKRegEx.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionskvol.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionskvolself.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionskvupload.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionskvwsc.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsUIHost.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsIceSword.exe |
| |
| |
| 上一页:什么是映像胁持(IFEO) |
| |
|
|
| |
| 相关文章 |
· 病毒伪装的一些最常用进程 2008-04-15 19:47:45
· 控制台部署对病毒IP安全策略 2008-04-14 17:57:09
· 五招分辨“磁碟机”病毒 2008-04-10 09:41:30
· 有效防范局域网病毒入侵的方法 2008-04-09 14:44:38 |
| |
| |
| PCWorld社区 |
|
