push来的信息要注意,智能手机的木马病毒软件如果不小心点击网址,就自动下载下来
大家务必消息,对于那些推送短信
大家要注意了 9qtr.com/8/3576
发送的电话号码是13230629647
用手机中的浏览器打开后,自动下载aqmf_xthy_ylbl.cab文件
通过计算机中可以看到他修改注册表
REGEDIT4
[HKEY_CLASSES_ROOT\CLSID\{3173B113-A135-42ad-8360-B810FF05B2A3}\InProcServer32]
"@"="MapiRule_test.dll"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Inbox\Svc\SMS\Rules]
"{3173B113-A135-42ad-8360-B810FF05B2A3}"=dword:00000001
然后在windows目录 MapiRule_test.dll
在 program file中 娱乐伴侣.exe
\Program Files\download_data\xzd.bmp
\Program Files\download_data\xd.bmp
\Program Files\download_data\splashx.bmp
\Program Files\download_data\splash.bmp
\Program Files\download_data\bgx.png
\Program Files\download_data\bg.png
\Program Files\download_data\8.bmp
\Program Files\download_data\7.bmp
\Program Files\download_data\6.bmp
\Program Files\download_data\5.bmp
\Program Files\download_data\4.bmp
\Program Files\download_data\3.bmp
\Program Files\download_data\2.bmp
\Program Files\download_data\13.bmp
\Program Files\download_data\12.bmp
\Program Files\download_data\11.bmp
\Program Files\download_data\10.bmp
\Program Files\download_data\1.bmp
\Program Files\download_data\006.bmp
\Program Files\download_data\005.bmp
\Program Files\download_data\004.bmp
\Program Files\download_data\003.bmp
\Program Files\download_data\002.bmp
\Program Files\download_data\001.bmp
\Program Files\download_data\txt.xml
\Program Files\download_data\ring.xml
\Program Files\download_data\mp3.xml
\Program Files\download_data\game.xml
文件夹:
\Storage Card\Program Files\Download_cab
\Program Files\download_data
还有一些图标文件
---------------------
分析应该就是那些滥发短信的垃圾病毒!!
通过其中文件可以看出下载 119.6.254.5的铃声,游戏等。
现在这些号码多,都是河北的
很多都是保定的
下面的都是每天一两条过来,为了不让误点
我中间加了空格
--------------------------
您有新的留言“我为你付...”点击查看全部
http: //xj8he. com/8/3760
13180127907
------------------
诱人的标题:经蓝牙从小静接受照片信息
http: //nhd8x. com/8/3699
13230212047
-------------
看我刚刚拍的照片
http: //zolsq. com/8/3668
13230222647
--------------------------
我走了,给你留了短信,自己点开看吧
tpp: //ixh0. com/8/3640
13230208647
---------------
认识一下,这是我的照片
http: //io0ii1. com/8/3614
13230622647
----------------
提醒:您有为确认彩信1条
http: //gsps. com/8/3582
13230369281
//////////////////