Ha bisogno di assistenza? Chieda alla community oppure consulti un esperto.
Vai ad Avira Answers
Nome del virus:Worm/Palevo.vyc.1
Tipo:Worm
In circolazione (ITW):Si
Numero delle infezioni segnalate:Medio-Basso
Potenziale di propagazione:Medio
Potenziale di danni:Medio
File statico:Si
Dimensione del file:229.376 Byte
Somma di controllo MD5:84feca365803e4179493966f87d19b78

 Generale Metodi di propagazione:
   • Funzione di esecuzione automatica
   • Rete locale
   • Messenger


Alias:
   •  Panda: W32/P2Pworm.GF
   •  Eset: Win32/AutoRun.IRCBot.DZ
   •  Bitdefender: Worm.Generic.231495


Piattaforme / Sistemi operativi:
   • Windows 2000
   • Windows XP
   • Windows 2003


Effetti secondari:
   • Scarica un file “maligno”
   • Duplica file “maligni”
   • Abbassa le impostazioni di sicurezza
   • Modifica del registro
   • Accesso e controllo del computer da parte di terzi

 File Si copia alle seguenti posizioni:
   • %SYSDIR%\wmsrvc.exe
   • %unità disco%\winsv.exe



Sovrascrive un file.
%SYSDIR%\drivers\etc\hosts



Cancella la copia di se stesso eseguita inizialmente.



Viene creato il seguente file:

%unità disco%\autorun.inf Questo è un file di testo “non maligno” con il seguente contenuto:
   •




Prova a scaricare un file:

– La posizione è la seguente:
   • http://topic.lma**********.us/




Prova ad eseguire i seguenti file:

– Nome del file:
   • ipconfig /flushdns


– Nome del file:
   • sc delete acssrv


– Nome del file:
   • net stop SAVService


– Nome del file:
   • sc stop SAVService


– Nome del file:
   • sc config SavService start= disabled


– Nome del file:
   • net1 stop SAVService


– Nome del file:
   • sc delete SAVService


– Nome del file:
   • net stop SAVAdminService


– Nome del file:
   • sc stop SAVAdminService


– Nome del file:
   • net1 stop SAVAdminService


– Nome del file:
   • sc config SAVAdminService start= disabled


– Nome del file:
   • sc delete K7TSMngr


– Nome del file:
   • sc delete SAVAdminService


– Nome del file:
   • net stop "Sophos AutoUpdate Service"


– Nome del file:
   • sc stop "Sophos AutoUpdate Service"


– Nome del file:
   • sc config "Sophos AutoUpdate Service" start= disabled


– Nome del file:
   • net1 stop "Sophos AutoUpdate Service"


– Nome del file:
   • sc delete "Sophos AutoUpdate Service"


– Nome del file:
   • net stop "Sophos Client Firewall"


– Nome del file:
   • sc stop "Sophos Client Firewall"


– Nome del file:
   • sc config "Sophos Client Firewall" start= disabled


– Nome del file:
   • net1 stop "Sophos Client Firewall"


– Nome del file:
   • net stop "avast! Antivirus"


– Nome del file:
   • sc delete "Sophos Client Firewall"


– Nome del file:
   • net stop "Sophos Client Firewall Manager"


– Nome del file:
   • sc stop "Sophos Client Firewall Manager"


– Nome del file:
   • sc config "Sophos Client Firewall Manager" start= disabled


– Nome del file:
   • net1 stop "Sophos Client Firewall Manager"


– Nome del file:
   • sc delete "Sophos Client Firewall Manager"


– Nome del file:
   • sc stop "avast! Antivirus"


– Nome del file:
   • net1 stop "avast! Antivirus"


– Nome del file:
   • sc config "avast! Antivirus" start= disabled


– Nome del file:
   • sc delete "avast! Antivirus"


– Nome del file:
   • net stop AntiVirService


– Nome del file:
   • sc stop AntiVirService


– Nome del file:
   • sc config AntiVirService start= disabled


– Nome del file:
   • net1 stop AntiVirService


– Nome del file:
   • net stop K7RTScan


– Nome del file:
   • sc delete AntiVirService


– Nome del file:
   • net stop PASRV


– Nome del file:
   • sc stop PASRV


– Nome del file:
   • net1 stop PASRV


– Nome del file:
   • sc config PASRV start= disabled


– Nome del file:
   • sc delete PASRV


– Nome del file:
   • net stop VSSERV


– Nome del file:
   • sc stop VSSERV


– Nome del file:
   • sc config VSSERV start= disabled


– Nome del file:
   • net1 stop VSSERV


– Nome del file:
   • sc stop K7RTScan


– Nome del file:
   • sc delete VSSERV


– Nome del file:
   • net stop avg8wd


– Nome del file:
   • sc stop avg8wd


– Nome del file:
   • sc config avg8wd start= disabled


– Nome del file:
   • net1 stop avg8wd


– Nome del file:
   • sc delete avg8wd


– Nome del file:
   • net stop avg9wd


– Nome del file:
   • sc stop avg9wd


– Nome del file:
   • sc config avg9wd start= disabled


– Nome del file:
   • net1 stop avg9wd


– Nome del file:
   • sc config K7RTScan start= disabled


– Nome del file:
   • sc delete avg9wd


– Nome del file:
   • net stop NOD32krn


– Nome del file:
   • sc stop NOD32krn


– Nome del file:
   • net1 stop NOD32krn


– Nome del file:
   • sc config NOD32krn start= disabled


– Nome del file:
   • sc delete NOD32krn


– Nome del file:
   • net stop ekrn


– Nome del file:
   • sc stop ekrn


– Nome del file:
   • sc config ekrn start= disabled


– Nome del file:
   • net1 stop ekrn


– Nome del file:
   • sc delete K7RTScan


– Nome del file:
   • net stop McShield


– Nome del file:
   • sc delete ekrn


– Nome del file:
   • net1 stop McShield


– Nome del file:
   • sc stop McShield


– Nome del file:
   • sc config McShield start= disabled


– Nome del file:
   • sc delete McShield


– Nome del file:
   • net stop OutpostFirewall


– Nome del file:
   • sc stop OutpostFirewall


– Nome del file:
   • net1 stop OutpostFirewall


– Nome del file:
   • sc config OutpostFirewall start= disabled


– Nome del file:
   • net1 stop K7RTScan


– Nome del file:
   • sc delete OutpostFirewall


– Nome del file:
   • net stop TmPfw


– Nome del file:
   • sc stop TmPfw


– Nome del file:
   • net1 stop TmPfw


– Nome del file:
   • sc config TmPfw start= disabled


– Nome del file:
   • sc delete TmPfw


– Nome del file:
   • net stop KPF4


– Nome del file:
   • sc stop KPF4


– Nome del file:
   • net1 stop KPF4


– Nome del file:
   • sc config KPF4 start= disabled


– Nome del file:
   • net stop K7TSMngr


– Nome del file:
   • sc delete KPF4


– Nome del file:
   • net stop SmcService


– Nome del file:
   • sc stop SmcService


– Nome del file:
   • sc config SmcService start= disabled


– Nome del file:
   • net1 stop SmcService


– Nome del file:
   • sc delete SmcService


– Nome del file:
   • net stop cmdAgent


– Nome del file:
   • sc stop cmdAgent


– Nome del file:
   • sc config cmdAgent start= disabled


– Nome del file:
   • net1 stop cmdAgent


– Nome del file:
   • sc stop K7TSMngr


– Nome del file:
   • sc delete cmdAgent


– Nome del file:
   • net stop vsmon


– Nome del file:
   • sc stop vsmon


– Nome del file:
   • sc config vsmon start= disabled


– Nome del file:
   • net1 stop vsmon


– Nome del file:
   • sc delete vsmon


– Nome del file:
   • net stop SbPF.Launcher


– Nome del file:
   • sc stop SbPF.Launcher


– Nome del file:
   • sc config SbPF.Launcher start= disabled


– Nome del file:
   • net1 stop SbPF.Launcher


– Nome del file:
   • sc config K7TSMngr start= disabled


– Nome del file:
   • sc delete SbPF.Launcher


– Nome del file:
   • net stop SPF4


– Nome del file:
   • sc stop SPF4


– Nome del file:
   • net1 stop SPF4


– Nome del file:
   • sc config SPF4 start= disabled


– Nome del file:
   • sc delete SPF4


– Nome del file:
   • net stop acssrv


– Nome del file:
   • sc stop acssrv


– Nome del file:
   • net1 stop acssrv


– Nome del file:
   • sc config acssrv start= disabled


– Nome del file:
   • net1 stop K7TSMngr

 Registro Viene aggiunta nel registro la seguente chiave con lo scopo di eseguire il processo dopo il riavvio:

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   • "ctfmon.exe"="ctfmon.exe"



Le seguenti chiavi di registro che includono tutti i valori e le sottochiavi, vengono rimosse:
   • [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal]
   • [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network]



Crea le seguenti righe con lo scopo di bypassare il firewall di Windows XP:

– [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\
   FirewallPolicy\DomainProfile\AuthorizedApplications\List]
   • "%SYSDIR%\wmsrvc.exe"="%SYSDIR%\wmsrvc.exe:*:Enabled:DHCP Router"



Vengono aggiunte le seguenti chiavi di registro:

– [HKLM\SOFTWARE\Microsoft\Security Center]
   • "AntiVirusDisableNotify"=dword:0x00000001
   • "AntiVirusOverride"=dword:0x00000001
   • "FirewallDisableNotify"=dword:0x00000001
   • "FirewallOverride"=dword:0x00000001

– [HKLM\SOFTWARE\Policies\Microsoft\MRT]
   • "DontReportInfectionInformation"=dword:0x00000001

– [HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
   • "DisableConfig"=dword:0x00000001

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\
   Layers]
   • "%SYSDIR%\wmsrvc.exe"="DisableNXShowUI"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\ctfmon.exe]
   • "Debugger"="wmsrvc.exe"



Vengono cambiate le seguenti chiavi di registro:

– [HKLM\SYSTEM\CurrentControlSet\Services\wscsvc]
   Nuovo valore:
   • "Start"=dword:0x00000004

– [HKLM\SECURITY\Policy\Secrets\SAC\OupdTime]
   Nuovo valore:
   • "@"=""

– [HKLM\SECURITY\Policy\Secrets\SAC\CupdTime]
   Nuovo valore:
   • "@"=""

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
   Nuovo valore:
   • "Hidden"=dword:0x00000002

– [HKLM\SECURITY\Policy\Secrets\SAI\CupdTime]
   Nuovo valore:
   • "@"=""

– [HKLM\SECURITY\Policy\Secrets\SAC\OldVal]
   Nuovo valore:
   • "@"=""

– [HKLM\SECURITY\Policy\Secrets\SAI\OupdTime]
   Nuovo valore:
   • "@"=""

– [HKLM\SECURITY\Policy\Secrets\SAI\CurrVal]
   Nuovo valore:
   • "@"=""

– [HKLM\SECURITY\Policy\Secrets\SAC\CurrVal]
   Nuovo valore:
   • "@"=""

– [HKLM\SECURITY\Policy\Secrets\SAI\OldVal]
   Nuovo valore:
   • "@"=""

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
   Folder\SuperHidden]
   Nuovo valore:
   • "CheckedValue"=dword:0x00000001

 Messenger Si diffonde via Messenger. Le caratteristiche sono descritte sotto:

– MSN Messenger
– Yahoo Messenger

L'URL si riferisce così a una copia del malware descritto. Se l'utente scarica ed esegue questo file, il processo virale ricomincia di nuovo.

 “Infezione” della rete Per assicurarsi la propria propagazione, il malware tenta di connettersi ad altre macchine come descritto qui sotto:


Exploit:
Sfrutta le seguenti vulnerabilità:
– MS04-007 (ASN.1 Vulnerability)
– MS06-040 (Vulnerability in Server Service)


Generazione dell'indirizzo IP:
Crea degli indirizzi IP casuali mentre mantiene i primi due ottetti dal proprio indirizzo. In seguito prova a stabilire una connessione con gli indirizzi creati.

 IRC Per inviare informazioni sul sistema e per fornire il controllo remoto, si connette al seguente server IRC:

Server: login.ipwhois.or**********.uk
Porta: 47221
Canale: #NN
Nickname: N|USA|M1|0|XP|%numero%

 Host L'host del file viene modificato come spiegato:

– L'accesso ai seguenti domini è reindirizzato ad altre destinazioni:
   • msnfix.changelog.fr; www.incodesolutions.com; virusinfo.prevx.com;
      download.bleepingcomputer.com; www.dazhizhu.cn; foro.noticias3d.com;
      www.spybotupdates.com; club.myce.com; www.k7computing.com;
      softwaresecuritysolutions.com; www.nabble.com; lurker.clamav.net;
      lexikon.ikarus.at; research.sunbelt-software.com; www.virusdoctor.jp;
      www.elitepvpers.de; guru.avg.com; downloads.sophos.com;
      share.skype.com; myantispyware.com; www.computerhilfen.de;
      www.superuser.co.kr; ntfaq.co.kr; v.dreamwiz.com; cit.kookmin.ac.kr;
      forums.whatthetech.com; forum.hijackthis.de; avg.vo.llnwd.net;
      ftp.drweb.com; www.zonealarm.com; smadaver.com; support.emsisoft.com;
      www.huaifai.go.th; www.mostz.com; www.krupunmai.com;
      www.cddchiangmai.net; forum.malekal.com; tech.pantip.com;
      sapcupgrades.com; www.elguruinformatico.com; forums.avg.com;
      zastita.com; support.kaspersky.com; www.247fixes.com;
      forum.sysinternals.com; forum.telecharger.01net.com; sophos.com;
      foros.softonic.com; avast-home.uptodown.com;
      dr-web-cureit.softonic.com; heavenward.ru; forum.smadav.net;
      www.forum.kaspersky.com; www.f-secure.com; www.chkrootkit.org;
      diamondcs.com.au; www.rootkit.nl; www.sysinternals.com; z-oleg.com;
      espanol.dir.groups.yahoo.com; ftp01net.telechargement.fr;
      modelayu.com; vaksin.com; bbs.kaspersky.com.cn; www.castlecrops.com;
      www.misec.net; safecomputing.umn.edu; www.antirootkit.com;
      www.greatis.com; ar.answers.yahoo.com; www.elhacker.org;
      research.pandasecurity.com; www.tpu.ro; www.pinoyden.com;
      forum.avira.de; www.rootkit.com; www.pctools.com;
      www.pcsupportadvisor.com; www.resplendence.com; www.personal.psu.edu;
      foro.ethek.com; foro.elhacker.net; download.zonealarm.com;
      spywarehammer.com; www.codelain.com; www.thaicert.org; vil.nail.com;
      search.mcafee.com; wwww.mcafee.com; download.nai.com;
      wwww.experts-exchange.com; www.bakunos.com; www.darkclockers.com;
      www2.gmer.net; ariefew.com; www.emsisoft.com; forum.romeonet.ro;
      www.Merijn.org; www.spywareinfo.com; www.spybot.info;
      www.viruslist.com; www.hijackthis.de; ftp.f-secure.com;
      forum.kaspersky.com; es.trendmicro-europe.com; www.hvaonline.net;
      forum.lowyat.net; kb.eset.com; majorgeeks.com; www.avp.com;
      www.virustotal.com; www.sophos.com; linhadefensiva.uol.com.br;
      cmmings.cn; www.sergiwa.com; www.el-hacker.com; dl2.agnitum.com;
      forum.smadav.net; images.malwareremoval.com; www.avg-antivirus.net;
      www.kaspersky-labs.com; www.kaspersky.com; www.bleepingcomputer.com;
      www.free.grisoft.com; alerta-antivirus.inteco.es; greatis.com;
      www.oprekpc.com; www.gmer.net; forum.kasperskyclub.com;
      securityresponse.symantec.com; www.analysis.seclab.tuwien.ac.at;
      www.symantec.com; www.kztechs.com; ad-aware-se.uptodown.com;
      stdio-labs.blogspot.com; forum.lrytas.lt; www.decido.de;
      wap.elakiri.com; liveupdate.symantecliveupdate.com;
      liveupdate.symantec.com; customer.symantec.com; update.symantec.com;
      www.box.net; foro.el-hacker.com; acs.pandasoftware.com;
      egavisa.blogspot.com; angui123.cn; beta.eset.com; www.mcafee.com;
      www.free.avg.com; download.mcafee.com; mast.mcafee.com;
      www.tecno-soft.com; ladooscuro.es; ftp.drweb.com;
      download.microsoft.com; www.mypcsafe.com; www.blindedbytech.com;
      kaspersky.com; guru0.grisoft.cz; guru1.grisoft.cz; guru2.grisoft.cz;
      guru3.grisoft.cz; download.bleepingcomputer.com; it.answers.yahoo.com;
      www.softonic.com; www.mycity.rs; cairopt.net;
      rootrepeal.googlepages.com; guru4.grisoft.cz; guru5.grisoft.cz;
      www.virusspy.com; download.f-secure.com; www.malwareremoval.com;
      forums.cnet.com; foros.softonic.com; www.freedrweb.com; www.kaskus.us;
      rootrepeal.psikotick.com; thaicert.nectec.or.th;
      hjt-data.trend-braintree.com; www.pantip.com; secubox.aldria.com;
      www.forospyware.com; www.manuelruvalcaba.com; www.zonavirus.com;
      www.leforo.com; www.gsmph.com; blokvesti.net; www.viprasys.org;
      forum.antivir-pe.de; www.siteadvisor.com; blog.threatfire.com;
      www.threatexpert.com; blog.hispasec.com; www.configurarequipos.com;
      sosvirus.changelog.fr; www.psicofxp.com; www.gsmph.net;
      www.gyakorikerdesek.hu; us.mcafee.com; mailcenter.rising.com.cn;
      mailcenter.rising.com; www.rising.com.cn; www.rising.com;
      www.babooforum.com.br; www.runscanner.net; www.blogschapines.com;
      www.zyzoom.org; www.avsoft.ru; www.elakiri.com; sosvirus.changelog.fr;
      upload.changelog.fr; www.raymond.cc; changelog.fr; www.pcentraide.com;
      atazita.blogspot.com; www.thinkpad.cn; www.sunbeltsoftware.com;
      cert.inteco.es; www.gamexeon.com; nod32-antivirus.en.softonic.co;
      www.final4ever.com; files.filefont.com; www.infos-du-net.com;
      www.trendsecure.com; forum.hardware.fr; www.utilidades-utiles.com;
      blogs.icerocket.com; www.spywarefri.dk; alfrasha.maktoob.com;
      www.eset.eu; www.spychecker.com; www.geekstogo.com;
      forums.maddoktor2.com; www.smokey-services.eu; www.clubic.com;
      www.linhadefensiva.org; www.rolandovera.com; forum.burek.com;
      secure.sophos.com; usa.kaspersky.com; download.sysinternals.com;
      www.pcguide.com; www.thetechguide.com; www.ozzu.com;
      www.changedetection.com; espanol.groups.yahoo.com;
      www.sunbeltsecurity.com; www.quickheal.co.in; www.vivalared.com;
      community.thaiware.com; www.avpclub.ddns.info;
      www.offensivecomputing.net; www.grisoft.com; boardreader.com;
      www.guiadohardware.net; www.webroot.com; www.thehelper.net;
      www.kaldata.com; vil.nai.com; www.msnvirusremoval.com; www.cisrt.org;
      fixmyim.com; samroeng.hi5.com; foro.elhacker.net; www.daboweb.com;
      service1.symantec.com; us3.download.comodo.com; forum.gsmhosting.com;
      www.computerforum.com; forums.techguy.org; www.incodesolutions.com;
      hijackthis.download3000.com; www.cybertechhelp.com;
      www.superdicas.com.br; www.51nb.com; us4.download.comodo.com;
      www.jbtalks.cc; ad13.geekstogo.com; downloads.andymanchesta.com;
      andymanchesta.com; info.prevx.com; aknow.prevx.com; www.zonavirus.com;
      securitywonks.net; www.yoreparo.com; www.spywarecease.com;
      forum.dobreprogramy.pl; community.mcafee.com; www.lavasoft.com;
      www.virscan.org; www.eeload.com; down.www.kingsoft.com; www.file.net;
      onecare.live.com; mvps.org; www.laneros.com; www.pc1news.com;
      forum.avira.com; downloads.novirusthanks.org;
      www.housecall.trendmicro.com; www.avast.com; www.free.avg.com;
      www.onlinescan.avast.com; www.ewido.net; www.trucoswindows.net;
      www.mozilla-hispano.org; www.jackbloodforum.com;
      www.kosandpol.elakiri.com; www.futurenow.bitdefender.com;
      www.bitdefender.com; www.f-prot.com; www.trendsecure.com;
      security.symantec.com; oldtimer.geekstogo.com;
      sopiansantosa.blogspot.com; www.fileresearchcenter.com;
      www.looktr.com; www.avira.com; www.eset.com; www.free.avg.com;
      www.free-av.com; kr.ahnlab.com; www.eset.com; forospyware.com;
      thejokerx.blogspot.com; cairopt.net; oolbar.cyberdefender.com;
      golpe.dyndns.org; www.2-spyware.com; www.antivir.es; www.prevx.com;
      www.ikarus.net; bbs.s-sos.net; www.housecall.trendmicro.com;
      www.superdicas.com.br; www.superantispyware.com; www.unhackme.com;
      www.askmehelpdesk.com; www.forums.majorgeeks.com; www.castlecops.com;
      www.virusspy.com; andymanchesta.com; www.kaspersky.es;
      subs.geekstogo.com; www.forospanish.com; blog.rnsafe.com;
      www.regrun.com; irc.snahosting.net; www.trendmicro.com;
      www.fortinet.com; www.safer-networking.org; www.fortiguardcenter.com;
      www.dougknox.com; www.vsantivirus.com; static.commentcamarche.net;
      www.gyakorikerdesek.hu; www.fixya.com; www.firewallguide.com;
      www.auditmypc.com; www.spywaredb.com; www.mxttchina.com;
      www.ziggamza.net; www.forospyware.es; pogonyuto.forospanish.com;
      spywarefiles.prevx.com; k2r.th3kings.net; www.betterantivirus.com;
      www.antivirus.comodo.com; www.spywareterminator.com;
      www.eradicatespyware.net; www.freespywareremoval.info;
      www.personalfirewall.comodo.com; wakoopa.com; forum.drweb.com;
      bb1.th3kings.net; www.commentcamarche.net; www.clamav.net;
      www.antivirus.about.com; www.pandasecurity.com; www.webphand.com;
      mx.answers.yahoo.com; www.securitywonks.net; www.messengeradictos.com;
      www.geekpolice.net; bub.th3kings.net; www.sandboxie.com;
      www.clamwin.com; www.cwsandbox.org; www.ca.com; www.arswp.com;
      es.answers.yahoo.com; www.trucoswindows.es; www.ipaddresser.com;
      www.abgenis.net; www.freefixer.com; forums.afterdawn.com;
      www.networkworld.com; www.cddchiangmai.net; www.threatexpert.com;
      www.norman.com; espanol.answers.yahoo.com; www.tallemu.com;
      foro.portalhacker.net; www.groupwhere.org; sniff.runescapetube.com;
      virscan.org; www.viruschief.com; scanner.virus.org; www.hijackthis.de;
      housecall65.trendmicro.com; www.guiadohardware.net;
      forums.whatthetech.com; mustlovewine.com; www3.malekal.com;
      esetnod32antivirus.blogspot.com; hjt.networktechs.com;
      www.techsupportforum.com; www.whatthetech.com; www.soccersuck.com;
      www.pcentraide.com; comunidad.wilkinsonpc.com.co; forum.hocit.com;
      forum.smadav.net; fgp.e2doo.com; community.thaiware.com;
      forum.piriform.com; www.tweaksforgeeks.com; www.daniweb.com;
      www.geekstogo.com; es.answers.yahoo.com; www.techsupportforum.com;
      dnl-eu8.kaspersky-labs.com; www.oprekpc.com; shv4.ath.cx;
      www.pcworld.com; www.pchell.com; www.spyany.com; forums.techguy.org;
      www.experts-exchange.com; www.wikio.es; www.pandasecurity.com;
      forums.devshed.com; devbuilds.kaspersky-labs.com;
      hana-ahmad.blogspot.com; forum.tweaks.com; www.wilderssecurity.com;
      www.techspot.com; www.thecomputerpitstop.com; es.wasalive.com;
      secunia.com; www.killtrojan.net; www.ulop.net; www.eliters.com;
      sip4.voipkosovasite.com; es.kioskea.net; www.taringa.net;
      www.cyberdefender.com; www.feedage.com; new.taringa.net;
      forum.zazana.com; forum.clubedohardware.com.br; mks.com.pl;
      www.vietcaravan.us; trbotnet.sytes.net; www.computing.net;
      discussions.virtualdr.com; forum.securitycadets.com; www.techimo.com;
      13iii.com; www.dicasweb.com.br; www.javacoolsoftware.net;
      cofradia.org; wasteland-bg.com; www.windowexe.com;
      www.infosecpodcast.com; www.usbcleaner.cn; www.net-security.org;
      www.bleedingthreats.net; acs.pandasoftware.com; www.funkytoad.com;
      malwarebytes.org; sabithpocker.blogspot.com; comprolive.vox.com;
      www.360safe.cn; www.360safe.com; bbs.360safe.cn; bbs.360safe.com;
      codehard.wordpress.com; forum.clubedohardware.com.br; antitrick.com;
      www.configurarequipos.com; www.jiwang.org;
      anti-virus-software-review.toptenreviews.com; www.360.cn; www.360.com;
      bbs.360safe.cn; bbs.360safe.com; www.forospyware.es;
      p3dev.taringa.net; www.precisesecurity.com; dlpe.antivir.com;
      www.jvme.com; share.skype.com; comprolive.com; gotoknow.org;
      baike.360.cn; baike.360.com; kaba.360.cn; kaba.360.com;
      deckard.geekstogo.com; www.taringa.net; forums.comodo.com;
      www.mvps.org; melcy.wordpress.com; forum.softpedia.com;
      pcvids.wordpress.com; down.360safe.cn; down.360safe.com;
      x.360safe.com; dl.360safe.com; ftp.drweb.com; www.hotshare.net;
      es.wasalive.com; free.antivirus.com; forum.hocit.com;
      destavision-forum.com; inspiresoft.blogspot.com; updatem.360safe.com;
      updatem.360safe.cn; update.360safe.cn; update.360safe.com;
      www.utilidades-utiles.com; forum.kaspersky.com;
      www.indowebster.web.id; zastita.com; www.sz-pet.com;
      foros.abcdatos.com; bbs.duba.net; www.duba.net; zhidao.baidu.com;
      hi.baidu.com; www.drweb.com.es; msncleaner.softonic.com;
      www.javacoolsoftware.com; beniono.wordpress.com; www.4-gsmteam.com;
      msntubers.freehostia.com; file.ikaka.com; file.ikaka.cn;
      bbs.ikaka.com; zhidao.ikaka.com; www.eset-la.com; download.eset.com;
      software-files.download.com; www.faravirusi.com; www.winbots.es;
      forum.chip.de; www.thailandsusu.com; www.ikaka.com; www.ikaka.cn;
      bbs.cfan.com.cn; www.cfan.com.cn; www.pandasecurity.com;
      es.mcafee.com; downloads.malwarebytes.org; www.devirusare.com;
      forum.skype.com; shitit.net; www.webimmune.net; bbs.kafan.cn;
      bbs.kafan.com; bbs.kpfans.com; bbs.taisha.org;
      www.manuelruvalcaba.com; support.f-secure.com; bbs.winzheng.com;
      devirusare.com; social.microsoft.com; www.shitit.net;
      mx.answers.yahoo.com; alerta-antivirus.inteco.es; foros.zonavirus.com;
      alerta-antivirus.red.es; www.zonavirus.com; www.malwarebytes.org;
      www.commentcamarche.net; news.support.veritas.com; www.zonealarm.com;
      www.ewido.net; www.infospyware.com; www.bitdefender.es;
      housecall.trendmicro.com; foros.toxico-pc.com; www.identi.es;
      es.kioskea.net; virusinfo.info; forums.zonealarm.com;
      foro.infiernohacker.com; www.emsisoft.de; www.securitynewsportal.com;
      irc.ekizmedia.com; zone.arminboutique.com; story.dnsentrymx.com


 Processi terminati Lista dei processi che vengono terminati:
   • MSMPENG.EXE; MSASCUI.EXE; GUARDXKICKOFF.EXE; GUARDXSERVICE.EXE;
      VIRUSUTILITIES.EXE; VBA32-PERSONAL-LATEST-ENGLISH.EXE;
      TrendMicro_TISPro_16.1_1063_x32.EXE; WITSETUP.EXE; AVINSTALL.EXE;
      K7TS_SETUP.EXE; P08PROMO.EXE; ISSDM_EN_32.EXE; VIPRE.EXE;
      UNLOCKER.EXE; UNLOCKERASSISTANT.EXE; UNLOCKER1.8.7.EXE;
      REGUNLOCKER.EXE; COMPAQ_PROPIETARIO.EXE; ATF-CLEANER.EXE;
      SAFEBOOTKEYREPAIR.EXEOTMOVEIT3.EXEHOSTSXPERT.EXEDAFT.EXE; VIRUS.EXE;
      HIJACK-THIS.EXE; MRT.EXE; MRTSTUB.EXE; WINDOWS-KB890930-V2.2.EXE;
      HJ.EXE; ELISTA.EXE; PENCLEAN.EXE; MBAM-SETUP.EXE; MBAM.EXE; AVZ.EXE;
      JAJA.EXE; OTMOVEIT.EXEMBAM-SETUP.EXE; REGMON.EXE; COMBO-FIX.EXE;
      COMBOFIX.BAT; COMBOFIX.SCR; COMBOFIX.COM; CMD.EXE; COMMAND.COM;
      NTVDM.EXE; GUARD.EXE; LISTO.EXE; TCPVIEW.EXE; REGEDIT.COM;
      REGEDIT.SCR; FOLDERCURE.EXE; KILLAUTOPLUS.EXE; MYPHOTOKILLER.EXE;
      REG.EXE; TASKKILL.EXE; AUTORUNS.EXE; SRENGPS.EXE; COMBOFIX.EXE;
      SDFIX.EXE; CATCHME.EXE; GMER.EXE; MBR.EXE; CF9409.EXE;
      REGUNLOCKER.EXETSNTEVAL.EXEXP_TASKMGRENAB.EXE; SUPERANTISPYWARE.EXE;
      BOOTSAFE.EXE; SRESTORE.EXE; MSNCLEANER.EXE; BUSCAREG.EXE;
      KAKASETUPV6.EXE; SUPERKILLER.EXE; DUBATOOL_AV_KILLER.EXE;
      DELAYDELFILE.EXE; SEEM.EXE; BC5CA6A.EXE; ROOTALYZER.EXE;
      ROOTKITBUSTER.EXE; HELIOS.EXE; DARKSPY105.EXE; HOOKANLZ.EXE;
      PAVARK.EXE; SRENGLDR.EXE; APORTS.EXE; FPORT.EXE; PORTDETECTIVE.EXE;
      PORTMONITOR.EXE; NETSTAT.EXE; OLLYDBG.EXE; HJTINSTALL.EXE;
      HJTSETUP.EXE; HIJACKTHIS_SFX.EXE; HIJACKTHIS.EXE; HIJACKTHIS_V2.EXE;
      MSNFIX.EXE; PROCEXP.EXE; TASKMAN.EXE; TASKLIST.EXE; TASKMON.EXE;
      PSKILL.EXE; ROOTKITREVEALER.EXE; FSBL.EXE; FSB.EXE; AVGARKT.EXE;
      ROOTKIT_DETECTIVE.EXE; UNHACKME.EXE; HACKMON.EXE; RKD.EXE;
      ROOTKITNO.EXE; REANIMATOR.EXE; HOOKANLZ.EXE; ROOTREPEAL.EXE;
      ICESWORD.EXE; LORDPE.EXE; PG2.EXE; PROCDUMP.EXE; PROCESSMONITOR.EXE;
      SPYBOTSD160.EXE; TEATIMER.EXE; SPYBOTSD.EXE; WIRESHARK.EXE; APM.EXE;
      APT.EXE; ASVIEWER.EXE; CPORTS.EXE; CPROCESS.EXE; DLLCOMPARE.EXE;
      A2HIJACKFREESETUP.EXE; EULALYZERSETUP.EXE; FILEALYZ.EXE; FILEFIND.EXE;
      FIXPATH.EXE; HOSTSFILEREADER.EXE; IEFIX.EXE; AVENGER.EXE;
      INSTALLWATCHPRO25.EXE; KILLBOX.EXE; NETALYZ.EXE; OBJMONSETUP.EXE;
      PGSETUP.EXE; FIXBAGLE.EXE; CUREIT.EXE; PROCMON.EXE;
      PROJECTWHOISINSTALLER.EXE; REGALYZ.EXE; REGCOOL.EXE;
      REGISTRAR_LITE.EXE; REGSCANNER.EXE; REGSHOT.EXE; REGX2.EXE; SPF.EXE;
      SRENGLDR.EXE; STARTDRECK.EXE; SYSANALYZER_SETUP.EXE; UNIEXTRACT.EXE;
      UNLOCKER1.8.7.EXE; RAVP.EXE; MBAM.EXE; USBGUARD.EXE; AVZ.EXE; OTL.EXE;
      CPF.EXE; ZLCLIENT.EXE; 123.COM; 123.EXE


 Dettagli del file Software di compressione:
Per complicarne l'individuazione e ridurre la dimensione del file, viene compresso con un software di compressione.

Descrizione inserita da Petre Galan su martedì 8 giugno 2010
Descrizione aggiornata da Petre Galan su martedì 8 giugno 2010

Indietro . . . .
https:// Questa finestra è criptata per tua sicurezza.