|
explorer.exe (6.0.2800.1221)
包含在软件 |
|---|
| 名字: | Windows XP Home Edition, Deutsch |
|---|
| 执照: | 商业 |
|---|
| 信息链接: | http://www.microsoft.com/windowsxp/ |
|---|
文件细节 |
|---|
| 文件道路: | C:\WINDOWS\system32\dllcache \ explorer.exe |
|---|
| 文件日期: | 2003-05-29 11:48:20 |
|---|
| 版本: | 6.0.2800.1221 |
|---|
| 文件大小: | 999.424 字节 |
|---|
检查和和文件hashes |
|---|
| CRC32: | 95015ED |
|---|
| MD5: | 0589 140C 62D1 A5D1 ADC1 3C79 2661 22DA |
|---|
| SHA1: | ECD5 A9DF BA94 BDD9 92A2 86B8 12AE 1FC0 0224 8F8E |
|---|
版本资源信息 |
|---|
| 公司名称: | Microsoft Corporation |
|---|
| 文件描述: | Windows Explorer |
|---|
| 文件操作系统: | Windows NT, Windows 2000, Windows XP, Windows 2003 |
|---|
| 文件类型: | Application |
|---|
| 文件版本: | 6.0.2800.1221 |
|---|
| 内部名: | explorer |
|---|
| 法律版权: | Microsoft Corporation. Alle Rechte vorbehalten. |
|---|
| 原始的文件名: | EXPLORER.EXE |
|---|
| 产品名称: | Betriebssystem Microsoft Windows |
|---|
| 产品版本: | 6.0.2800.1221 |
|---|
explorer.exe 被发现了在以下报告:
|
|
|---|
Trojan.Eurosol |
|---|
关于Trojan.Eurosol
...It does this by modifying the System.ini file and appending itself to the shell = Explorer.exe line in the [boot] section....
撤除指示
...similar to the following: shell=Explorer.exe <additional text added by Trojan>...
...Delete all text (on the shell=Explorer.exe line only) that is to the right of Explorer.exe....
...done, the line should read: shell=Explorer.exe Click File, click Exit, and...
来源: http://securityresponse.symantec.com/avcenter/venc/data/trojan.eurosol.html |
|---|
W97M.Heathen.12288.A |
|---|
关于Trojan.Eurosol
...Even when it works under a Windows 95 system, the modified EXPLORER.EXE becomes unstable. It may also crash MS Word...
威胁评估
...Similar to the way it tricks Windows to replace EXPLORER.EXE with HEATHEN.VEX, the virus adds a WININIT.INI file that contains: [rename] nul=System.dat...
技术细节
...infect MS Word 97 documents. 3. The virus modifies EXPLORER.EXE in the WINDOWS directory....
...modification adds a loading routine such that HEATHEN.VDL gets loaded every time EXPLORER.EXE is executed. 4. If it fails to modify EXPLORER.EXE...
...Then, it modifies HEATHEN.VEX. To have EXPLORER.EXE replaced by HEATHEN.VEX, the virus creates a WININIT.INI file that contains:...
...[rename] C:WINDOWSExplorer.exe=C:WINDOWSHeathen.vex This instruction in the WININIT.INI...
...file upon the next startup. When a modified EXPLORER.EXE runs, the following events occur:...
撤除指示
...Unfortunately, the modification to EXPLORER.EXE is irreversible. EXPLORER.EXE needs to be restored...
...from a clean copy. A clean copy of EXPLORER.EXE can be found on the Windows Installation CD:...
来源: http://securityresponse.symantec.com/avcenter/venc/data/w97m.heathen.12288.a.html |
|---|
Bloodhound.Exploit.14 |
|---|
关于Trojan.Eurosol
...image files that could be used to exploit a Denial of Service (DoS) vulnerability in Explorer.exe on Microsoft Windows XP. The files that are detected...
技术细节
...The vulnerability is reported to exist when Explorer.exe handles certain TIFF format images....
来源: http://securityresponse.symantec.com/avcenter/venc/data/bloodhound.exploit.14.html |
|---|
W32.HLLW.Spirit |
|---|
关于Trojan.Eurosol
...It copies itself as %Windir%System32Explorer.exe. W32.HLLW.Spirit is written...
技术细节
...Copies itself as %Windir%System32Explorer.exe. Copies itself to the Kazaa...
...IE 6 FULL.exe Internet Explorer.exe Kazaa Lite Hack 2.4.exe...
..."Explorer"="%Windir%System32Explorer.exe" to the registry keys:...
来源: http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.spirit.html |
|---|
Trojan.Loome |
|---|
关于Trojan.Eurosol
...detected as Spyware.Look2Me. Then, it ends the Explorer.exe process to load the .dll, which crashes Windows 2000/XP....
技术细节
...C:WindowsSystem32 (Windows XP). Ends the Explorer.exe process in order to load the .dll....
来源: http://securityresponse.symantec.com/avcenter/venc/data/trojan.loome.html |
|---|
VBS.Vanina |
|---|
关于Trojan.Eurosol
...computer with a copy of itself. It also sends the file Explorer.exe two email addresses that are registered in Argentina....
来源: http://securityresponse.symantec.com/avcenter/venc/data/vbs.vanina.html |
|---|
VBS.Taber |
|---|
关于Trojan.Eurosol
...The worm attempts to delete C:WindowsExplorer.exe and make some configuration changes to Internet Explorer by editing the registry...
技术细节
...HKEY_CURRENT_USERSoftwarePoliciesMicrosoftInternet ExplorerRestrictions Add the values:...
...HKEY_CURRENT_USERSoftwarePoliciesMicrosoftInternet ExplorerControl Panel Adds the value:...
...HKEY_CURRENT_USERSoftwarePoliciesMicrosoftInternetExplorerInfodeliveryRestrictions...
...HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer Attempts to copy itself to...
...Attempts to delete C:WindowsExplorer.exe. Displays these two messages:...
来源: http://securityresponse.symantec.com/avcenter/venc/data/vbs.taber.html |
|---|
W32.Fourseman.A |
|---|
威胁评估
...Deletes files: Overwrites explorer.exe with itself. Causes system instability:...
技术细节
...%Temp%Win_Security_Patch_2602.exed %Windir%Explorer.exe %Windir%SystemExplorer.exe...
撤除指示
...Run a full system scan and delete all the files detected as W32.Fourseman.A. If Explorer.exe was overwritten, restore it from backup or re-install it....
...W32.Fourseman.A, click Delete. If Explorer.exe was overwritten, restore it from backup or re-install it....
来源: http://securityresponse.symantec.com/avcenter/venc/data/w32.fourseman.a.html |
|---|
Backdoor.Nota |
|---|
技术细节
...C:\%Windows%All UsersStart MenuProgramsStartUpExplorer.exe NOTES:...
...It adds the following line: shell=Explorer.exe winfat32.exe These changes cause the Trojan...
撤除指示
...the steps in this section. To do this using Windows Explorer, go to the C:WindowsRecent folder, and in the right pane delete the Win.ini file....
...similar to the following: shell=Explorer.exe winfat32.exe Delete all of the text to...
...that the line looks like: shell=Explorer.exe Click File, and click Save....
来源: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.nota.html |
|---|
W32.Poscal.Worm |
|---|
威胁评估
...C:WindowsSystem.ini, C:WindowsExplorer.exe C:WindowsRegedit.exe C:WindowsTelnet.exe...
技术细节
...C:WindowsF<??>K_AVs.exe C:WindowsSystemExplorer.exe C:Windows
egedit.exe...
...C:WindowsTelnet.exe C:WindowsExplorer.exe NOTES:...
...The attributes of the C:WindowsF<??>K_AVs.exe and C:WindowsSystemExplorer.exe files are set to read-only and hidden....
...C:WindowsRegedit.exe, C:WindowsTelnet.exe, and C:WindowsExplorer.exe are valid Windows programs that are overwritten by the worm on Windows 95/98/Me-based...
......
来源: http://securityresponse.symantec.com/avcenter/venc/data/w32.poscal.worm.html |
|---|
|
|
![[filename.info logo]](/img/logo.png){kind=logo}
![[cn explorer.exe]](/img/nix.gif){kind=small}
