Need help? Ask the community or hire an expert.
Go to Avira Answers
Nume:TR/Buzus.dhxv
Tip:Troian
ITW:Da
Numar infectii raportate:Scazut spre mediu
Potential de raspandire:Mediu
Potential de distrugere:Mediu
Fisier static:Da
Marime:273.415 Bytes
MD5:bb1c8ec022fc800dc5a7f4a217c47e2a

 General Metode de raspandire:
   • Functia autorun
   • Reteaua locala
   • Messenger


Alias:
   •  Sophos: Troj/Nyrate-L
   •  Panda: W32/IRCbot.CVD
   •  Eset: Win32/AutoRun.IRCBot.DZ
   •  Bitdefender: Backdoor.Tofsee.Gen


Sistem de operare:
   • Windows 2000
   • Windows XP
   • Windows 2003


Efecte secundare:
   • Descarca un fisier malware
   • Creeaza fisiere malware
   • Reduce setarile de securitate
   • Modificari in registri
   • Posibilitatea accesului neautorizat la computer

 Fisiere Se copiaza in urmatoarele locatii:
   • %unitate disc%\conime.exe
   • %SYSDIR%\wcoredt.exe



Suprascrie un fisier.
%SYSDIR%\drivers\etc\hosts



Sterge copia initiala a virusului.



Este creat fisierul:

%unitate disc%\autorun.inf Acesta este un fisier text care nu prezinta pericol si are urmatorul continut:
   • %cod care ruleaza fisierul malitios%




Incearca sa descarce un fisier:

– Adresa este urmatoarea:
   • http://up.g-youtube.info/net/**********




Incearca sa execute urmatoarele fisiere:

– Numele fisierului:
   • ipconfig /flushdns


– Numele fisierului:
   • sc delete K7TSMngr


– Numele fisierului:
   • net stop "avast! Antivirus"


– Numele fisierului:
   • sc stop "avast! Antivirus"


– Numele fisierului:
   • sc config "avast! Antivirus" start= disabled


– Numele fisierului:
   • net1 stop "avast! Antivirus"


– Numele fisierului:
   • sc delete "avast! Antivirus"


– Numele fisierului:
   • net stop AntiVirService


– Numele fisierului:
   • sc stop AntiVirService


– Numele fisierului:
   • sc config AntiVirService start= disabled


– Numele fisierului:
   • net1 stop AntiVirService


– Numele fisierului:
   • net stop K7RTScan


– Numele fisierului:
   • sc delete AntiVirService


– Numele fisierului:
   • net stop PASRV


– Numele fisierului:
   • sc stop PASRV


– Numele fisierului:
   • net1 stop PASRV


– Numele fisierului:
   • sc config PASRV start= disabled


– Numele fisierului:
   • sc delete PASRV


– Numele fisierului:
   • net stop VSSERV


– Numele fisierului:
   • sc stop VSSERV


– Numele fisierului:
   • sc config VSSERV start= disabled


– Numele fisierului:
   • net1 stop VSSERV


– Numele fisierului:
   • sc stop K7RTScan


– Numele fisierului:
   • sc delete VSSERV


– Numele fisierului:
   • net stop avg8wd


– Numele fisierului:
   • sc stop avg8wd


– Numele fisierului:
   • sc config avg8wd start= disabled


– Numele fisierului:
   • net1 stop avg8wd


– Numele fisierului:
   • sc delete avg8wd


– Numele fisierului:
   • net stop avg9wd


– Numele fisierului:
   • sc stop avg9wd


– Numele fisierului:
   • net1 stop avg9wd


– Numele fisierului:
   • sc config avg9wd start= disabled


– Numele fisierului:
   • sc config K7RTScan start= disabled


– Numele fisierului:
   • sc delete avg9wd


– Numele fisierului:
   • net stop NOD32krn


– Numele fisierului:
   • sc stop NOD32krn


– Numele fisierului:
   • net1 stop NOD32krn


– Numele fisierului:
   • sc config NOD32krn start= disabled


– Numele fisierului:
   • sc delete NOD32krn


– Numele fisierului:
   • net stop ekrn


– Numele fisierului:
   • sc stop ekrn


– Numele fisierului:
   • net1 stop ekrn


– Numele fisierului:
   • sc config ekrn start= disabled


– Numele fisierului:
   • net1 stop K7RTScan


– Numele fisierului:
   • sc delete ekrn


– Numele fisierului:
   • net stop McShield


– Numele fisierului:
   • sc stop McShield


– Numele fisierului:
   • net1 stop McShield


– Numele fisierului:
   • sc config McShield start= disabled


– Numele fisierului:
   • sc delete McShield


– Numele fisierului:
   • net stop OutpostFirewall


– Numele fisierului:
   • sc stop OutpostFirewall


– Numele fisierului:
   • sc config OutpostFirewall start= disabled


– Numele fisierului:
   • sc delete K7RTScan


– Numele fisierului:
   • net stop K7TSMngr


– Numele fisierului:
   • sc stop K7TSMngr


– Numele fisierului:
   • sc config K7TSMngr start= disabled


– Numele fisierului:
   • net1 stop K7TSMngr

 Registrii sistemului Urmatoarea cheie este adaugata in registri pentru a rula procesul la repornirea sistemului:

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   • "conime.exe"="conime.exe"



Se sterg urmatoarele chei din registri, inclusiv toate valorile si cheile subordnate:
   • [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal]
   • [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network]



Creeaza urmatoarea valoare, pentru a trece de Windows firewall:

– [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\
   FirewallPolicy\DomainProfile\AuthorizedApplications\List]
   • "%SYSDIR%\wcoredt.exe"="%SYSDIR%\wcoredt.exe:*:Enabled:LAN Router"



Urmatoarele chei sunt adaugate in registrii sistemului:

– [HKLM\SOFTWARE\Microsoft\Security Center]
   • "AntiVirusDisableNotify"=dword:0x00000001
   • "AntiVirusOverride"=dword:0x00000001
   • "FirewallDisableNotify"=dword:0x00000001
   • "FirewallOverride"=dword:0x00000001

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\conime.exe]
   • "Debugger"="wcoredt.exe"

– [HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
   • "DisableConfig"=dword:0x00000001

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\
   Layers]
   • "%SYSDIR%\wcoredt.exe"="DisableNXShowUI"

– [HKLM\SOFTWARE\Policies\Microsoft\MRT]
   • "DontReportInfectionInformation"=dword:0x00000001



Urmatoarele chei din registri sunt modificate:

– [HKLM\SYSTEM\CurrentControlSet\Services\wscsvc]
   Noua valoare:
   • "Start"=dword:0x00000004

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
   Folder\SuperHidden]
   Noua valoare:
   • "CheckedValue"=dword:0x00000001

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
   Noua valoare:
   • "Hidden"=dword:0x00000002

 Messenger Se raspandeste prin messenger. Caracteristicile sunt:

– MSN Messenger
– Yahoo Messenger

URL-ul trimte la o copie a malware-ului descris. Daca utilizatorul descarca si executa acest fisier, procesul de infectare porneste din nou.

 Reţea Pentru a-si asigura raspandirea, programul malware incearca sa contacteze alte sisteme, asa cum este descris in continuare:


Exploit:
Foloseste urmatoarele vulnerabilitati:
– MS04-007 (ASN.1 Vulnerability)
– MS06-040 (Vulnerability in Server Service)


Generarea adreselor IP:
Creeaza adrese IP aleatoare, pastrand doar primii doi octeti din propria adresa. Apoi incearca sa contacteze adresele create.

 IRC Pentru a trimite informatii si pentru a fi controlat se conecteaza la serverele IRC:

Server: ptr.b-y**********.info
Port: 7231
Canal: #ops
Nick: N|USA|V2B|0|XP|%numar%

Server: comt0.d-y**********.info
Port: 6104
Canal: #ops
Nick: N|USA|V2B|0|XP|%numar%

 Fisiere host Fisierul

– Accesul la urmatoarele domenii este redirectionat catre alte destinatii:
   • 166.109.246.176 msnfix.changelog.fr; www.incodesolutions.com;
      virusinfo.prevx.com; download.bleepingcomputer.com; www.dazhizhu.cn;
      foro.noticias3d.com; www.spybotupdates.com; club.myce.com;
      www.k7computing.com; softwaresecuritysolutions.com; www.nabble.com;
      lurker.clamav.net; lexikon.ikarus.at; research.sunbelt-software.com;
      www.virusdoctor.jp; www.elitepvpers.de; guru.avg.com;
      downloads.sophos.com; share.skype.com; myantispyware.com;
      www.computerhilfen.de; www.superuser.co.kr; ntfaq.co.kr;
      v.dreamwiz.com; cit.kookmin.ac.kr; forums.whatthetech.com;
      forum.hijackthis.de; avg.vo.llnwd.net; ftp.drweb.com;
      www.zonealarm.com; smadaver.com; support.emsisoft.com;
      psychoski.blogspot.com; www.huaifai.go.th; www.mostz.com;
      www.krupunmai.com; www.cddchiangmai.net; forum.malekal.com;
      tech.pantip.com; sapcupgrades.com; www.elguruinformatico.com;
      forums.avg.com; zastita.com; support.kaspersky.com;
      foro.msgpluslive.es; www.247fixes.com; forum.sysinternals.com;
      forum.telecharger.01net.com; sophos.com; foros.softonic.com;
      avast-home.uptodown.com; dr-web-cureit.softonic.com; heavenward.ru;
      forum.smadav.net; www.forum.kaspersky.com; www.f-secure.com;
      www.chkrootkit.org; diamondcs.com.au; www.rootkit.nl;
      www.sysinternals.com; z-oleg.com; espanol.dir.groups.yahoo.com;
      ftp01net.telechargement.fr; modelayu.com; vaksin.com;
      bbs.kaspersky.com.cn; www.castlecrops.com; www.misec.net;
      safecomputing.umn.edu; www.antirootkit.com; www.greatis.com;
      ar.answers.yahoo.com; www.elhacker.org; research.pandasecurity.com;
      www.tpu.ro; www.pinoyden.com; forum.avira.de; www.rootkit.com;
      www.pctools.com; www.pcsupportadvisor.com; www.resplendence.com;
      www.personal.psu.edu; foro.ethek.com; foro.elhacker.net;
      download.zonealarm.com; spywarehammer.com; www.codelain.com;
      www.thaicert.org; vil.nail.com; search.mcafee.com; wwww.mcafee.com;
      download.nai.com; wwww.experts-exchange.com; www.bakunos.com;
      www.darkclockers.com; www2.gmer.net; ariefew.com; www.emsisoft.com;
      forum.romeonet.ro; www.arenajunkies.com; www.Merijn.org;
      www.spywareinfo.com; www.spybot.info; www.viruslist.com;
      www.hijackthis.de; ftp.f-secure.com; forum.kaspersky.com;
      es.trendmicro-europe.com; www.hvaonline.net; forum.lowyat.net;
      kb.eset.com; majorgeeks.com; www.avp.com; www.virustotal.com;
      www.sophos.com; linhadefensiva.uol.com.br; cmmings.cn;
      www.sergiwa.com; www.el-hacker.com; dl2.agnitum.com; forum.smadav.net;
      images.malwareremoval.com; front.prevx.com; www.avg-antivirus.net;
      www.kaspersky-labs.com; www.kaspersky.com; www.bleepingcomputer.com;
      www.free.grisoft.com; alerta-antivirus.inteco.es; greatis.com;
      www.oprekpc.com; www.gmer.net; forum.kasperskyclub.com;
      securityresponse.symantec.com; www.analysis.seclab.tuwien.ac.at;
      www.symantec.com; www.kztechs.com; ad-aware-se.uptodown.com;
      stdio-labs.blogspot.com; forum.lrytas.lt; www.decido.de;
      wap.elakiri.com; ot-indo.blogspot.com;
      liveupdate.symantecliveupdate.com; liveupdate.symantec.com;
      customer.symantec.com; update.symantec.com; www.box.net;
      foro.el-hacker.com; acs.pandasoftware.com; egavisa.blogspot.com;
      angui123.cn; beta.eset.com; www.mcafee.com; download.mcafee.com;
      mast.mcafee.com; www.tecno-soft.com; ladooscuro.es; ftp.drweb.com;
      download.microsoft.com; www.mypcsafe.com; www.blindedbytech.com;
      kaspersky.com; sis-admin.blogspot.com; guru0.grisoft.cz;
      guru1.grisoft.cz; guru2.grisoft.cz; guru3.grisoft.cz;
      download.bleepingcomputer.com; it.answers.yahoo.com; www.softonic.com;
      www.mycity.rs; cairopt.net; rootrepeal.googlepages.com;
      www.windowexe.com; guru4.grisoft.cz; guru5.grisoft.cz;
      www.virusspy.com; download.f-secure.com; www.malwareremoval.com;
      forums.cnet.com; foros.softonic.com; www.freedrweb.com; www.kaskus.us;
      rootrepeal.psikotick.com; thaicert.nectec.or.th;
      hjt-data.trend-braintree.com; www.pantip.com; secubox.aldria.com;
      www.forospyware.com; www.manuelruvalcaba.com; www.zonavirus.com;
      www.leforo.com; www.gsmph.com; blokvesti.net; www.viprasys.org;
      forum.antivir-pe.de; www.siteadvisor.com; blog.threatfire.com;
      www.threatexpert.com; blog.hispasec.com; www.configurarequipos.com;
      sosvirus.changelog.fr; www.psicofxp.com; www.gsmph.net;
      www.gyakorikerdesek.hu; us.mcafee.com; www.malekal.com;
      mailcenter.rising.com.cn; mailcenter.rising.com; www.rising.com.cn;
      www.rising.com; www.babooforum.com.br; www.runscanner.net;
      www.blogschapines.com; www.zyzoom.org; www.avsoft.ru; www.elakiri.com;
      forum.telecharger.01net.com; sosvirus.changelog.fr;
      upload.changelog.fr; www.raymond.cc; changelog.fr; www.pcentraide.com;
      atazita.blogspot.com; www.thinkpad.cn; www.sunbeltsoftware.com;
      cert.inteco.es; www.gamexeon.com; nod32-antivirus.en.softonic.co;
      www.final4ever.com; files.filefont.com; www.infos-du-net.com;
      www.trendsecure.com; forum.hardware.fr; www.utilidades-utiles.com;
      blogs.icerocket.com; www.spywarefri.dk; alfrasha.maktoob.com;
      www.eset.eu; quickscan.bitdefender.com; www.spychecker.com;
      www.geekstogo.com; forums.maddoktor2.com; www.smokey-services.eu;
      www.clubic.com; www.linhadefensiva.org; www.rolandovera.com;
      forum.burek.com; secure.sophos.com; usa.kaspersky.com;
      board.softpedia.com; download.sysinternals.com; www.pcguide.com;
      www.thetechguide.com; www.ozzu.com; www.changedetection.com;
      espanol.groups.yahoo.com; www.sunbeltsecurity.com;
      www.quickheal.co.in; www.vivalared.com; thailand.itmylike.com;
      community.thaiware.com; www.avpclub.ddns.info;
      www.offensivecomputing.net; www.grisoft.com; boardreader.com;
      www.guiadohardware.net; www.webroot.com; www.thehelper.net;
      www.kaldata.com; vil.nai.com; www.malwarecrypt.com;
      www.msnvirusremoval.com; www.cisrt.org; fixmyim.com; samroeng.hi5.com;
      foro.elhacker.net; www.daboweb.com; service1.symantec.com;
      us3.download.comodo.com; forum.gsmhosting.com; www.computerforum.com;
      forum.avast.com; forums.techguy.org; www.incodesolutions.com;
      hijackthis.download3000.com; www.cybertechhelp.com;
      www.superdicas.com.br; www.51nb.com; us4.download.comodo.com;
      www.jbtalks.cc; ad13.geekstogo.com; forums.eternion-wow.com;
      downloads.andymanchesta.com; andymanchesta.com; info.prevx.com;
      aknow.prevx.com; www.zonavirus.com; securitywonks.net;
      www.yoreparo.com; www.spywarecease.com; forum.dobreprogramy.pl;
      community.mcafee.com; www.lavasoft.com; www.virscan.org;
      www.eeload.com; down.www.kingsoft.com; www.file.net; onecare.live.com;
      mvps.org; www.laneros.com; www.pc1news.com; forum.avira.com;
      downloads.novirusthanks.org; www.pinoyhackers.com;
      www.housecall.trendmicro.com; www.avast.com; www.free.avg.com;
      www.onlinescan.avast.com; www.ewido.net; www.trucoswindows.net;
      www.mozilla-hispano.org; www.jackbloodforum.com;
      www.kosandpol.elakiri.com; www.futurenow.bitdefender.com;
      www.bitdefender.com; www.f-prot.com; www.trendsecure.com;
      security.symantec.com; oldtimer.geekstogo.com;
      sopiansantosa.blogspot.com; www.fileresearchcenter.com;
      www.looktr.com; www.avira.com; www.eset.com; free.avg.com;
      www.free-av.com; kr.ahnlab.com; www.eset.com; forospyware.com;
      thejokerx.blogspot.com; cairopt.net; oolbar.cyberdefender.com;
      golpe.dyndns.org; forum.aiutamici.com; www.2-spyware.com;
      www.antivir.es; www.prevx.com; www.ikarus.net; bbs.s-sos.net;
      www.housecall.trendmicro.com; www.superdicas.com.br;
      www.superantispyware.com; www.unhackme.com; www.askmehelpdesk.com;
      forum.zebulon.fr; www.forums.majorgeeks.com; www.castlecops.com;
      www.virusspy.com; andymanchesta.com; www.kaspersky.es;
      subs.geekstogo.com; www.forospanish.com; blog.rnsafe.com;
      www.regrun.com; irc.snahosting.net; danielorza.net;
      www.trendmicro.com; www.fortinet.com; www.safer-networking.org;
      www.fortiguardcenter.com; www.dougknox.com; www.vsantivirus.com;
      static.commentcamarche.net; www.gyakorikerdesek.hu; www.fixya.com;
      www.alabamawomen.org; www.firewallguide.com; www.auditmypc.com;
      www.spywaredb.com; www.mxttchina.com; www.ziggamza.net;
      www.forospyware.es; pogonyuto.forospanish.com; spywarefiles.prevx.com;
      k2r.th3kings.net; www.betterantivirus.com; www.antivirus.comodo.com;
      www.spywareterminator.com; www.eradicatespyware.net;
      www.freespywareremoval.info; www.personalfirewall.comodo.com;
      wakoopa.com; forum.drweb.com; bb1.th3kings.net;
      www.commentcamarche.net; www.clamav.net; www.antivirus.about.com;
      www.pandasecurity.com; www.webphand.com; mx.answers.yahoo.com;
      www.securitywonks.net; www.messengeradictos.com; www.geekpolice.net;
      bub.th3kings.net; shield.prevx.com; www.sandboxie.com;
      www.clamwin.com; www.cwsandbox.org; www.ca.com; www.arswp.com;
      es.answers.yahoo.com; www.trucoswindows.es; www.ipaddresser.com;
      www.abgenis.net; www.freefixer.com; forums.afterdawn.com;
      www.networkworld.com; www.cddchiangmai.net; www.threatexpert.com;
      www.norman.com; espanol.answers.yahoo.com; www.tallemu.com;
      foro.portalhacker.net; www.groupwhere.org; sniff.runescapetube.com;
      forum.p30world.com; virscan.org; www.viruschief.com;
      scanner.virus.org; www.hijackthis.de; housecall65.trendmicro.com;
      www.guiadohardware.net; forums.whatthetech.com; mustlovewine.com;
      www3.malekal.com; esetnod32antivirus.blogspot.com;
      hjt.networktechs.com; www.techsupportforum.com; www.whatthetech.com;
      www.soccersuck.com; www.pcentraide.com; comunidad.wilkinsonpc.com.co;
      forum.hocit.com; forum.smadav.net; fgp.e2doo.com;
      community.thaiware.com; forum.piriform.com; www.tweaksforgeeks.com;
      www.daniweb.com; www.geekstogo.com; es.answers.yahoo.com;
      www.techsupportforum.com; dnl-eu8.kaspersky-labs.com; www.oprekpc.com;
      shv4.ath.cx; www.pcworld.com; www.pchell.com; www.spyany.com;
      forums.techguy.org; www.experts-exchange.com; www.wikio.es;
      www.pandasecurity.com; forums.devshed.com;
      devbuilds.kaspersky-labs.com; hana-ahmad.blogspot.com;
      www.linkmania.ro; forum.tweaks.com; www.wilderssecurity.com;
      www.techspot.com; www.thecomputerpitstop.com; es.wasalive.com;
      secunia.com; www.killtrojan.net; www.ulop.net; www.eliters.com;
      sip4.voipkosovasite.com; www.ftw.ro; es.kioskea.net; www.taringa.net;
      www.cyberdefender.com; www.feedage.com; new.taringa.net;
      forum.zazana.com; forum.clubedohardware.com.br; mks.com.pl;
      www.vietcaravan.us; trbotnet.sytes.net; community.norton.com;
      www.computing.net; discussions.virtualdr.com;
      forum.securitycadets.com; www.techimo.com; 13iii.com;
      www.dicasweb.com.br; www.javacoolsoftware.net; cofradia.org;
      wasteland-bg.com; www.windowexe.com; malekal.com;
      www.infosecpodcast.com; www.usbcleaner.cn; www.net-security.org;
      www.bleedingthreats.net; acs.pandasoftware.com; www.funkytoad.com;
      malwarebytes.org; sabithpocker.blogspot.com; comprolive.vox.com;
      www.worton.com; www.360safe.cn; www.360safe.com; bbs.360safe.cn;
      bbs.360safe.com; codehard.wordpress.com; forum.clubedohardware.com.br;
      antitrick.com; www.configurarequipos.com; www.jiwang.org;
      anti-virus-software-review.toptenreviews.com; www.360.cn; www.360.com;
      bbs.360safe.cn; bbs.360safe.com; www.forospyware.es;
      p3dev.taringa.net; www.precisesecurity.com; dlpe.antivir.com;
      www.jvme.com; share.skype.com; comprolive.com; gotoknow.org;
      baike.360.cn; baike.360.com; kaba.360.cn; kaba.360.com;
      deckard.geekstogo.com; www.taringa.net; forums.comodo.com;
      www.mvps.org; melcy.wordpress.com; forum.softpedia.com;
      pcvids.wordpress.com; shop.symantecstore.com; down.360safe.cn;
      down.360safe.com; x.360safe.com; dl.360safe.com; ftp.drweb.com;
      www.hotshare.net; es.wasalive.com; free.antivirus.com;
      forum.hocit.com; destavision-forum.com; inspiresoft.blogspot.com;
      updatem.360safe.com; updatem.360safe.cn; update.360safe.cn;
      update.360safe.com; www.utilidades-utiles.com; forum.kaspersky.com;
      www.indowebster.web.id; zastita.com; www.sz-pet.com;
      foros.abcdatos.com; www.elektroda.pl; bbs.duba.net; www.duba.net;
      zhidao.baidu.com; hi.baidu.com; www.drweb.com.es;
      msncleaner.softonic.com; www.javacoolsoftware.com;
      beniono.wordpress.com; www.4-gsmteam.com; msntubers.freehostia.com;
      store.norton.com; file.ikaka.com; file.ikaka.cn; bbs.ikaka.com;
      zhidao.ikaka.com; www.eset-la.com; download.eset.com;
      software-files.download.com; www.faravirusi.com; www.winbots.es;
      forum.chip.de; www.thailandsusu.com; www.ikaka.com; www.ikaka.cn;
      bbs.cfan.com.cn; www.cfan.com.cn; www.pandasecurity.com;
      es.mcafee.com; downloads.malwarebytes.org; www.devirusare.com;
      forum.skype.com; shitit.net; www.webimmune.net; forum.swzone.it;
      bbs.kafan.cn; bbs.kafan.com; bbs.kpfans.com; bbs.taisha.org;
      www.manuelruvalcaba.com; support.f-secure.com; bbs.winzheng.com;
      devirusare.com; social.microsoft.com; www.shitit.net;
      mx.answers.yahoo.com; alerta-antivirus.inteco.es; foros.zonavirus.com;
      alerta-antivirus.red.es; www.zonavirus.com; www.malwarebytes.org;
      www.commentcamarche.net; news.support.veritas.com; www.zonealarm.com;
      malwarebytes-anti-malware.softonic.com; www.ewido.net;
      www.infospyware.com; www.bitdefender.es; housecall.trendmicro.com;
      foros.toxico-pc.com; www.identi.es; es.kioskea.net; virusinfo.info;
      forums.zonealarm.com; foro.infiernohacker.com; www.emsisoft.de;
      www.securitynewsportal.com; irc.ekizmedia.com; zone.arminboutique.com;
      story.dnsentrymx.com


 Terminarea proceselor Lista cu procesele oprite:
   • MSMPENG.EXE; MSASCUI.EXE; GUARDXKICKOFF.EXE; GUARDXSERVICE.EXE;
      VIRUSUTILITIES.EXE; VBA32-PERSONAL-LATEST-ENGLISH.EXE;
      TrendMicro_TISPro_16.1_1063_x32.EXE; WITSETUP.EXE; AVINSTALL.EXE;
      K7TS_SETUP.EXE; P08PROMO.EXE; ISSDM_EN_32.EXE; VIPRE.EXE;
      UNLOCKER.EXE; UNLOCKERASSISTANT.EXE; UNLOCKER1.8.7.EXE;
      REGUNLOCKER.EXE; COMPAQ_PROPIETARIO.EXE; ATF-CLEANER.EXE;
      SAFEBOOTKEYREPAIR.EXEOTMOVEIT3.EXEHOSTSXPERT.EXEDAFT.EXE; VIRUS.EXE;
      HIJACK-THIS.EXE; MRT.EXE; MRTSTUB.EXE; WINDOWS-KB890930-V2.2.EXE;
      HJ.EXE; ELISTA.EXE; PENCLEAN.EXE; MBAM-SETUP.EXE; MBAM.EXE; AVZ.EXE;
      JAJA.EXE; OTMOVEIT.EXEMBAM-SETUP.EXE; REGMON.EXE; COMBO-FIX.EXE;
      COMBOFIX.BAT; COMBOFIX.SCR; COMBOFIX.COM; NTVDM.EXE; GUARD.EXE;
      LISTO.EXE; TCPVIEW.EXE; REGEDIT.COM; REGEDIT.SCR; FOLDERCURE.EXE;
      KILLAUTOPLUS.EXE; MYPHOTOKILLER.EXE; REG.EXE; TASKKILL.EXE;
      AUTORUNS.EXE; SRENGPS.EXE; COMBOFIX.EXE; SDFIX.EXE; CATCHME.EXE;
      GMER.EXE; MBR.EXE; CF9409.EXE;
      REGUNLOCKER.EXETSNTEVAL.EXEXP_TASKMGRENAB.EXE; SUPERANTISPYWARE.EXE;
      BOOTSAFE.EXE; SRESTORE.EXE; MSNCLEANER.EXE; BUSCAREG.EXE;
      KAKASETUPV6.EXE; SUPERKILLER.EXE; DUBATOOL_AV_KILLER.EXE;
      DELAYDELFILE.EXE; SEEM.EXE; BC5CA6A.EXE; ROOTALYZER.EXE;
      ROOTKITBUSTER.EXE; HELIOS.EXE; DARKSPY105.EXE; HOOKANLZ.EXE;
      PAVARK.EXE; SRENGLDR.EXE; APORTS.EXE; FPORT.EXE; PORTDETECTIVE.EXE;
      PORTMONITOR.EXE; NETSTAT.EXE; OLLYDBG.EXE; HJTINSTALL.EXE;
      HJTSETUP.EXE; HIJACKTHIS_SFX.EXE; HIJACKTHIS.EXE; HIJACKTHIS_V2.EXE;
      MSNFIX.EXE; PROCEXP.EXE; TASKMAN.EXE; TASKLIST.EXE; TASKMON.EXE;
      PSKILL.EXE; ROOTKITREVEALER.EXE; FSBL.EXE; FSB.EXE; AVGARKT.EXE;
      ROOTKIT_DETECTIVE.EXE; UNHACKME.EXE; HACKMON.EXE; RKD.EXE;
      ROOTKITNO.EXE; REANIMATOR.EXE; HOOKANLZ.EXE; ROOTREPEAL.EXE;
      ICESWORD.EXE; LORDPE.EXE; PG2.EXE; PROCDUMP.EXE; PROCESSMONITOR.EXE;
      SPYBOTSD160.EXE; TEATIMER.EXE; SPYBOTSD.EXE; WIRESHARK.EXE; APM.EXE;
      APT.EXE; ASVIEWER.EXE; CPORTS.EXE; CPROCESS.EXE; DLLCOMPARE.EXE;
      A2HIJACKFREESETUP.EXE; EULALYZERSETUP.EXE; FILEALYZ.EXE; FILEFIND.EXE;
      FIXPATH.EXE; HOSTSFILEREADER.EXE; IEFIX.EXE; AVENGER.EXE;
      INSTALLWATCHPRO25.EXE; KILLBOX.EXE; NETALYZ.EXE; OBJMONSETUP.EXE;
      PGSETUP.EXE; FIXBAGLE.EXE; CUREIT.EXE; PROCMON.EXE;
      PROJECTWHOISINSTALLER.EXE; REGALYZ.EXE; REGCOOL.EXE;
      REGISTRAR_LITE.EXE; REGSCANNER.EXE; REGSHOT.EXE; REGX2.EXE; SPF.EXE;
      SRENGLDR.EXE; STARTDRECK.EXE; SYSANALYZER_SETUP.EXE; UNIEXTRACT.EXE;
      UNLOCKER1.8.7.EXE; RAVP.EXE; MBAM.EXE; USBGUARD.EXE; AVZ.EXE; OTL.EXE;
      CPF.EXE; ZLCLIENT.EXE; 123.COM; 123.EXE


 Detaliile fisierului Compresia fisierului:
Pentru a ingreuna detectia si a reduce marimea fisierului, este folosit un program de compresie runtime.

Description inserted by Petre Galan on Monday, June 7, 2010
Description updated by Petre Galan on Monday, June 7, 2010

Back . . . .