zahni 550 Geschrieben 3. August 2013 Melden Teilen Geschrieben 3. August 2013 Hi, Siehe dazu http://forum.avira.com/wbb/index.php?page=Thread&threadID=155005 Ich habe das mal nachvollzogen. Der Installer lädt in der Tat von einem Update-Server einen Virus: hxxp://cdn_dot_pandora.tv/KMP/player/update/kmp_3.6.0.87_20130803063949.exe https://www.virustotal.com/en/file/42e928594c47b43f8d9344b4f9fa156f1189d40384c55988b4808aa9fb7429c9/analysis/1375532164/ Wer den KMPlayer installiert hat, den PC unbedingt auf Viren prüfen Siehe HTTP-Trace GET /player/ini_goods/?encode=1 HTTP/1.1 User-Agent: NSIS_Inetc (Mozilla) Host: update.kmpmedia.net Connection: Keep-Alive Pragma: no-cache HTTP/1.1 302 Found Date: Sat, 03 Aug 2013 12:14:31 GMT Server: Apache/2.4.4 (Unix) PHP/5.4.12 X-Powered-By: PHP/5.4.12 Location: http://cdn.pandora.tv/KMP/player/ini/goods/kmp_ini_goods_00_1_20130802021853.7z Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 ------------------------------------------------------------------ GET /KMP/player/ini/goods/kmp_ini_goods_00_1_20130802021853.7z HTTP/1.1 User-Agent: NSIS_Inetc (Mozilla) Host: cdn.pandora.tv Connection: Keep-Alive Pragma: no-cache HTTP/1.1 200 OK Date: Sat, 3 Aug 2013 12:08:49 GMT Server: Apache Last-Modified: Fri, 02 Aug 2013 05:18:55 GMT ETag: "1118" Accept-Ranges: bytes Content-Length: 4376 Cache-Control: max-age=946080000 Expires: Mon, 27 Jul 2043 12:08:49 GMT Content-Type: application/x-7z-compressed Caching Server: WebCachingServer(WT-6K) ------------------------------------------------------------------ GET /player/goods/?sq=5&division=d HTTP/1.1 User-Agent: NSIS_Inetc (Mozilla) Host: update.kmpmedia.net Connection: Keep-Alive Pragma: no-cache HTTP/1.1 302 Found Date: Sat, 03 Aug 2013 12:14:45 GMT Server: Apache/2.4.4 (Unix) PHP/5.4.12 X-Powered-By: PHP/5.4.12 Location: http://cdn.pandora.tv/KMP/player/update/kmp_3.6.0.87_20130803063949.exe Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 ------------------------------------------------------------------ GET /KMP/player/update/kmp_3.6.0.87_20130803063949.exe HTTP/1.1 User-Agent: NSIS_Inetc (Mozilla) Host: cdn.pandora.tv Connection: Keep-Alive Pragma: no-cache HTTP/1.1 200 OK Date: Sat, 3 Aug 2013 12:08:55 GMT Server: Apache Last-Modified: Fri, 02 Aug 2013 21:39:51 GMT ETag: "33000" Accept-Ranges: bytes Content-Length: 208896 Cache-Control: max-age=946080000 Expires: Mon, 27 Jul 2043 12:08:55 GMT Content-Type: application/x-msdownload Caching Server: WebCachingServer(WT-6K) ------------------------------------------------------------------ GET /player/goods/?sq=5&division=d HTTP/1.1 User-Agent: NSIS_Inetc (Mozilla) Host: update.kmpmedia.net Connection: Keep-Alive HTTP/1.1 302 Found Date: Sat, 03 Aug 2013 12:15:07 GMT Server: Apache/2.4.4 (Unix) PHP/5.4.12 X-Powered-By: PHP/5.4.12 Location: hxxp://cdn_dot_pandora.tv/KMP/player/update/kmp_3.6.0.87_20130803063949.exe Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 ------------------------------------------------------------------ GET /KMP/player/update/kmp_3.6.0.87_20130803063949.exe HTTP/1.1 User-Agent: NSIS_Inetc (Mozilla) Range: bytes=1024- Connection: Keep-Alive Host: cdn.pandora.tv If-Range: "33000" HTTP/1.1 206 Partial Content Date: Fri, 02 Aug 2013 21:41:01 GMT Server: Apache Last-Modified: Fri, 02 Aug 2013 21:39:51 GMT ETag: "33000" Accept-Ranges: bytes Content-Length: 207872 Cache-Control: max-age=946080000 Expires: Sun, 26 Jul 2043 21:41:01 GMT Content-Type: application/x-msdownload Caching Server: WebCachingServer(WT-6K) Content-Range: bytes 1024-208895/208896 ------------------------------------------------------------------ Zitieren Link zu diesem Kommentar
Empfohlene Beiträge
Schreibe einen Kommentar
Du kannst jetzt antworten und Dich später registrieren. Falls Du bereits ein Mitglied bist, logge Dich jetzt ein.