紧急!!360ai助手rundll32.exe代码注入等
最近大范围报警如下,很紧急:
MA_Remote_Process_Injection - Regsvr32/Rundll32
c:\\windows\\system32\\rundll32.exe \"C:\\WINDOWS\\sysnative\\rundll32.exe\" \"C:\\Users\\min.zhang\\AppData\\Roaming\\Reader\\AiWorkShell64.dll\" RunCmd placeholder --cmd=inject --pid=17544 --tid=8180
进程的命令行中有明显的注入尝试迹象。请说明一下情况,谢谢
Process Command Line c:\\windows\\system32\\rundll32.exe \"C:\\WINDOWS\\sysnative\\rundll32.exe\" \"C:\\Users\\min.zhang\\AppData\\Roaming\\Reader\\AiWorkShell64.dll\" RunCmd placeholder --cmd=inject --pid=17544 --tid=8180
The following arguments suggest that code injection attempts are being performed by this tool using Rundll32.exe:
• RunCmd is an exported function being called from the DLL "AiWorkShell64.dll".
• "--cmd=inject" suggests code injection
• "--pid=17544 and --tid=8180" refer to the Process ID and Thread ID of the target process and thread for injection.
本帖最后由 紫夜ミ月 于 2025-6-26 14:05 编辑
您好,感谢关注360AI办公,经核实因办公工作台功能需要,将模块加载到explorer进程里实现对应的功能,以提升产品体验。若该行为对您造成影响,可以留个联系QQ,我们协助帮您解决下~
页:
[1]