IE被hxxp://www.pp8000.cn劫持，卡卡报IE为可疑后门程序

最新推荐文章于 2021-10-28 21:32:07 发布

紫郢剑侠

最新推荐文章于 2021-10-28 21:32:07 发布

阅读量6.8k

点赞数

分类专栏：系统维护文章标签： ie microsoft windows system c library

本文链接：https://blog.csdn.net/Purpleendurer/article/details/3893404

版权

系统维护专栏收录该内容

495 篇文章 1 订阅

订阅专栏

IE被hxxp://www.pp8000.cn劫持，卡卡报IE为可疑后门程序

endurer 原创

2009-02-15 第1版

　　一位网友的电脑最近打开IE总是显示hxxp://www.pp8000.cn，把IE首页设为空白也没用，而且卡卡安全助手还报IE为可疑后门程序。

　　请偶帮忙检修。

　　到 http://purpleendurer.ys168.com 下载 FileInfo 检测 iexplore.exe，通过了MS数字签名，应该没问题。

使用 pe_xscan 扫描 log 并分析，发现如下可疑项：

pe_xscan 09-01-08 by Purple Endurer
2009-2-11 21:27:45
Windows XP Service Pack 3(5.1.2600)
MSIE:6.0.2900.5512
管理员用户组
正常模式

[System Process]  *0
　　C:/windows/donben.dll|2009-2-11 17:44:52|Microsoft(R) Windows(R) Operating System|1, 0, 2, 1|Microsoft WinEvent Support|Copyright ? 2002|1, 0, 2, 1|Microsoft Corporation||wthelp|wthelp.dll
C:/windows/system32/Rundll32.exe *2828|Microsoft(R) Windows(R) Operating System|5.1.2600.5512|Run a DLL as an App|(C) Microsoft Corporation. All rights reserved.|5.1.2600.5512 (xpsp.080413-2105)|Microsoft Corporation|?|rundll|RUNDLL.EXE
　　C:/WINDOWS/DOWNLO~1/fonst.dll|2009-2-10 15:9:36|Microsoft Net Library|5, 0, 2, 0|Copyright 2003|Microsoft Net Library|5, 0, 2, 0|Microsoft(R) Windows(R) Operating System|Microsoft Corporation|benhelp|benhelp.DLL
　　C:/windows/donben.dll|2009-2-10 15:9:40|Microsoft(R) Windows(R) Operating System|1, 0, 0, 1|Microsoft Communicate Improve Service Provider|版权所有 (C) 1999|1, 0, 0, 1|Microsoft Corporation||wtlpro|wtlpro.DLL
O2 - BHO BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} =C:/PROGRA~1/baidu/bar/baidubar.dll|2008-12-23 10:51:58
O2 - BHO benobj Class - {AB54800B-F901-43AA-AB71-38A4CE758A5A} =C:/WINDOWS/DOWNLO~1/fonst.dll|2009-2-10 15:9:36
O3 - IE工具栏: - {B580CF65-E151-49C3-B73F-70B13FCA8E86} =C:/PROGRA~1/baidu/bar/baidubar.dll|2008-12-23 10:51:58
O4 - HKLM/../Run: [VPro] C:/windows/system32/Rundll32.exe  "C:/WINDOWS/DOWNLO~1/fonst.dll",WaitWindows
O6 - HKCU/Software/Policies/Microsoft/Internet Explorer/restrictions 存在 IE或Internet选项可能受到限制
O6 - HKCU/Software/Policies/Microsoft/Internet Explorer/Control Panel 存在 IE或Internet选项可能受到限制
O9 - IE工具栏扩展按钮HKLM： - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} -
O9 - IE工具菜单扩展项HKLM： - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - 
O10 - LSP: ML_IP =C:/windows/system32/msben.dll|2009-2-10 15:9:40|Microsoft(R) Windows(R) Operating System|1, 0, 0, 1|Microsoft Communicate Improve Service Provider|版权所有 (C) 1999|1, 0, 0, 1|Microsoft Corporation||wtlpro|wtlpro.DLL
O10 - LSP: ML_UDP_CHAIN =C:/windows/system32/msben.dll|2009-2-10 15:9:40|Microsoft(R) Windows(R) Operating System|1, 0, 0, 1|Microsoft Communicate Improve Service Provider|版权所有 (C) 1999|1, 0, 0, 1|Microsoft Corporation||wtlpro|wtlpro.DLL
O29 - HKLM-Start Page =hxxp://wwv.1188.com/
O29 - HKLM-Default_Page_URL =hxx://wwv.1188.com/


O30 - IeOpenHomePage = "C:/Program Files/Internet Explorer/iexplore.exe" hxxp://www.pp8000.cn

　　开始-》设备-》控制面板-》Internet选项，打开加截项管理，把O2、O3、O9全部禁用了。再打开IE，卡卡不再报告了。

　　卸载Baidu，启动卡卡安全助手清理……

附恶意文件信息：

文件说明符 : C:/windows/donben.dll
属性 : -SH-
数字签名:否
PE文件:是
语言 : 中文(中国)
文件版本 : 1, 0, 2, 1
说明 : Microsoft WinEvent Support
版权 : Copyright ? 2002
备注 : Microsoft WinEvent
产品版本 : 1, 0, 2, 1
产品名称 : Microsoft(R) Windows(R) Operating System
公司名称 : Microsoft Corporation
内部名称 : wthelp
源文件名 : wthelp.dll
创建时间 : 2009-2-10 15:9:40
修改时间 : 2009-2-11 19:30:40
大小 : 45056 字节 44.0 KB
MD5 : 324dcaf42ee74c1b1491a0492a67abcb
SHA1: 49E5475BBCDB3D1A7B4C678292163D067C262CF7
CRC32: 8ef0bc80

文件 donben.dll 接收于 2009.02.11 13:00:21 (CET)

反病毒引擎	版本	最后更新	扫描结果
a-squared	4.0.0.93	2009.02.11	Trojan.Generic!IK
AhnLab-V3	5.0.0.2	2009.02.11	-
AntiVir	7.9.0.76	2009.02.11	TR/Gendal.45056.5
Authentium	5.1.0.4	2009.02.11	-
Avast	4.8.1335.0	2009.02.10	Win32:Trojan-gen {Other}
AVG	8.0.0.229	2009.02.11	Clicker.KVF
BitDefender	7.2	2009.02.11	Trojan.Generic.338183
CAT-QuickHeal	10.00	2009.02.11	-
ClamAV	0.94.1	2009.02.11	-
Comodo	974	2009.02.11	-
DrWeb	4.44.0.09170	2009.02.11	Trojan.DownLoader.36054
eSafe	7.0.17.0	2009.02.09	-
eTrust-Vet	31.6.6350	2009.02.11	-
F-Prot	4.4.4.56	2009.02.10	-
F-Secure	8.0.14470.0	2009.02.11	-
Fortinet	3.117.0.0	2009.02.11	Adware/AdClicker
GData	19	2009.02.11	Trojan.Generic.338183
Ikarus	T3.1.1.45.0	2009.02.11	Trojan.Generic
K7AntiVirus	7.10.626	2009.02.10	Trojan.Win32.Malware.1
Kaspersky	7.0.0.125	2009.02.11	-
McAfee	5522	2009.02.10	AdClicker-ET
McAfee+Artemis	5522	2009.02.10	AdClicker-ET
Microsoft	1.4306	2009.02.11	-
NOD32	3845	2009.02.11	probably a variant of Win32/TrojanClicker.Agent
Norman	6.00.02	2009.02.11	-
nProtect	2009.1.8.0	2009.02.11	Trojan/W32.Small.45056.AG
Panda	10.0.0.10	2009.02.11	Generic Trojan
PCTools	4.4.2.0	2009.02.10	-
Prevx1	V2	2009.02.11	Malicious Software
Rising	21.16.22.00	2009.02.11	-
SecureWeb-Gateway	6.7.6	2009.02.11	Trojan.Gendal.45056.5
Sophos	4.38.0	2009.02.11	-
Sunbelt	3.2.1851.2	2009.02.11	-
Symantec	10	2009.02.11	Trojan Horse
TheHacker	6.3.1.85.252	2009.02.11	-
TrendMicro	8.700.0.1004	2009.02.11	TROJ_CLICKER.BRQ
VBA32	3.12.8.12	2009.02.11	Trojan.DownLoader.36054
ViRobot	2009.2.11.1600	2009.02.11	-
VirusBuster	4.5.11.0	2009.02.10	-

附加信息
File size: 45056 bytes
MD5...: 324dcaf42ee74c1b1491a0492a67abcb
SHA1..: 49e5475bbcdb3d1a7b4c678292163d067c262cf7
SHA256: 84a65d9161979f4f695fde29eb0c2639e1e8aab385fada4fdd06e55d5d31e0ab
SHA512: c973f0f20c7162176c6891a0dd55d419f9deb9b6af3942acd9d59e3ab5418b30 5bf09396938a36d5924c0cedbf3a32880c4d45603cdca6d9becc1f010b3fae95
ssdeep: 768:QxhT8nf2/WPsTt3KWgBTWu3Io9X8j9FmBX:QxhT8OqsZKxbYoF8j9IBX
PEiD..: Armadillo v1.xx - v2.xx
TrID..: File type identification Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%)
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x13b9 timedatestamp.....: 0x478cd644 (Tue Jan 15 15:50:28 2008) machinetype.......: 0x14c (I386) ( 6 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x3ccc 0x4000 6.33 ea1e7c233261cfc18a53f6d8e0918c3e .rdata 0x5000 0x1b08 0x2000 4.36 f1c22b52bf870a7fd13c14e3349c9b5c .data 0x7000 0x940 0x1000 0.79 22b826ad68012b30852118c238308dcd WTShared 0x8000 0x4 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110 .rsrc 0x9000 0x438 0x1000 1.10 3cb88c9f7f329cedec7bcb4524d28313 .reloc 0xa000 0xa62 0x1000 4.15 2f0a3268cc1d39a2fd87ec0cf8d4d871 ( 2 imports ) > KERNEL32.dll: VirtualQuery, OpenProcess, SetLastError, CreateFileA, UnmapViewOfFile, CloseHandle, MapViewOfFile, OpenFileMappingA, FlushInstructionCache, VirtualProtect, RtlUnwind, GetStringTypeW, GetStringTypeA, LCMapStringW, GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, GetCurrentProcess, GetCurrentThreadId, TlsSetValue, TlsAlloc, TlsFree, TlsGetValue, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, DeleteCriticalSection, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, HeapDestroy, HeapCreate, VirtualFree, HeapFree, WriteFile, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, HeapAlloc, GetCPInfo, GetACP, GetOEMCP, VirtualAlloc, HeapReAlloc, GetProcAddress, LoadLibraryA, MultiByteToWideChar, LCMapStringA > USER32.dll: GetWindowTextA, GetWindowThreadProcessId, SetWindowsHookExA, UnhookWindowsHookEx, CallNextHookEx, FindWindowA ( 1 exports ) StartWTHelp
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=84C47A3F00FC9A1CB07600EA61BCB7008DB501A8' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=84C47A3F00FC9A1CB07600EA61BCB7008DB501A8</a>
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=324dcaf42ee74c1b1491a0492a67abcb' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=324dcaf42ee74c1b1491a0492a67abcb</a>

文件说明符 : C:/WINDOWS/DOWNLO~1/fonst.dll
属性 : -SH-
数字签名:否
PE文件:是
语言 : 英语(美国)
文件版本 : 5, 0, 2, 0
说明 : Microsoft Net Library
版权 : Copyright 2003
备注 : Microsoft Net Library
产品版本 : 5, 0, 2, 0
产品名称 : Microsoft(R) Windows(R) Operating System
公司名称 : Microsoft Corporation
内部名称 : benhelp
源文件名 : benhelp.DLL
创建时间 : 2009-2-10 10:31:27
修改时间 : 2009-2-10 15:9:36
大小 : 274432 字节 268.0 KB
MD5 : ec770dd1058589206d67de43e64f5025
SHA1: BD9A0CA63D7371F245ED9C21C2360045170D1F05
CRC32: 701c526f

文件 fonst.dll 接收于 2009.02.11 13:03:33 (CET)

反病毒引擎	版本	最后更新	扫描结果
a-squared	4.0.0.93	2009.02.11	Generic.Win32.Malware!IK
AhnLab-V3	5.0.0.2	2009.02.11	Win-Trojan/Hengbang.274432.E
AntiVir	7.9.0.76	2009.02.11	ADSPY/Hengbang.AJ.2
Authentium	5.1.0.4	2009.02.11	-
Avast	4.8.1335.0	2009.02.10	Win32:Trojan-gen {Other}
AVG	8.0.0.229	2009.02.11	Generic12.AVZB
BitDefender	7.2	2009.02.11	Trojan.Generic.1379367
CAT-QuickHeal	10.00	2009.02.11	-
ClamAV	0.94.1	2009.02.11	-
Comodo	974	2009.02.11	-
DrWeb	4.44.0.09170	2009.02.11	Trojan.DownLoader.origin
eSafe	7.0.17.0	2009.02.09	-
eTrust-Vet	31.6.6350	2009.02.11	-
F-Prot	4.4.4.56	2009.02.10	-
F-Secure	8.0.14470.0	2009.02.11	AdWare.Win32.Hengbang.bc
Fortinet	3.117.0.0	2009.02.11	Misc/PUP
GData	19	2009.02.11	Trojan.Generic.1379367
Ikarus	T3.1.1.45.0	2009.02.11	Generic.Win32.Malware
K7AntiVirus	7.10.626	2009.02.10	not-a-virus:AdWare.Win32.Hengbang.bc
Kaspersky	7.0.0.125	2009.02.11	not-a-virus:AdWare.Win32.Hengbang.bc
McAfee	5522	2009.02.10	potentially unwanted program Generic PUP
McAfee+Artemis	5522	2009.02.10	potentially unwanted program Generic PUP
Microsoft	1.4306	2009.02.11	Program:Win32/Henbang
NOD32	3845	2009.02.11	probably a variant of Win32/Genetik
Norman	6.00.02	2009.02.11	W32/Hengbang.GT
nProtect	2009.1.8.0	2009.02.11	Trojan-Clicker/W32.Hengbang.274432.D
Panda	10.0.0.10	2009.02.11	Suspicious file
PCTools	4.4.2.0	2009.02.10	-
Prevx1	V2	2009.02.11	-
Rising	21.16.22.00	2009.02.11	-
SecureWeb-Gateway	6.7.6	2009.02.11	Ad-Spyware.Hengbang.AJ.2
Sophos	4.38.0	2009.02.11	-
Sunbelt	3.2.1851.2	2009.02.11	-
Symantec	10	2009.02.11	Trojan Horse
TheHacker	6.3.1.85.252	2009.02.11	Adware/Hengbang.bc
TrendMicro	8.700.0.1004	2009.02.11	TROJ_CLICKER.BRQ
VBA32	3.12.8.12	2009.02.11	AdWare.Win32.Hengbang.bc
ViRobot	2009.2.11.1600	2009.02.11	Adware.Hengbang.274432.D
VirusBuster	4.5.11.0	2009.02.10	-

附加信息
File size: 274432 bytes
MD5...: ec770dd1058589206d67de43e64f5025
SHA1..: bd9a0ca63d7371f245ed9c21c2360045170d1f05
SHA256: a8935992940a48fa305376aac9d208e9eeb3a0cb54893f1fba4bd6b3b6ed355d
SHA512: 5e85df1ff10526f799952cf9559ad0a43f0a49cdc3ba6934d5e6c71be66698d0 1c197bfae568184a0af505097a98189535434b48699cff663a1f8488107b6e3c
ssdeep: 6144:4wpJ18ukRSJapE4NWLIe/tsqv/GOPx4Xd:4+jo0ap74I8rvtGX
PEiD..: Armadillo v1.xx - v2.xx
TrID..: File type identification DirectShow filter (43.0%) Windows OCX File (26.3%) Win64 Executable Generic (18.2%) Win32 Executable MS Visual C++ (generic) (8.0%) Win32 Executable Generic (1.8%)
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x170bc timedatestamp.....: 0x493a22c7 (Sat Dec 06 06:59:19 2008) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x1d6fa 0x1e000 6.45 a44d3afc578167a88ba21671271b36e6 .rdata 0x1f000 0x34a7 0x4000 4.59 32b3fe93145a72802787d06385196889 .data 0x23000 0x49f0 0x3000 4.51 8063d67170ff1f30b5ef3008a25b36ee .rsrc 0x28000 0x190c8 0x1a000 4.33 98675f2c3c1d4e2c662afd6c55f65320 .reloc 0x42000 0x29ee 0x3000 5.19 15c9c410bbf781b0941648bc6458118f ( 11 imports ) > KERNEL32.dll: LockResource, LoadResource, FindResourceA, GlobalAlloc, lstrlenW, lstrlenA, GlobalUnlock, GlobalLock, InterlockedIncrement, InterlockedDecrement, lstrcmpA, DisableThreadLibraryCalls, WriteFile, SizeofResource, CreateFileA, DeleteFileA, SetFileAttributesA, GetPrivateProfileStringA, GetSystemDirectoryA, GetModuleFileNameA, TerminateProcess, OpenProcess, GetModuleHandleA, GetWindowsDirectoryA, InitializeCriticalSection, DeleteCriticalSection, HeapDestroy, GetShortPathNameA, FreeLibrary, GetProcAddress, LoadLibraryA, lstrcpyA, lstrcatA, WideCharToMultiByte, ExitThread, FindFirstFileA, GetPrivateProfileIntA, WritePrivateProfileStringA, GetLocaleInfoA, VirtualQuery, SetThreadPriority, GetVersionExA, GetLocalTime, Process32Next, Process32First, CreateToolhelp32Snapshot, RemoveDirectoryA, CopyFileA, CreateDirectoryA, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, SetCurrentDirectoryA, OpenMutexA, FileTimeToSystemTime, CompareFileTime, SetEnvironmentVariableA, GlobalHandle, CompareStringA, SetEndOfFile, FlushFileBuffers, SetStdHandle, IsBadCodePtr, IsBadReadPtr, GetStringTypeW, GetStringTypeA, GetEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsW, FreeEnvironmentStringsA, SetUnhandledExceptionFilter, SetFilePointer, GetStartupInfoA, GetFileType, GetStdHandle, SetHandleCount, IsBadWritePtr, VirtualAlloc, VirtualFree, HeapCreate, ReadFile, HeapSize, HeapReAlloc, LCMapStringW, LCMapStringA, ExitProcess, GetOEMCP, GetACP, GetCPInfo, TlsGetValue, SetLastError, TlsFree, TlsAlloc, TlsSetValue, GetVersion, GetCommandLineA, RaiseException, GetFileAttributesA, MoveFileA, HeapAlloc, HeapFree, GetTimeZoneInformation, RtlUnwind, LocalFree, GetExitCodeThread, TerminateThread, CreateThread, SystemTimeToFileTime, Sleep, CloseHandle, GlobalFree, FreeResource, GetCurrentProcess, FlushInstructionCache, GetCurrentThreadId, EnterCriticalSection, LeaveCriticalSection, MultiByteToWideChar, CreateMutexA, CompareStringW, GetLastError, GetSystemTime > USER32.dll: SetForegroundWindow, ShowWindow, GetDesktopWindow, FindWindowExA, GetForegroundWindow, SendMessageA, LoadIconA, PostQuitMessage, SetFocus, EnableWindow, WindowFromPoint, BringWindowToTop, IsWindowVisible, FindWindowA, SetWindowLongA, GetMessageA, GetTopWindow, GetWindowTextA, mouse_event, SetCursorPos, GetCursorPos, GetWindowRect, SetWindowPos, IsWindow, GetClassNameA, GetDlgItem, MapWindowPoints, GetClientRect, SystemParametersInfoA, CharNextA, MessageBoxA, IsDialogMessageA, DispatchMessageA, DestroyWindow, GetWindow, GetParent, CreateDialogIndirectParamA, RegisterClassExA, GetWindowLongA, SetCapture, SetTimer, TranslateMessage, KillTimer, GetWindowThreadProcessId, InvalidateRgn, InvalidateRect, IsIconic, ReleaseCapture, wsprintfA, CreateWindowExA, CreateAcceleratorTableA, RedrawWindow, BeginPaint, FillRect, EndPaint, GetDC, ReleaseDC, GetFocus, IsChild, GetSysColor, CallWindowProcA, GetWindowTextLengthA, SetWindowTextA, DefWindowProcA, RegisterWindowMessageA, GetClassInfoExA, LoadCursorA > GDI32.dll: GetObjectA, DeleteObject, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, BitBlt, DeleteDC, GetDeviceCaps, GetStockObject, CreateSolidBrush > ADVAPI32.dll: RegCloseKey, RegQueryValueExA, RegOpenKeyExA, RegSetValueExA, RegCreateKeyA, RegOpenKeyA, RegDeleteValueA, RegEnumKeyA, RegEnumValueA > SHELL32.dll: ShellExecuteA > ole32.dll: CoUninitialize, CoCreateInstance, CoInitialize, CreateStreamOnHGlobal, OleRun, CoCreateGuid, OleLockRunning, CoTaskMemAlloc, StringFromCLSID, CoTaskMemFree, CLSIDFromString, CLSIDFromProgID, OleUninitialize, OleInitialize > OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, - > WININET.dll: InternetOpenUrlA, FindNextUrlCacheEntryA, FindFirstUrlCacheEntryA, FindCloseUrlCache, InternetGetConnectedState, InternetOpenA, InternetConnectA, HttpOpenRequestA, InternetSetOptionA, HttpSendRequestA, HttpQueryInfoA, InternetReadFile, InternetCloseHandle > NETAPI32.dll: Netbios > RPCRT4.dll: UuidToStringA, RpcStringFreeA > SHLWAPI.dll: SHDeleteKeyA ( 11 exports ) DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer, DllVersion, GetDLLVersion, LoadHistoryAD, RegeditRichMedia, Setup_RichMedia, UnNotice, WaitWindows

文件说明符 : C:/WINDOWS/system32/rundll32.exe
属性 : A---
数字签名:Microsoft Corporation
PE文件:是
语言 : 中文(中国)
文件版本 : 5.1.2600.5512 (xpsp.080413-2105)
说明 : Run a DLL as an App
版权 : (C) Microsoft Corporation. All rights reserved.
产品版本 : 5.1.2600.5512
产品名称 : Microsoft(R) Windows(R) Operating System
公司名称 : Microsoft Corporation
内部名称 : rundll
源文件名 : RUNDLL.EXE
创建时间 : 2004-8-17 12:0:0
修改时间 : 2008-4-14 10:14:12
大小 : 32768 字节 32.0 KB
MD5 : a5dd94434c702493d4577e966134b303
SHA1: 6BFAEB811189C41521802A11E0836237CD169395
CRC32: 925d4409

紫郢剑侠

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
打赏
0
评论
IE被hxxp://www.pp8000.cn劫持，卡卡报IE为可疑后门程序

IE被hxxp://www.pp8000.cn劫持，卡卡报IE为可疑后门程序endurer 原创2009-02-15 第1版　　一位网友的电脑最近打开IE总是显示hxxp://www.pp8000.cn，把IE首页设为空白也没用，而且卡卡安全助手还报IE为可疑后门程序。　　请偶帮忙检修。　　到 http://purpleendurer.ys168.c
复制链接

扫一扫