FlashGet = Downloader ?

显示全部楼层 · 发表于 2008-11-9 16:43:40

防不胜防。

显示全部楼层 · 发表于 2008-11-9 17:56:07

和我遇到同意情况

经鉴别，是自动升级某些文件时，某些文件URL被重定向了，包括flashget3.ini以及updates.cab

http://hi.baidu.com/dikex/blog/item/e871cd1fa88c7364f624e4a0.html

显示全部楼层 · 发表于 2008-11-9 18:40:32

更新档网址
hxxp://dl.flashget.com/flashget/updates.cab (59.51.114.16) 湖南省衡阳市电信
被转向为hxxp://60.28.209.126/updates.cab (60.28.209.126) 天津市网通ADSL

Site found: dl.flashget.com=59.51.114.16
Connecting to 59.51.114.16
Connected to 59.51.114.16
GET hxxp://dl.flashget.com/flashget/updates.cab
> Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
> User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)
> Host: dl.flashget.com
Request sent. 401 bytes
Data available. 304/304 bytes
< hxxp/1.0 302 Moved Temporarily
< Date: Sun, 09 Nov 2008 10:34:11 GMT
< Location: hxxp://60.28.209.126/updates.cab
< Content-Length: 304
< Content-Type: text/html; charset=iso-8859-1
< Connection: keep-alive
<
302 Request complete
Site found: 60.28.209.126=60.28.209.126
Connecting to 60.28.209.126
Connected to 60.28.209.126
GET hxxp://60.28.209.126/updates.cab
> Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
> User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)
> Host: 60.28.209.126
Request sent. 225 bytes
Data available. 16384/16384 bytes
Data available. 16384/32768 bytes
Data available. 16384/49152 bytes
Data available. 16384/65536 bytes
Data available. 11824/77360 bytes
< hxxp/1.1 200 OK
< Content-Type: application/octet-stream
< ETag: "-718413286"
< Accept-Ranges: bytes
< Last-Modified: Sun, 09 Nov 2008 01:07:04 GMT
< Content-Length: 77360
< Date: Sun, 09 Nov 2008 10:42:45 GMT
< Server: lighxxpd/1.4.13
<
200 Request complete
GET hxxp://dl.flashget.com/flashget/updates.cab
> Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
> User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)
> Host: dl.flashget.com
Request sent. 236 bytes
Data available. 304/304 bytes
< hxxp/1.0 302 Moved Temporarily
< Date: Sun, 09 Nov 2008 10:34:31 GMT
< Location: hxxp://60.28.209.126/updates.cab
< Content-Length: 304
< Content-Type: text/html; charset=iso-8859-1
< Connection: keep-alive
<
302 Request complete

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="hxxp://60.28.209.126/updates.cab">here</a>.</p>
<hr>
<address>Apache/2.2.0 (Unix) PHP/5.1.6 Server at dl.flashget.com Port 80</address>
</body></html>

[ 本帖最后由 domino 于 2008-11-9 18:45 编辑 ]

显示全部楼层 · 发表于 2008-11-12 22:43:22

早就发现FLASHGET 有些不正常的动，如企图修改HOSTS 文件，以前快车没有这个动作。因为启用了文件保护，SYSTEM32 目录下的文件它无法创建及替换，企图修改HOSTS 文件也被阻止。

[病毒样本] FlashGet = Downloader ?

评分