
获得徽章 23
- 评论点赞
- 夜神模拟器被攻击了?可能会下发恶意程序?
直接说检测和预防方法:
How to determine if I received a malicious update or not: check if any ongoing process has an active network connection with known active C&C servers, or see if any of the malware based on the file names we provided in the report is installed in:
C:\ProgramData\Sandboxie\SbieIni.dat
C:\ProgramData\Sandboxie\SbieDll.dll
C:\ProgramData\LoGiTech\LBTServ.dll
C:\Program Files\Internet Explorer\ieproxysocket64.dll
C:\Program Files\Internet Explorer\ieproxysocket.dll
a file named %LOCALAPPDATA%\Nox\update\UpdatePackageSilence.exe not digitally signed by BigNox.
How to stay safe:
In case of intrusion – standard reinstall from clean media.
For non-compromised users: do not download any updates until BigNox notifies that it has mitigated the threat.
简单的来说:
禁用自动更新~
原文:www.welivesecurity.com
展开5点赞