查看: 6588|回复: 11
收起左侧

[讨论] 来说说360云抽风的事

[复制链接]
利刀1937
发表于 2014-10-10 11:15:20 | 显示全部楼层 |阅读模式
本帖最后由 利刀1937 于 2014-10-10 11:30 编辑

狂样本区的同学可能会经常遇到,因为我是360卫士+杀毒套装逛样本区,结合样本区其他饭友的回复。发现了360云的坑爹问题。
大体上会是这个结果:
1、同样的一个样本,在我这里报毒,在你那里却显示安全。
2、同样的一个样本,同样的电脑。同样的网络(其实就是我自己的电脑),不同的时间下载同样的一个样本。下载保镖和右键扫描结果却不一样。

下面我举个例子来说明第二个问题。帖子链接:http://bbs.kafan.cn/thread-1777165-1-1.html
下面我简要的贴出此贴的一些截图来说明问题!
第一:看发帖时间,和我回帖的时间。发贴不久后,我下载样本。下载保镖直接报毒隔离。


第二:看其他饭友的回复表明,也是被360报毒:






第三:直到一个饭友说360TS繁体版miss,我很惊奇,重新下载测试,奇怪的是。我这里的下载保镖竟然提示未知了???


第四:立即找到官人说明问题:可是样本在他那里竟然报毒了???


第五:欢迎大家畅所欲言。。。360云抽风的坑爹事。。

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
OAKESS
发表于 2014-10-10 12:08:24 | 显示全部楼层
我这里存在360杀毒无法更新的情况,官人查看后发现是我本地运营商的DNS劫持了360杀毒的某个升级文件导致升级失败。

云抽的事确实也碰到过。

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
利刀1937
 楼主| 发表于 2014-10-10 12:14:00 | 显示全部楼层
OAKESS 发表于 2014-10-10 12:08
我这里存在360杀毒无法更新的情况,官人查看后发现是我本地运营商的DNS劫持了360杀毒的某个升级文件导致升 ...

360杀毒的bd引擎更新问题我遇到过,当是时。更细日志里面红伞显示正常。但是bd可以更新却不显示更新日志。官人说是被劫持了。
另外怎么查看。360升级是否被劫持?
daojianwuhen
发表于 2014-10-10 12:23:06 | 显示全部楼层
我这里也是被劫持过,后来放开了
利刀1937
 楼主| 发表于 2014-10-10 12:24:47 | 显示全部楼层
daojianwuhen 发表于 2014-10-10 12:23
我这里也是被劫持过,后来放开了

那我这应该也差不多。。
OAKESS
发表于 2014-10-10 12:32:14 | 显示全部楼层
利刀1937 发表于 2014-10-10 12:14
360杀毒的bd引擎更新问题我遇到过,当是时。更细日志里面红伞显示正常。但是bd可以更新却不显示更新日志 ...

本地下载360服务器上的https://sdup.360.cn/lib/sdupbd.cab升级文件,如果下载的和服务器上的文件不一致就可以认为是劫持。
当时我本地下载的是一下文件:
[mw_shl_code=html,true]<!Doctype html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<title></title>
</head>
<script type="text/javascript">var cnzz_protocol = (("https:" == document.location.protocol) ? " https://" : " http://");document.write(unescape("%3Cspan id='cnzz_stat_icon_30086386'%3E%3C/span%3E%3Cscript src='" + cnzz_protocol + "w.cnzz.com/c.php%3Fid%3D30086386' type='text/javascript'%3E%3C/script%3E"));</script>
<script type="text/javascript">
var h=window.location.host;
var t = h.indexOf("114so");
if(t>0)
        window.location="http://127.0.0.1/";
else
        window.location="http://search.114so.cn/search_web.html?id=253&kw="+h;
</script>
</body></html>[/mw_shl_code]
利刀1937
 楼主| 发表于 2014-10-10 12:46:51 | 显示全部楼层
OAKESS 发表于 2014-10-10 12:32
本地下载360服务器上的https://sdup.360.cn/lib/sdupbd.cab升级文件,如果下载的和服务器上的文件不一致 ...

点击那个链接是个cab包,解压后是一个ini文件。。。。和什么对比?
OAKESS
发表于 2014-10-10 12:52:12 | 显示全部楼层
利刀1937 发表于 2014-10-10 12:46
点击那个链接是个cab包,解压后是一个ini文件。。。。和什么对比?

ini文件打开是和360无关的必然是劫持
像以下应该属于可正常更新,
[mw_shl_code=html,true][360sdquick]
name=360杀毒
module=360file

[360file]
name=360杀毒
files0=update_1.txt,update_BD.txt
files1=wdb000.wl,wdb001.wl,wdb002.wl,wdb003.wl,wdb004.wl
files2=wdb005.wl,wdb006.wl,wdb007.wl,wdb008.wl,wdb009.wl
files3=wdb010.wl,wdb011.wl,wdb012.wl,wdb013.wl,wdb014.wl
files4=wdb015.wl,wdb016.wl,wdb017.wl,wdbqvm.wl
files5=arfp.db,url_count.txt,speednpepre0.dat,speednpepre1.dat
files6=BlackCache.db,360ave_ex.def,model.cab

[wdb000.wl]
ver=5.0.0.1001
url=pdown://http://sdup.360.cn/lib/20141010/Plugins/wdb000_5.0.0.1001.cab|k=1
md5=f9434e75fa89bca009fdb3b845889a69
path=%productpath%\Plugins\
check=(%trate%<="9999")

[wdb001.wl]
ver=5.0.0.1001
url=pdown://http://sdup.360.cn/lib/20141010/Plugins/wdb001_5.0.0.1001.cab|k=1
md5=f2a2f874a505a25a4eeedb1d64fb70c7
path=%productpath%\Plugins\
check=(%trate%<="9999")

[wdb002.wl]
ver=5.0.0.1001
url=pdown://http://sdup.360.cn/lib/20141010/Plugins/wdb002_5.0.0.1001.cab|k=1
md5=5d85bb336c9851d8dceb89ca59d07b06
path=%productpath%\Plugins\
check=(%trate%<="9999")

[wdb003.wl]
ver=5.0.0.1001
url=pdown://http://sdup.360.cn/lib/20141010/Plugins/wdb003_5.0.0.1001.cab|k=1
md5=72133f07e809980e0c86f60448a8f17e
path=%productpath%\Plugins\
check=(%trate%<="9999")

[wdb004.wl]
ver=5.0.0.1001
url=pdown://http://sdup.360.cn/lib/20141010/Plugins/wdb004_5.0.0.1001.cab|k=1
md5=2bb048f231534e5f6479ba0934a87562
path=%productpath%\Plugins\
check=(%trate%<="9999")

[wdb005.wl]
ver=5.0.0.1001
url=pdown://http://sdup.360.cn/lib/20141010/Plugins/wdb005_5.0.0.1001.cab|k=1
md5=7e9821a06ecc1df1aab68be708fbcbe2
path=%productpath%\Plugins\
check=(%trate%<="9999")

[wdb006.wl]
ver=5.0.0.1001
url=pdown://http://sdup.360.cn/lib/20141010/Plugins/wdb006_5.0.0.1001.cab|k=1
md5=0f9f001c5ed60e25a72daa780449e775
path=%productpath%\Plugins\
check=(%trate%<="9999")

[wdb007.wl]
ver=5.0.0.1001
url=pdown://http://sdup.360.cn/lib/20141010/Plugins/wdb007_5.0.0.1001.cab|k=1
md5=5adf9ac78ea8d46075bc551c39c41c69
path=%productpath%\Plugins\
check=(%trate%<="9999")

[wdb008.wl]
ver=5.0.0.1001
url=pdown://http://sdup.360.cn/lib/20141010/Plugins/wdb008_5.0.0.1001.cab|k=1
md5=14132fb7ebbb3ca9fadf73eec011db21
path=%productpath%\Plugins\
check=(%trate%<="9999")

[wdb009.wl]
ver=5.0.0.1001
url=pdown://http://sdup.360.cn/lib/20141010/Plugins/wdb009_5.0.0.1001.cab|k=1
md5=7ddf0f207bb0b28204bd66751945fdf0
path=%productpath%\Plugins\
check=(%trate%<="9999")

[wdb010.wl]
ver=5.0.0.1001
url=pdown://http://sdup.360.cn/lib/20141010/Plugins/wdb010_5.0.0.1001.cab|k=1
md5=24e7c0460c20555a6d8ba1a54be85771
path=%productpath%\Plugins\
check=(%trate%<="9999")

[wdb011.wl]
ver=5.0.0.1001
url=pdown://http://sdup.360.cn/lib/20141010/Plugins/wdb011_5.0.0.1001.cab|k=1
md5=dafb1eb213a161ede5945b95228123b0
path=%productpath%\Plugins\
check=(%trate%<="9999")

[wdb012.wl]
ver=5.0.0.1001
url=pdown://http://sdup.360.cn/lib/20141010/Plugins/wdb012_5.0.0.1001.cab|k=1
md5=4152fec31f7f834be1beb0014738bacc
path=%productpath%\Plugins\
check=(%trate%<="9999")

[wdb013.wl]
ver=5.0.0.1001
url=pdown://http://sdup.360.cn/lib/20141010/Plugins/wdb013_5.0.0.1001.cab|k=1
md5=1f3e190c6636d16346a680330a597dc4
path=%productpath%\Plugins\
check=(%trate%<="9999")

[wdb014.wl]
ver=5.0.0.1001
url=pdown://http://sdup.360.cn/lib/20141010/Plugins/wdb014_5.0.0.1001.cab|k=1
md5=b42c8dc59a74fe5eb24702c844ff231a
path=%productpath%\Plugins\
check=(%trate%<="9999")

[wdb015.wl]
ver=5.0.0.1001
url=pdown://http://sdup.360.cn/lib/20141010/Plugins/wdb015_5.0.0.1001.cab|k=1
md5=9aa97aa25321aef34de3f78639b41beb
path=%productpath%\Plugins\
check=(%trate%<="9999")

[wdb016.wl]
ver=5.0.0.1001
url=pdown://http://sdup.360.cn/lib/20141010/Plugins/wdb016_5.0.0.1001.cab|k=1
md5=193eac803a9e3b7540441e51ddd89d98
path=%productpath%\Plugins\
check=(%trate%<="9999")

[wdb017.wl]
ver=5.0.0.1001
url=pdown://http://sdup.360.cn/lib/20141010/Plugins/wdb017_5.0.0.1001.cab|k=1
md5=fbd09bba82408477fcd0a7f2eba12cd8
path=%productpath%\Plugins\
check=(%trate%<="9999")

[wdbqvm.wl]
ver=5.0.0.1020
url=pdown://http://sdup.360.cn/lib/20141010/Plugins/wdbqvm_5.0.0.1020.cab|k=1
md5=7ab1a920ac191e9c94c0ba40c4d4e0ee
path=%productpath%\Plugins\
check=(%trate%<="9999")

[arfp.db]
ver=2.0.0.71
url=pdown://http://sdup.360.cn/lib/20141010/arfp_2.0.0.71.cab|k=1
md5=0cb04d33731dab36a4625aa4ffefc456
path=%productpath%\

[url_count.txt]
ver=2.0.0.269
url=pdown://http://sdup.360.cn/lib/20141010/savapi/url_count_2.0.0.269.cab|k=1
md5=6083ba9a505a54cdcacbcceb824a7756
path=%productpath%\savapi\

[speednpepre0.dat]
ver=1.0.0.1040
url=pdown://http://sdup.360.cn/lib/20141010/speednpepre0_1.0.0.1040.cab|k=1
md5=a13f3e9225edd9a410e69d38a3ebbd55
path=%productpath%\
check=(%fver_SDVersion.dll%>="3.0.0.2122")

[speednpepre1.dat]
ver=1.0.0.1040
url=pdown://http://sdup.360.cn/lib/20141010/speednpepre1_1.0.0.1040.cab|k=1
md5=26f542953517dcb86b950570cd974b4a
path=%productpath%\
check=(%fver_SDVersion.dll%>="3.0.0.2122")

[360ave_ex.def]
ver=1.4.38.1
url=pdown://http://sdup.360.cn/lib/20141010/360ave_ex_1.4.38.1.cab|k=1
md5=3dc7d95b3535505ce42d5ca68443651c
path=%productpath%\
check=(%fver_SDVersion.dll%>="4.2.1.4042")&&(%trate%<="2000")

[model.cab]
ver=4.2014.1009.1015
url=pdown://b2=5992071|p2=311EE8F56B37CBC8FB386AB6D5BBC422E67C4037|p3=20|c2=1|b7=5|b9=1|b5=360杀毒|b6=程序升级|http://sdup.360.cn/lib/20141010/model_4.2014.1009.1015.cab|k=2
md5=0782e4bd5a642b64a34a85b2c0c39736
path=%productpath%\Model\
flag=256
check=(%fver_360QVM.dll%=="4.1.0.1003")&&(%bole_ver%<"4.2014.1009.1015")&&(%trate%<="2000")

[update_1.txt]
rname=update.txt
ver=2.0.0.5259
md5=4aec936678a7a4f8671d2a9581fbc32e
url=pdown://http://sdup.360.cn/lib/20141010/Plugins/update_20141010.cab|k=1
path=%productpath%\Plugins\
check=((%fver_scan.dll%>="1.0.0.1001")||(%fver_vdbup.dll%>="1.0.0.1001")||(%EngMask%=="1"))&&(%eng%=="")

[update_BD.txt]
ver=2.0.0.5259
md5=4aec936678a7a4f8671d2a9581fbc32e
url=pdown://http://sdup.360.cn/lib/20141010/Plugins/update_BD_20141010.cab|k=1
path=%productpath%\Plugins\
check=((%fver_scan.dll%>="1.0.0.1001")||(%fver_vdbup.dll%>="1.0.0.1001")||(%EngMask%=="1"))&&(%eng%=="")

[BlackCache.db]
ver=1.0.0.1056
md5=85ca9c3c739679ff8a8a13100080bd26
url=pdown://b2=182119|p2=6185638416CFB05D20ADC696A87C23379C3934F0|p3=20|c2=1|b7=5|b9=1|b5=360杀毒|b6=程序升级|http://sdup.360.cn/lib/20141010/blackcache_1.0.0.1056.cab|k=2
path=%productpath%\SoftMgr\
check=(%fver_AntiInstall.dll%>="4.2.0.4077")&&(%trate%<="9999")

[SDVersion.dll]
ver=3.0.1.2085
md5=37d3fc04289951720dbef97e49a14147
url=pdown://http://sdl.360safe.com/3.0.1.2085D/SDVersion_dll.cab|k=1
path=%productpath%\

[360QVM.dll]
ver=4.0.0.1002
url=pdown://http://sdup.360.cn/lib/20141010/360qvm.dll_4.0.0.1002.cab|k=1
md5=d3396eac20962a1d273ac406ab315f13
path=%productpath%\

[AntiInstall.dll]
ver=1.0.0.1001
md5=8e3a25026d135817120b59bf03f51f46
url=http://sdup.360.cn/lib/20141010/AntiInstall_dll.cab|k=1
path=%productpath%\immplugin\

[scan.dll]
ver=1.0.0.1001
md5=d46aaea32e27a2fb3950c4d5513ffdbf
url=pdown://http://sdl.360safe.com/3.1.1.3027B/scan.dllcab|k=1
path=%productpath%\

[vdbup.dll]
ver=1.0.0.1001
md5=d46aaea32e27a2fb3950c4d5513ffdbf
url=pdown://http://sdl.360safe.com/3.1.1.3027B/scan.dllcab|k=1
path=%productpath%\

[360signdata]
sign=010000009C67ADB30297D164213C3785A43ACAF29CB27D9DB7BD99692A6BA4B0B501A89DADFD4A50F743E526B3606FD4A5040B4C5DB9A504BFD917DD29FE8EF29B42CDE88F845B17F9835A0015ADDA4933D9AEF9FB5113F1704E2DDAC419D4D6C4AA24D97D09CDAB1401CAE6E9CC71E9F4711D45F899DBF91885899D1DAE11E20ADC22AF[/mw_shl_code]
利刀1937
 楼主| 发表于 2014-10-10 12:54:30 | 显示全部楼层
OAKESS 发表于 2014-10-10 12:52
ini文件打开是和360无关的必然是劫持
像以下应该属于可正常更新,
[mw_shl_code=html,true][360sdquick ...

[mw_shl_code=css,true]
[360sdquick]
name=360杀毒
module=360file

[360file]
name=360杀毒
files0=update_1.txt,update_BD.txt
files1=wdb000.wl,wdb001.wl,wdb002.wl,wdb003.wl,wdb004.wl
files2=wdb005.wl,wdb006.wl,wdb007.wl,wdb008.wl,wdb009.wl
files3=wdb010.wl,wdb011.wl,wdb012.wl,wdb013.wl,wdb014.wl
files4=wdb015.wl,wdb016.wl,wdb017.wl,wdbqvm.wl
files5=arfp.db,url_count.txt,speednpepre0.dat,speednpepre1.dat
files6=BlackCache.db,360ave_ex.def,model.cab

[wdb000.wl]
ver=5.0.0.1001
url=pdown://http://sdup.360.cn/lib/20141010/Plugins/wdb000_5.0.0.1001.cab|k=1
md5=f9434e75fa89bca009fdb3b845889a69
path=%productpath%\Plugins\
check=(%trate%<="9999")

[wdb001.wl]
ver=5.0.0.1001
url=pdown://http://sdup.360.cn/lib/20141010/Plugins/wdb001_5.0.0.1001.cab|k=1
md5=f2a2f874a505a25a4eeedb1d64fb70c7
path=%productpath%\Plugins\
check=(%trate%<="9999")

[wdb002.wl]
ver=5.0.0.1001
url=pdown://http://sdup.360.cn/lib/20141010/Plugins/wdb002_5.0.0.1001.cab|k=1
md5=5d85bb336c9851d8dceb89ca59d07b06
path=%productpath%\Plugins\
check=(%trate%<="9999")

[wdb003.wl]
ver=5.0.0.1001
url=pdown://http://sdup.360.cn/lib/20141010/Plugins/wdb003_5.0.0.1001.cab|k=1
md5=72133f07e809980e0c86f60448a8f17e
path=%productpath%\Plugins\
check=(%trate%<="9999")

[wdb004.wl]
ver=5.0.0.1001
url=pdown://http://sdup.360.cn/lib/20141010/Plugins/wdb004_5.0.0.1001.cab|k=1
md5=2bb048f231534e5f6479ba0934a87562
path=%productpath%\Plugins\
check=(%trate%<="9999")

[wdb005.wl]
ver=5.0.0.1001
url=pdown://http://sdup.360.cn/lib/20141010/Plugins/wdb005_5.0.0.1001.cab|k=1
md5=7e9821a06ecc1df1aab68be708fbcbe2
path=%productpath%\Plugins\
check=(%trate%<="9999")

[wdb006.wl]
ver=5.0.0.1001
url=pdown://http://sdup.360.cn/lib/20141010/Plugins/wdb006_5.0.0.1001.cab|k=1
md5=0f9f001c5ed60e25a72daa780449e775
path=%productpath%\Plugins\
check=(%trate%<="9999")

[wdb007.wl]
ver=5.0.0.1001
url=pdown://http://sdup.360.cn/lib/20141010/Plugins/wdb007_5.0.0.1001.cab|k=1
md5=5adf9ac78ea8d46075bc551c39c41c69
path=%productpath%\Plugins\
check=(%trate%<="9999")

[wdb008.wl]
ver=5.0.0.1001
url=pdown://http://sdup.360.cn/lib/20141010/Plugins/wdb008_5.0.0.1001.cab|k=1
md5=14132fb7ebbb3ca9fadf73eec011db21
path=%productpath%\Plugins\
check=(%trate%<="9999")

[wdb009.wl]
ver=5.0.0.1001
url=pdown://http://sdup.360.cn/lib/20141010/Plugins/wdb009_5.0.0.1001.cab|k=1
md5=7ddf0f207bb0b28204bd66751945fdf0
path=%productpath%\Plugins\
check=(%trate%<="9999")

[wdb010.wl]
ver=5.0.0.1001
url=pdown://http://sdup.360.cn/lib/20141010/Plugins/wdb010_5.0.0.1001.cab|k=1
md5=24e7c0460c20555a6d8ba1a54be85771
path=%productpath%\Plugins\
check=(%trate%<="9999")

[wdb011.wl]
ver=5.0.0.1001
url=pdown://http://sdup.360.cn/lib/20141010/Plugins/wdb011_5.0.0.1001.cab|k=1
md5=dafb1eb213a161ede5945b95228123b0
path=%productpath%\Plugins\
check=(%trate%<="9999")

[wdb012.wl]
ver=5.0.0.1001
url=pdown://http://sdup.360.cn/lib/20141010/Plugins/wdb012_5.0.0.1001.cab|k=1
md5=4152fec31f7f834be1beb0014738bacc
path=%productpath%\Plugins\
check=(%trate%<="9999")

[wdb013.wl]
ver=5.0.0.1001
url=pdown://http://sdup.360.cn/lib/20141010/Plugins/wdb013_5.0.0.1001.cab|k=1
md5=1f3e190c6636d16346a680330a597dc4
path=%productpath%\Plugins\
check=(%trate%<="9999")

[wdb014.wl]
ver=5.0.0.1001
url=pdown://http://sdup.360.cn/lib/20141010/Plugins/wdb014_5.0.0.1001.cab|k=1
md5=b42c8dc59a74fe5eb24702c844ff231a
path=%productpath%\Plugins\
check=(%trate%<="9999")

[wdb015.wl]
ver=5.0.0.1001
url=pdown://http://sdup.360.cn/lib/20141010/Plugins/wdb015_5.0.0.1001.cab|k=1
md5=9aa97aa25321aef34de3f78639b41beb
path=%productpath%\Plugins\
check=(%trate%<="9999")

[wdb016.wl]
ver=5.0.0.1001
url=pdown://http://sdup.360.cn/lib/20141010/Plugins/wdb016_5.0.0.1001.cab|k=1
md5=193eac803a9e3b7540441e51ddd89d98
path=%productpath%\Plugins\
check=(%trate%<="9999")

[wdb017.wl]
ver=5.0.0.1001
url=pdown://http://sdup.360.cn/lib/20141010/Plugins/wdb017_5.0.0.1001.cab|k=1
md5=fbd09bba82408477fcd0a7f2eba12cd8
path=%productpath%\Plugins\
check=(%trate%<="9999")

[wdbqvm.wl]
ver=5.0.0.1020
url=pdown://http://sdup.360.cn/lib/20141010/Plugins/wdbqvm_5.0.0.1020.cab|k=1
md5=7ab1a920ac191e9c94c0ba40c4d4e0ee
path=%productpath%\Plugins\
check=(%trate%<="9999")

[arfp.db]
ver=2.0.0.71
url=pdown://http://sdup.360.cn/lib/20141010/arfp_2.0.0.71.cab|k=1
md5=0cb04d33731dab36a4625aa4ffefc456
path=%productpath%\

[url_count.txt]
ver=2.0.0.269
url=pdown://http://sdup.360.cn/lib/20141010/savapi/url_count_2.0.0.269.cab|k=1
md5=6083ba9a505a54cdcacbcceb824a7756
path=%productpath%\savapi\

[speednpepre0.dat]
ver=1.0.0.1040
url=pdown://http://sdup.360.cn/lib/20141010/speednpepre0_1.0.0.1040.cab|k=1
md5=a13f3e9225edd9a410e69d38a3ebbd55
path=%productpath%\
check=(%fver_SDVersion.dll%>="3.0.0.2122")

[speednpepre1.dat]
ver=1.0.0.1040
url=pdown://http://sdup.360.cn/lib/20141010/speednpepre1_1.0.0.1040.cab|k=1
md5=26f542953517dcb86b950570cd974b4a
path=%productpath%\
check=(%fver_SDVersion.dll%>="3.0.0.2122")

[360ave_ex.def]
ver=1.4.38.1
url=pdown://http://sdup.360.cn/lib/20141010/360ave_ex_1.4.38.1.cab|k=1
md5=3dc7d95b3535505ce42d5ca68443651c
path=%productpath%\
check=(%fver_SDVersion.dll%>="4.2.1.4042")&&(%trate%<="2000")

[model.cab]
ver=4.2014.1009.1015
url=pdown://b2=5992071|p2=311EE8F56B37CBC8FB386AB6D5BBC422E67C4037|p3=20|c2=1|b7=5|b9=1|b5=360杀毒|b6=程序升级|http://sdup.360.cn/lib/20141010/model_4.2014.1009.1015.cab|k=2
md5=0782e4bd5a642b64a34a85b2c0c39736
path=%productpath%\Model\
flag=256
check=(%fver_360QVM.dll%=="4.1.0.1003")&&(%bole_ver%<"4.2014.1009.1015")&&(%trate%<="2000")

[update_1.txt]
rname=update.txt
ver=2.0.0.5259
md5=4aec936678a7a4f8671d2a9581fbc32e
url=pdown://http://sdup.360.cn/lib/20141010/Plugins/update_20141010.cab|k=1
path=%productpath%\Plugins\
check=((%fver_scan.dll%>="1.0.0.1001")||(%fver_vdbup.dll%>="1.0.0.1001")||(%EngMask%=="1"))&&(%eng%=="")

[update_BD.txt]
ver=2.0.0.5259
md5=4aec936678a7a4f8671d2a9581fbc32e
url=pdown://http://sdup.360.cn/lib/20141010/Plugins/update_BD_20141010.cab|k=1
path=%productpath%\Plugins\
check=((%fver_scan.dll%>="1.0.0.1001")||(%fver_vdbup.dll%>="1.0.0.1001")||(%EngMask%=="1"))&&(%eng%=="")

[BlackCache.db]
ver=1.0.0.1056
md5=85ca9c3c739679ff8a8a13100080bd26
url=pdown://b2=182119|p2=6185638416CFB05D20ADC696A87C23379C3934F0|p3=20|c2=1|b7=5|b9=1|b5=360杀毒|b6=程序升级|http://sdup.360.cn/lib/20141010/blackcache_1.0.0.1056.cab|k=2
path=%productpath%\SoftMgr\
check=(%fver_AntiInstall.dll%>="4.2.0.4077")&&(%trate%<="9999")

[SDVersion.dll]
ver=3.0.1.2085
md5=37d3fc04289951720dbef97e49a14147
url=pdown://http://sdl.360safe.com/3.0.1.2085D/SDVersion_dll.cab|k=1
path=%productpath%\

[360QVM.dll]
ver=4.0.0.1002
url=pdown://http://sdup.360.cn/lib/20141010/360qvm.dll_4.0.0.1002.cab|k=1
md5=d3396eac20962a1d273ac406ab315f13
path=%productpath%\

[AntiInstall.dll]
ver=1.0.0.1001
md5=8e3a25026d135817120b59bf03f51f46
url=http://sdup.360.cn/lib/20141010/AntiInstall_dll.cab|k=1
path=%productpath%\immplugin\

[scan.dll]
ver=1.0.0.1001
md5=d46aaea32e27a2fb3950c4d5513ffdbf
url=pdown://http://sdl.360safe.com/3.1.1.3027B/scan.dllcab|k=1
path=%productpath%\

[vdbup.dll]
ver=1.0.0.1001
md5=d46aaea32e27a2fb3950c4d5513ffdbf
url=pdown://http://sdl.360safe.com/3.1.1.3027B/scan.dllcab|k=1
path=%productpath%\

[360signdata]
sign=010000009C67ADB30297D164213C3785A43ACAF29CB27D9DB7BD99692A6BA4B0B501A89DADFD4A50F743E526B3606FD4A5040B4C5DB9A504BFD917DD29FE8EF29B42CDE88F845B17F9835A0015ADDA4933D9AEF9FB5113F1704E2DDAC419D4D6C4AA24D97D09CDAB1401CAE6E9CC71E9F4711D45F899DBF91885899D1DAE11E20ADC22AF[/mw_shl_code]
OAKESS
发表于 2014-10-10 13:06:29 | 显示全部楼层
利刀1937 发表于 2014-10-10 12:54
[mw_shl_code=css,true]
[360sdquick]
name=360杀毒

貌似是正常的
这两天我这上个卡饭点“主站”就有一定几率被劫持到http://114search.114so.cn/tccoun ... cn%2F2011%2Fad2.php

然后被ADsafe跳转到百度

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-25 16:52 , Processed in 0.121533 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表