{
"$type": "site.standard.document",
"bskyPostRef": {
"cid": "bafyreiho6oijxl5dgjnz2zwzyejczqbtc3bmmor4sfms32tfg34ft6wahy",
"uri": "at://did:plc:pzl77dcojpwg7wosvz5x6iti/app.bsky.feed.post/3mm7kcpuoue62"
},
"path": "/t/1213911#reply2",
"publishedAt": "2026-05-19T13:13:20.000Z",
"site": "https://www.v2ex.com",
"tags": [
"iii3.net",
"http://101.132.115.120/?explorer/share/file&hash=2abfSrDDx20YrPISmYnueseOuCpeHrhLUBpae7AILuXpQoDJUhRte31e_jzJRnciKQKV"
],
"textContent": "电脑会随机启动一个恶意广告弹窗程序 位置在 C:\\Windows\\SysWOW64\\config\\systemprofile\\AppData\\Roaming\\popAD.exe\n\n是伪装搜狗输入法的广告,点击会跳转到 iii3.net 的网址 截图为 http://101.132.115.120/?explorer/share/file&hash=2abfSrDDx20YrPISmYnueseOuCpeHrhLUBpae7AILuXpQoDJUhRte31e_jzJRnciKQKV 这个是我买的阿里云的 es 搭的简易网盘,不放心可以不点击 另外这个程序还有签名 是 深圳市聚点互娱文化传媒有限公司\n\n以为是搜狗的广告,就把搜狗输入法卸载了还是会有\n\n把这个程序删除了,还是会随机生成并启动\n\n用 Process Explorer 分析了下 调用链是 PerceptionSimulationService.exe->backgroundTaskHost.exe ->popAD.exe\n\n然后 popAD.exe 的 dlls 全是 C:\\Windows\\System32 和 C:\\Windows\\SysWOW64 这两个目录的\n\n该怎么揪出这个凶手,先谢谢各位了, 如果需要其他截图我再附上\n\npopAD.exe 的 dlls\n\nProcess: PopAD.exe Pid: 12244\n\nName Description Company Name Path advapi32.dll Advanced Windows 32 Base API Microsoft Corporation C:\\Windows\\SysWOW64\\advapi32.dll bcrypt.dll Windows Cryptographic Primitives Library (Wow64) Microsoft Corporation C:\\Windows\\SysWOW64\\bcrypt.dll bcryptprimitives.dll Windows Cryptographic Primitives Library Microsoft Corporation C:\\Windows\\SysWOW64\\bcryptprimitives.dll C_1252.NLS C:\\Windows\\System32\\C_1252.NLS C_20127.NLS C:\\Windows\\System32\\C_20127.NLS clbcatq.dll COM+ Configuration Catalog Microsoft Corporation C:\\Windows\\SysWOW64\\clbcatq.dll combase.dll Microsoft COM for Windows Microsoft Corporation C:\\Windows\\SysWOW64\\combase.dll comctl32.dll 用户体验控件库 Microsoft Corporation C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.6926_none_a862dc10867520ec\\comctl32.dll CoreMessaging.dll Microsoft CoreMessaging Dll Microsoft Corporation C:\\Windows\\SysWOW64\\CoreMessaging.dll CoreUIComponents.dll Microsoft Core UI Components Dll Microsoft Corporation C:\\Windows\\SysWOW64\\CoreUIComponents.dll crypt32.dll Crypto API32 Microsoft Corporation C:\\Windows\\SysWOW64\\crypt32.dll crypt32.dll.mui 加密 API32 Microsoft Corporation C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackzh-CN_19041.81.277.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\zh-CN\\crypt32.dll.mui cryptbase.dll Base cryptographic API DLL Microsoft Corporation C:\\Windows\\SysWOW64\\cryptbase.dll cryptnet.dll Crypto Network Related API Microsoft Corporation C:\\Windows\\SysWOW64\\cryptnet.dll cryptsp.dll Cryptographic Service Provider API Microsoft Corporation C:\\Windows\\SysWOW64\\cryptsp.dll d3d11.dll Direct3D 11 Runtime Microsoft Corporation C:\\Windows\\SysWOW64\\d3d11.dll DataExchange.dll Data exchange Microsoft Corporation C:\\Windows\\SysWOW64\\DataExchange.dll dcomp.dll Microsoft DirectComposition Library Microsoft Corporation C:\\Windows\\SysWOW64\\dcomp.dll dhcpcsvc.dll DHCP Client Service Microsoft Corporation C:\\Windows\\SysWOW64\\dhcpcsvc.dll dnsapi.dll DNS Client API DLL Microsoft Corporation C:\\Windows\\SysWOW64\\dnsapi.dll dpapi.dll Data Protection API Microsoft Corporation C:\\Windows\\SysWOW64\\dpapi.dll dxgi.dll DirectX Graphics Infrastructure Microsoft Corporation C:\\Windows\\SysWOW64\\dxgi.dll FWPUCLNT.DLL FWP/IPsec 用户模式 API Microsoft Corporation C:\\Windows\\SysWOW64\\FWPUCLNT.DLL gdi32.dll GDI Client DLL Microsoft Corporation C:\\Windows\\SysWOW64\\gdi32.dll gdi32full.dll GDI Client DLL Microsoft Corporation C:\\Windows\\SysWOW64\\gdi32full.dll GdiPlus.dll Microsoft GDI+ Microsoft Corporation C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.7291_none_d95545c5e100c6e6\\GdiPlus.dll iertutil.dll Internet Explorer 的运行时实用程序 Microsoft Corporation C:\\Windows\\SysWOW64\\iertutil.dll imm32.dll Multi-User Windows IMM32 API Client DLL Microsoft Corporation C:\\Windows\\SysWOW64\\imm32.dll IPHLPAPI.DLL IP Helper API Microsoft Corporation C:\\Windows\\SysWOW64\\IPHLPAPI.DLL kernel.appcore.dll AppModel API Host Microsoft Corporation C:\\Windows\\SysWOW64\\kernel.appcore.dll kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation C:\\Windows\\SysWOW64\\kernel32.dll KernelBase.dll Windows NT BASE API Client DLL Microsoft Corporation C:\\Windows\\SysWOW64\\KernelBase.dll locale.nls C:\\Windows\\System32\\locale.nls msasn1.dll ASN.1 Runtime APIs Microsoft Corporation C:\\Windows\\SysWOW64\\msasn1.dll msctf.dll MSCTF Server DLL Microsoft Corporation C:\\Windows\\SysWOW64\\msctf.dll msimg32.dll GDIEXT Client DLL Microsoft Corporation C:\\Windows\\SysWOW64\\msimg32.dll mskeyprotect.dll Microsoft Key Protection Provider Microsoft Corporation C:\\Windows\\SysWOW64\\mskeyprotect.dll msvcp_win.dll Microsoft® C Runtime Library Microsoft Corporation C:\\Windows\\SysWOW64\\msvcp_win.dll msvcrt.dll Windows NT CRT DLL Microsoft Corporation C:\\Windows\\SysWOW64\\msvcrt.dll mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation C:\\Windows\\SysWOW64\\mswsock.dll mswsock.dll.mui Microsoft Windows Sockets 2.0 服务提供程序 Microsoft Corporation C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackzh-CN_19041.81.277.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\zh-CN\\mswsock.dll.mui ncrypt.dll Windows NCrypt Router Microsoft Corporation C:\\Windows\\SysWOW64\\ncrypt.dll ncryptsslp.dll Microsoft SChannel Provider Microsoft Corporation C:\\Windows\\SysWOW64\\ncryptsslp.dll netutils.dll Net Win32 API Helpers DLL Microsoft Corporation C:\\Windows\\SysWOW64\\netutils.dll nsi.dll NSI User-mode interface DLL Microsoft Corporation C:\\Windows\\SysWOW64\\nsi.dll ntasn1.dll Microsoft ASN.1 API Microsoft Corporation C:\\Windows\\SysWOW64\\ntasn1.dll ntdll.dll NT 层 DLL Microsoft Corporation C:\\Windows\\SysWOW64\\ntdll.dll ntdll.dll NT 层 DLL Microsoft Corporation C:\\Windows\\System32\\ntdll.dll ntmarta.dll Windows NT MARTA provider Microsoft Corporation C:\\Windows\\SysWOW64\\ntmarta.dll ole32.dll Microsoft OLE for Windows Microsoft Corporation C:\\Windows\\SysWOW64\\ole32.dll oleacc.dll Active Accessibility Core Component Microsoft Corporation C:\\Windows\\SysWOW64\\oleacc.dll oleaccrc.dll Active Accessibility Resource DLL Microsoft Corporation C:\\Windows\\SysWOW64\\oleaccrc.dll oleaut32.dll OLEAUT32.DLL Microsoft Corporation C:\\Windows\\SysWOW64\\oleaut32.dll OnDemandConnRouteHelper.dll On Demand Connctiond Route Helper Microsoft Corporation C:\\Windows\\SysWOW64\\OnDemandConnRouteHelper.dll PopAD.exe C:\\Windows\\SysWOW64\\config\\systemprofile\\AppData\\Roaming\\PopAD.exe profapi.dll User Profile Basic API Microsoft Corporation C:\\Windows\\SysWOW64\\profapi.dll rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation C:\\Windows\\SysWOW64\\rasadhlp.dll rpcrt4.dll Remote Procedure Call Runtime Microsoft Corporation C:\\Windows\\SysWOW64\\rpcrt4.dll rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation C:\\Windows\\SysWOW64\\rsaenh.dll schannel.dll TLS / SSL Security Provider Microsoft Corporation C:\\Windows\\SysWOW64\\schannel.dll sechost.dll Host for SCM/SDDL/LSA Lookup APIs Microsoft Corporation C:\\Windows\\SysWOW64\\sechost.dll SHCore.dll SHCORE Microsoft Corporation C:\\Windows\\SysWOW64\\SHCore.dll shell32.dll Windows Shell Common Dll Microsoft Corporation C:\\Windows\\SysWOW64\\shell32.dll shlwapi.dll Shell Light-weight Utility Library Microsoft Corporation C:\\Windows\\SysWOW64\\shlwapi.dll SortDefault.nls C:\\Windows\\Globalization\\Sorting\\SortDefault.nls srvcli.dll Server Service Client DLL Microsoft Corporation C:\\Windows\\SysWOW64\\srvcli.dll sspicli.dll Security Support Provider Interface Microsoft Corporation C:\\Windows\\SysWOW64\\sspicli.dll TextInputFramework.dll \"TextInputFramework.DYNLINK\" Microsoft Corporation C:\\Windows\\SysWOW64\\TextInputFramework.dll twinapi.appcore.dll twinapi.appcore Microsoft Corporation C:\\Windows\\SysWOW64\\twinapi.appcore.dll ucrtbase.dll Microsoft® C Runtime Library Microsoft Corporation C:\\Windows\\SysWOW64\\ucrtbase.dll urlmon.dll Win32 的 OLE32 扩展 Microsoft Corporation C:\\Windows\\SysWOW64\\urlmon.dll user32.dll 多用户 Windows 用户 API 客户端 DLL Microsoft Corporation C:\\Windows\\SysWOW64\\user32.dll uxtheme.dll Microsoft UxTheme Library Microsoft Corporation C:\\Windows\\SysWOW64\\uxtheme.dll webio.dll Web Transfer Protocols API Microsoft Corporation C:\\Windows\\SysWOW64\\webio.dll win32u.dll Win32u Microsoft Corporation C:\\Windows\\SysWOW64\\win32u.dll windows.storage.dll Microsoft WinRT Storage API Microsoft Corporation C:\\Windows\\SysWOW64\\windows.storage.dll WindowsCodecs.dll Microsoft Windows Codecs Library Microsoft Corporation C:\\Windows\\SysWOW64\\WindowsCodecs.dll winhttp.dll Windows HTTP Services Microsoft Corporation C:\\Windows\\SysWOW64\\winhttp.dll wininet.dll Internet Extensions for Win32 Microsoft Corporation C:\\Windows\\SysWOW64\\wininet.dll winmm.dll MCI API DLL Microsoft Corporation C:\\Windows\\SysWOW64\\winmm.dll winnlsres.dll NLSBuild resource DLL Microsoft Corporation C:\\Windows\\SysWOW64\\winnlsres.dll winnlsres.dll.mui NLSBuild 资源 DLL Microsoft Corporation C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackzh-CN_19041.81.277.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\zh-CN\\winnlsres.dll.mui winnsi.dll Network Store Information RPC interface Microsoft Corporation C:\\Windows\\SysWOW64\\winnsi.dll winspool.drv Windows Spooler Driver Microsoft Corporation C:\\Windows\\SysWOW64\\winspool.drv wintrust.dll Microsoft Trust Verification APIs Microsoft Corporation C:\\Windows\\SysWOW64\\wintrust.dll WinTypes.dll Windows Base Types DLL Microsoft Corporation C:\\Windows\\SysWOW64\\WinTypes.dll wldp.dll Windows Lockdown Policy Microsoft Corporation C:\\Windows\\SysWOW64\\wldp.dll wow64.dll Win32 Emulation on NT64 Microsoft Corporation C:\\Windows\\System32\\wow64.dll wow64cpu.dll AMD64 Wow64 CPU Microsoft Corporation C:\\Windows\\System32\\wow64cpu.dll wow64win.dll Wow64 Console and Win32 API Logging Microsoft Corporation C:\\Windows\\System32\\wow64win.dll ws2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation C:\\Windows\\SysWOW64\\ws2_32.dll",
"title": "电脑被植入了恶意广告弹窗 popAD.exe 求各位大佬帮忙",
"updatedAt": "2026-05-19T13:14:31.000Z"
}