Board logo

标题: 【ZT 】炒冷饭:QQ的强制扫描底裤功能 [打印本页]
作者: 老西    时间: 2009-11-5 08:55     标题: 【ZT 】炒冷饭:QQ的强制扫描底裤功能


原帖作者: 123

QQ强制扫描底裤功能  (炒冷饭,看兄弟们有无新内容了~ 


MSN,TOM的SKYPE,暴风,瑞星,等一系列国产软件后台都有一个木马程序,用来监视你硬盘上"别有用心的内容"然后整理上报……
    
  http://www.onlinedown.net/soft/8986.htm

      FileMon 7.04 汉化版
       
  此软件可以检测出来
      
  8189 22:55:00 QQ.exe:3800 FASTIO_QUERY_STANDARD_INFO E:\vmware_cn\VMMount\vstor2-ws60.sys SUCCESS Length: 19504
  8190 22:55:00 QQ.exe:3800 IRP_MJ_CLEANUP E:\vmware_cn\VMMount\vstor2-ws60.sys SUCCESS
  8191 22:55:00 QQ.exe:3800 IRP_MJ_CLOSE E:\vmware_cn\VMMount\vstor2-ws60.sys SUCCESS
  8192 22:55:00 QQ.exe:3800 FASTIO_QUERY_STANDARD_INFO E:\vmware_cn\VMMount\vstor2-ws60.sys SUCCESS Length: 19504
  8193 22:55:00 QQ.exe:3800 FASTIO_READ E:\vmware_cn\VMMount\vstor2-ws60.sys SUCCESS Offset: 0 Length: 64
  8194 22:55:00 QQ.exe:3800 FASTIO_READ E:\vmware_cn\VMMount\vstor2-ws60.sys SUCCESS Offset: 600 Length: 248
  8195 22:55:00 QQ.exe:3800 FASTIO_READ E:\vmware_cn\VMMount\vstor2-ws60.sys SUCCESS Offset: 848 Length: 240
  8196 22:55:00 QQ.exe:3800 FASTIO_QUERY_STANDARD_INFO E:\vmware_cn\VMMount\vstor2-ws60.sys SUCCESS Length: 19504
  8197 22:55:00 QQ.exe:3800 FASTIO_QUERY_STANDARD_INFO E:\vmware_cn\VMMount\vstor2-ws60.sys SUCCESS Length: 19504
  8198 22:55:00 QQ.exe:3800 FASTIO_READ E:\vmware_cn\VMMount\vstor2-ws60.sys SUCCESS Offset: 1152 Length: 18352
  8199 22:55:00 QQ.exe:3800 FASTIO_QUERY_STANDARD_INFO E:\vmware_cn\VMMount\vstor2-ws60.sys SUCCESS Length: 19504
  8200 22:55:00 QQ.exe:3800 FASTIO_READ E:\vmware_cn\VMMount\vstor2-ws60.sys SUCCESS Offset: 9344 Length: 10160
  8201 22:55:00 QQ.exe:3800 FASTIO_QUERY_STANDARD_INFO E:\vmware_cn\VMMount\vstor2-ws60.sys SUCCESS Length: 19504
  8202 22:55:00 QQ.exe:3800 FASTIO_READ E:\vmware_cn\VMMount\vstor2-ws60.sys SUCCESS Offset: 15408 Length: 4096
  8203 22:55:00 QQ.exe:3800 FASTIO_QUERY_STANDARD_INFO E:\vmware_cn\VMMount\vstor2-ws60.sys SUCCESS Length: 19504
  8204 22:55:00 QQ.exe:3800 FASTIO_READ E:\vmware_cn\VMMount\vstor2-ws60.sys SUCCESS Offset: 12544 Length: 2048
  8205 22:55:00 QQ.exe:3800 IRP_MJ_CLEANUP E:\vmware_cn\VMMount\vstor2-ws60.sys SUCCESS
  8206 22:55:01 QQ.exe:3800 IRP_MJ_CREATE E:\Autorun.inf NOT FOUND Options: Open Access: Read
  8207 22:55:01 QQ.exe:3800 IRP_MJ_CREATE F:\Autorun.inf NOT FOUND Options: Open Access: Read
  8208 22:55:01 QQ.exe:3800 IRP_MJ_CREATE G:\Autorun.inf NOT FOUND Options: Open Access: Read
  8209 22:55:01 QQ.exe:3800 IRP_MJ_CREATE \\.\Pipe\srvsvc SUCCESS Options: Open Access: 0012019F
  8210 22:55:01 QQ.exe:3800 IRP_MJ_SET_INFORMATION \\.\Pipe\srvsvc SUCCESS FilePipeInformation
作者: lkblade    时间: 2009-11-5 08:58

太可恶了
作者: big_jackass    时间: 2009-11-5 08:59

QQ基本不用,正准备要卸载呢
作者: cheermule    时间: 2009-11-5 11:32

提示: 作者被禁止或删除 内容自动屏蔽
作者: yulaoyuhuhu    时间: 2009-11-5 13:03

提示: 作者被禁止或删除 内容自动屏蔽
作者: well530    时间: 2009-11-5 13:08     标题: 回复 4# cheermule 的帖子

朋友,具体说一下怎么操作和原理
作者: ggnarsil    时间: 2009-11-5 13:55

在这样的话 改用mim



欢迎光临 ::电驴基地:: (https://www.cmule.com/) Powered by Discuz! 6.0.0