Ha bisogno di assistenza? Chieda alla community oppure consulti un esperto.
Vai ad Avira Answers
Nome del virus:Worm/IrcBot.232448.1
Scoperto:10/04/2007
Tipo:Worm
In circolazione (ITW):Si
Numero delle infezioni segnalate:Medio-Basso
Potenziale di propagazione:Medio
Potenziale di danni:Medio
File statico:Si
Dimensione del file:232.448 Byte
Somma di controllo MD5:c4e2c173d7b2a5ab5729fdeb6aadeedd
Versione IVDF:6.38.00.198 - martedì 10 aprile 2007

 Generale Metodi di propagazione:
    Funzione di esecuzione automatica
   • Rete locale
    Messenger


Alias:
   •  Panda: W32/IRCBot.CXD
   •  Eset: Win32/AutoRun.IRCBot.DZ
   •  Bitdefender: Trojan.Generic.3862064


Piattaforme / Sistemi operativi:
   • Windows 2000
   • Windows XP
   • Windows 2003


Effetti secondari:
   • Scarica file maligni
   • Duplica file maligni
   • Abbassa le impostazioni di sicurezza
   • Modifica del registro
   • Accesso e controllo del computer da parte di terzi

 File Si copia alle seguenti posizioni:
   • %SYSDIR%\wmicvrts.exe
   • %unit disco%\fix.scr



Sovrascrive un file.
%SYSDIR%\drivers\etc\hosts



Cancella la copia di se stesso eseguita inizialmente.



Viene creato il seguente file:

%unit disco%\autorun.inf Questo un file di testo non maligno con il seguente contenuto:
   •




Prova a scaricare dei file:

La posizione la seguente:
   • http://all.messenger-update.su/**********


La posizione la seguente:
   • http://bsu.messenger-update.su/**********


La posizione la seguente:
   • http://rix.messenger-update.su/**********




Prova ad eseguire i seguenti file:

Nome dei file:
   • !ITW
   • 579.exe


Nome del file:
   • sc config acssrv start= disabled


Nome del file:
   • net1 stop acssrv


Nome del file:
   • sc delete acssrv


Nome del file:
   • net stop SAVService


Nome del file:
   • sc stop SAVService


Nome del file:
   • net1 stop SAVService


Nome del file:
   • sc config SavService start= disabled


Nome del file:
   • sc delete SAVService


Nome del file:
   • net stop SAVAdminService


Nome del file:
   • sc stop SAVAdminService


Nome del file:
   • sc config K7TSMngr start= disabled


Nome del file:
   • sc config SAVAdminService start= disabled


Nome del file:
   • net1 stop SAVAdminService


Nome del file:
   • sc delete SAVAdminService


Nome del file:
   • net stop "Sophos AutoUpdate Service"


Nome del file:
   • sc stop "Sophos AutoUpdate Service"


Nome del file:
   • sc config "Sophos AutoUpdate Service" start= disabled


Nome del file:
   • net1 stop "Sophos AutoUpdate Service"


Nome del file:
   • sc delete "Sophos AutoUpdate Service"


Nome del file:
   • net stop "Sophos Client Firewall"


Nome del file:
   • sc stop "Sophos Client Firewall"


Nome del file:
   • net1 stop K7TSMngr


Nome del file:
   • net1 stop "Sophos Client Firewall"


Nome del file:
   • sc config "Sophos Client Firewall" start= disabled


Nome del file:
   • sc delete "Sophos Client Firewall"


Nome del file:
   • sc delete K7TSMngr


Nome del file:
   • net stop "avast! Antivirus"


Nome del file:
   • sc stop "avast! Antivirus"


Nome del file:
   • sc config "avast! Antivirus" start= disabled


Nome del file:
   • net1 stop "avast! Antivirus"


Nome del file:
   • sc delete "avast! Antivirus"


Nome del file:
   • net stop AntiVirService


Nome del file:
   • sc stop AntiVirService


Nome dei file:
   • "%SYSDIR%\wmicvrts.exe" %directory di esecuzione del malware%\!ITW
   • 579.exe


Nome del file:
   • net1 stop AntiVirService


Nome del file:
   • sc config AntiVirService start= disabled


Nome del file:
   • sc delete AntiVirService


Nome del file:
   • net stop PASRV


Nome del file:
   • sc stop PASRV


Nome del file:
   • sc config PASRV start= disabled


Nome del file:
   • net1 stop PASRV


Nome del file:
   • sc delete PASRV


Nome del file:
   • net stop VSSERV


Nome del file:
   • sc stop VSSERV


Nome del file:
   • ipconfig /flushdns


Nome del file:
   • sc config VSSERV start= disabled


Nome del file:
   • net1 stop VSSERV


Nome del file:
   • sc delete VSSERV


Nome del file:
   • net stop avg8wd


Nome del file:
   • sc stop avg8wd


Nome del file:
   • net1 stop avg8wd


Nome del file:
   • sc config avg8wd start= disabled


Nome del file:
   • sc delete avg8wd


Nome del file:
   • net stop avg9wd


Nome del file:
   • sc stop avg9wd


Nome del file:
   • sc stop K7RTScan


Nome del file:
   • sc config avg9wd start= disabled


Nome del file:
   • net1 stop avg9wd


Nome del file:
   • sc delete avg9wd


Nome del file:
   • net stop NOD32krn


Nome del file:
   • sc stop NOD32krn


Nome del file:
   • net1 stop NOD32krn


Nome del file:
   • sc config NOD32krn start= disabled


Nome del file:
   • sc delete NOD32krn


Nome del file:
   • net stop ekrn


Nome del file:
   • sc stop ekrn


Nome del file:
   • net stop K7RTScan


Nome del file:
   • net1 stop ekrn


Nome del file:
   • sc config ekrn start= disabled


Nome del file:
   • sc delete ekrn


Nome del file:
   • net stop McShield


Nome del file:
   • sc stop McShield


Nome del file:
   • sc config McShield start= disabled


Nome del file:
   • net1 stop McShield


Nome del file:
   • sc delete McShield


Nome del file:
   • net stop OutpostFirewall


Nome del file:
   • sc stop OutpostFirewall


Nome del file:
   • sc config K7RTScan start= disabled


Nome del file:
   • sc config OutpostFirewall start= disabled


Nome del file:
   • net1 stop OutpostFirewall


Nome del file:
   • sc delete OutpostFirewall


Nome del file:
   • net stop TmPfw


Nome del file:
   • sc stop TmPfw


Nome del file:
   • net1 stop TmPfw


Nome del file:
   • sc config TmPfw start= disabled


Nome del file:
   • sc delete TmPfw


Nome del file:
   • net stop KPF4


Nome del file:
   • sc stop KPF4


Nome del file:
   • sc delete K7RTScan


Nome del file:
   • net1 stop KPF4


Nome del file:
   • sc config KPF4 start= disabled


Nome del file:
   • sc delete KPF4


Nome del file:
   • net stop SmcService


Nome del file:
   • sc stop SmcService


Nome del file:
   • net1 stop SmcService


Nome del file:
   • sc config SmcService start= disabled


Nome del file:
   • sc delete SmcService


Nome del file:
   • net stop cmdAgent


Nome del file:
   • sc stop cmdAgent


Nome del file:
   • net1 stop K7RTScan


Nome del file:
   • net1 stop cmdAgent


Nome del file:
   • sc config cmdAgent start= disabled


Nome del file:
   • sc delete cmdAgent


Nome del file:
   • net stop vsmon


Nome del file:
   • sc stop vsmon


Nome del file:
   • sc config vsmon start= disabled


Nome del file:
   • net1 stop vsmon


Nome del file:
   • sc delete vsmon


Nome del file:
   • net stop SbPF.Launcher


Nome del file:
   • sc stop SbPF.Launcher


Nome del file:
   • net stop K7TSMngr


Nome del file:
   • net1 stop SbPF.Launcher


Nome del file:
   • sc config SbPF.Launcher start= disabled


Nome del file:
   • sc delete SbPF.Launcher


Nome del file:
   • net stop SPF4


Nome del file:
   • sc stop SPF4


Nome del file:
   • sc config SPF4 start= disabled


Nome del file:
   • net1 stop SPF4


Nome del file:
   • sc delete SPF4


Nome del file:
   • net stop acssrv


Nome del file:
   • sc stop acssrv


Nome del file:
   • sc stop K7TSMngr

 Registro Viene aggiunta nel registro la seguente chiave con lo scopo di eseguire il processo dopo il riavvio:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   • "ctfmon.exe"="ctfmon.exe"



Le seguenti chiavi di registro che includono tutti i valori e le sottochiavi, vengono rimosse:
   • [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal]
   • [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network]



Crea le seguenti righe con lo scopo di bypassare il firewall di Windows XP:

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\
   FirewallPolicy\DomainProfile\AuthorizedApplications\List]
   • "%SYSDIR%\wmicvrts.exe"="%SYSDIR%\wmicvrts.exe:*:Enabled:DHCP Router"



Vengono aggiunte le seguenti chiavi di registro:

[HKLM\SOFTWARE\Microsoft\Security Center]
   • "AntiVirusDisableNotify"=dword:0x00000001
   • "AntiVirusOverride"=dword:0x00000001
   • "FirewallDisableNotify"=dword:0x00000001
   • "FirewallOverride"=dword:0x00000001

[HKLM\SOFTWARE\Policies\Microsoft\MRT]
   • "DontReportInfectionInformation"=dword:0x00000001

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\ctfmon.exe]
   • "Debugger"="wmicvrts.exe"

[HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
   • "DisableConfig"=dword:0x00000001

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\
   Layers]
   • "%SYSDIR%\wmicvrts.exe"="DisableNXShowUI"



Vengono cambiate le seguenti chiavi di registro:

[HKLM\SYSTEM\CurrentControlSet\Services\wscsvc]
   Nuovo valore:
   • "Start"=dword:0x00000004

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
   Folder\SuperHidden]
   Nuovo valore:
   • "CheckedValue"=dword:0x00000001

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
   Nuovo valore:
   • "Hidden"=dword:0x00000002

 Messenger Si diffonde via Messenger. Le caratteristiche sono descritte sotto:

 MSN Messenger
 Yahoo Messenger

L'URL si riferisce cos a una copia del malware descritto. Se l'utente scarica ed esegue questo file, il processo virale ricomincia di nuovo.

 Infezione della rete Per assicurarsi la propria propagazione, il malware tenta di connettersi ad altre macchine come descritto qui sotto:


Exploit:
Sfrutta le seguenti vulnerabilit:
– MS04-007 (ASN.1 Vulnerability)
 MS06-040 (Vulnerability in Server Service)


Generazione dell'indirizzo IP:
Crea degli indirizzi IP casuali mentre mantiene i primi due ottetti dal proprio indirizzo. In seguito prova a stabilire una connessione con gli indirizzi creati.

 IRC Per inviare informazioni sul sistema e per fornire il controllo remoto, si connette al seguente server IRC:

Server: srv3.cor**********.info
Porta: 6501
Canale: #RDL#
Nickname: USA|S1|0|XP|%numero%

 Host L'host del file viene modificato come spiegato:

L'accesso ai seguenti domini reindirizzato ad altre destinazioni:
   • msnfix.changelog.fr; www.incodesolutions.com; virusinfo.prevx.com;
      download.bleepingcomputer.com; www.dazhizhu.cn; foro.noticias3d.com;
      www.spybotupdates.com; club.myce.com; www.k7computing.com;
      softwaresecuritysolutions.com; www.nabble.com; lurker.clamav.net;
      lexikon.ikarus.at; research.sunbelt-software.com; www.virusdoctor.jp;
      www.elitepvpers.de; guru.avg.com; downloads.sophos.com;
      share.skype.com; myantispyware.com; www.computerhilfen.de;
      www.superuser.co.kr; ntfaq.co.kr; v.dreamwiz.com; cit.kookmin.ac.kr;
      forums.whatthetech.com; forum.hijackthis.de; avg.vo.llnwd.net;
      ftp.drweb.com; www.zonealarm.com; smadaver.com; support.emsisoft.com;
      psychoski.blogspot.com; www.huaifai.go.th; www.mostz.com;
      www.krupunmai.com; www.cddchiangmai.net; forum.malekal.com;
      tech.pantip.com; sapcupgrades.com; www.elguruinformatico.com;
      forums.avg.com; zastita.com; support.kaspersky.com;
      foro.msgpluslive.es; www.247fixes.com; forum.sysinternals.com;
      forum.telecharger.01net.com; sophos.com; foros.softonic.com;
      avast-home.uptodown.com; dr-web-cureit.softonic.com; heavenward.ru;
      forum.smadav.net; www.forum.kaspersky.com; www.dl4all.com;
      www.f-secure.com; www.chkrootkit.org; diamondcs.com.au;
      www.rootkit.nl; www.sysinternals.com; z-oleg.com;
      espanol.dir.groups.yahoo.com; ftp01net.telechargement.fr;
      modelayu.com; vaksin.com; bbs.kaspersky.com.cn; sf.tapuz.co.il;
      www.castlecrops.com; www.misec.net; safecomputing.umn.edu;
      www.antirootkit.com; www.greatis.com; ar.answers.yahoo.com;
      www.elhacker.org; research.pandasecurity.com; www.tpu.ro;
      www.pinoyden.com; forum.avira.de; www.tanya-it.com; www.rootkit.com;
      www.pctools.com; www.pcsupportadvisor.com; www.resplendence.com;
      www.personal.psu.edu; foro.ethek.com; foro.elhacker.net;
      download.zonealarm.com; spywarehammer.com; www.codelain.com;
      www.thaicert.org; vil.nail.com; search.mcafee.com; wwww.mcafee.com;
      download.nai.com; wwww.experts-exchange.com; www.bakunos.com;
      www.darkclockers.com; www2.gmer.net; ariefew.com; www.emsisoft.com;
      forum.romeonet.ro; www.arenajunkies.com; www.Merijn.org;
      www.spywareinfo.com; www.spybot.info; www.viruslist.com;
      www.hijackthis.de; ftp.f-secure.com; forum.kaspersky.com;
      es.trendmicro-europe.com; www.hvaonline.net; forum.lowyat.net;
      kb.eset.com; www.pcwelt.de; majorgeeks.com; www.avp.com;
      www.virustotal.com; www.sophos.com; linhadefensiva.uol.com.br;
      cmmings.cn; www.sergiwa.com; www.el-hacker.com; dl2.agnitum.com;
      forum.smadav.net; images.malwareremoval.com; front.prevx.com;
      www.avg-antivirus.net; www.kaspersky-labs.com; www.kaspersky.com;
      www.bleepingcomputer.com; www.free.grisoft.com;
      alerta-antivirus.inteco.es; greatis.com; www.oprekpc.com;
      www.gmer.net; forum.kasperskyclub.com; computadoras.migold.com;
      securityresponse.symantec.com; www.analysis.seclab.tuwien.ac.at;
      www.symantec.com; www.kztechs.com; ad-aware-se.uptodown.com;
      stdio-labs.blogspot.com; forum.lrytas.lt; www.decido.de;
      wap.elakiri.com; ot-indo.blogspot.com;
      liveupdate.symantecliveupdate.com; liveupdate.symantec.com;
      customer.symantec.com; update.symantec.com; www.box.net;
      foro.el-hacker.com; acs.pandasoftware.com; egavisa.blogspot.com;
      angui123.cn; beta.eset.com; www.ixtorrent.com; www.mcafee.com;
      download.mcafee.com; mast.mcafee.com; www.tecno-soft.com;
      ladooscuro.es; ftp.drweb.com; download.microsoft.com;
      www.mypcsafe.com; www.blindedbytech.com; kaspersky.com;
      sis-admin.blogspot.com; www.protecus.de; guru0.grisoft.cz;
      guru1.grisoft.cz; guru2.grisoft.cz; guru3.grisoft.cz;
      download.bleepingcomputer.com; it.answers.yahoo.com; www.softonic.com;
      www.mycity.rs; cairopt.net; rootrepeal.googlepages.com;
      www.windowexe.com; guru4.grisoft.cz; guru5.grisoft.cz;
      www.virusspy.com; download.f-secure.com; www.malwareremoval.com;
      forums.cnet.com; foros.softonic.com; www.freedrweb.com; www.kaskus.us;
      rootrepeal.psikotick.com; thaicert.nectec.or.th;
      hjt-data.trend-braintree.com; www.pantip.com; secubox.aldria.com;
      www.forospyware.com; www.manuelruvalcaba.com; www.zonavirus.com;
      www.leforo.com; www.gsmph.com; blokvesti.net; www.viprasys.org;
      forum.antivir-pe.de; www.siteadvisor.com; blog.threatfire.com;
      www.threatexpert.com; blog.hispasec.com; www.configurarequipos.com;
      sosvirus.changelog.fr; www.psicofxp.com; www.gsmph.net;
      www.gyakorikerdesek.hu; us.mcafee.com; www.malekal.com;
      mailcenter.rising.com.cn; mailcenter.rising.com; www.rising.com.cn;
      www.rising.com; www.babooforum.com.br; www.runscanner.net;
      www.blogschapines.com; www.zyzoom.org; www.avsoft.ru; www.elakiri.com;
      forum.telecharger.01net.com; sosvirus.changelog.fr;
      upload.changelog.fr; www.raymond.cc; changelog.fr; www.pcentraide.com;
      atazita.blogspot.com; www.thinkpad.cn; www.sunbeltsoftware.com;
      cert.inteco.es; www.gamexeon.com; nod32-antivirus.en.softonic.co;
      www.final4ever.com; files.filefont.com; www.infos-du-net.com;
      www.trendsecure.com; forum.hardware.fr; www.utilidades-utiles.com;
      blogs.icerocket.com; www.spywarefri.dk; alfrasha.maktoob.com;
      www.eset.eu; quickscan.bitdefender.com; www.spychecker.com;
      www.geekstogo.com; forums.maddoktor2.com; www.smokey-services.eu;
      www.clubic.com; www.linhadefensiva.org; www.rolandovera.com;
      forum.burek.com; secure.sophos.com; usa.kaspersky.com;
      board.softpedia.com; download.sysinternals.com; www.pcguide.com;
      www.thetechguide.com; www.ozzu.com; www.changedetection.com;
      espanol.groups.yahoo.com; www.sunbeltsecurity.com;
      www.quickheal.co.in; www.vivalared.com; thailand.itmylike.com;
      community.thaiware.com; www.avpclub.ddns.info;
      www.offensivecomputing.net; www.grisoft.com; boardreader.com;
      www.guiadohardware.net; www.webroot.com; www.thehelper.net;
      www.kaldata.com; vil.nai.com; www.malwarecrypt.com;
      www.msnvirusremoval.com; www.cisrt.org; fixmyim.com; samroeng.hi5.com;
      foro.elhacker.net; www.daboweb.com; service1.symantec.com;
      us3.download.comodo.com; forum.gsmhosting.com; www.computerforum.com;
      forum.avast.com; forums.techguy.org; www.incodesolutions.com;
      hijackthis.download3000.com; www.cybertechhelp.com;
      www.superdicas.com.br; www.51nb.com; us4.download.comodo.com;
      www.jbtalks.cc; ad13.geekstogo.com; forums.eternion-wow.com;
      downloads.andymanchesta.com; andymanchesta.com; info.prevx.com;
      aknow.prevx.com; www.zonavirus.com; securitywonks.net;
      www.yoreparo.com; www.spywarecease.com; forum.dobreprogramy.pl;
      community.mcafee.com; board.protecus.de; www.lavasoft.com;
      www.virscan.org; www.eeload.com; down.www.kingsoft.com; www.file.net;
      onecare.live.com; mvps.org; www.laneros.com; www.pc1news.com;
      forum.avira.com; downloads.novirusthanks.org; www.pinoyhackers.com;
      www.housecall.trendmicro.com; www.avast.com; www.free.avg.com;
      www.onlinescan.avast.com; www.ewido.net; www.trucoswindows.net;
      www.mozilla-hispano.org; www.jackbloodforum.com;
      www.kosandpol.elakiri.com; www.thaivisa.com;
      www.futurenow.bitdefender.com; www.bitdefender.com; www.f-prot.com;
      www.trendsecure.com; security.symantec.com; oldtimer.geekstogo.com;
      sopiansantosa.blogspot.com; www.fileresearchcenter.com;
      www.looktr.com; www.zone-it.com; www.avira.com; www.eset.com;
      free.avg.com; www.free-av.com; kr.ahnlab.com; www.eset.com;
      forospyware.com; thejokerx.blogspot.com; cairopt.net;
      oolbar.cyberdefender.com; golpe.dyndns.org; forum.aiutamici.com;
      solit.us; www.2-spyware.com; www.antivir.es; www.prevx.com;
      www.ikarus.net; bbs.s-sos.net; www.housecall.trendmicro.com;
      www.superdicas.com.br; www.superantispyware.com; www.unhackme.com;
      www.askmehelpdesk.com; forum.zebulon.fr; www.forums.majorgeeks.com;
      www.castlecops.com; www.virusspy.com; andymanchesta.com;
      www.kaspersky.es; subs.geekstogo.com; www.forospanish.com;
      blog.rnsafe.com; www.regrun.com; irc.snahosting.net; danielorza.net;
      www.pchelpforum.com; www.trendmicro.com; www.fortinet.com;
      www.safer-networking.org; www.fortiguardcenter.com; www.dougknox.com;
      www.vsantivirus.com; static.commentcamarche.net;
      www.gyakorikerdesek.hu; www.fixya.com; www.alabamawomen.org;
      www.firewallguide.com; www.auditmypc.com; www.spywaredb.com;
      www.mxttchina.com; www.ziggamza.net; www.forospyware.es;
      pogonyuto.forospanish.com; spywarefiles.prevx.com; k2r.th3kings.net;
      www.betterantivirus.com; www.365groups.com; www.antivirus.comodo.com;
      www.spywareterminator.com; www.eradicatespyware.net;
      www.freespywareremoval.info; www.personalfirewall.comodo.com;
      wakoopa.com; forum.drweb.com; bb1.th3kings.net;
      www.commentcamarche.net; www.clamav.net; www.antivirus.about.com;
      www.pandasecurity.com; www.webphand.com; mx.answers.yahoo.com;
      www.securitywonks.net; www.messengeradictos.com; www.geekpolice.net;
      bub.th3kings.net; shield.prevx.com; www.eudict.com; www.sandboxie.com;
      www.clamwin.com; www.cwsandbox.org; www.ca.com; www.arswp.com;
      es.answers.yahoo.com; www.trucoswindows.es; www.ipaddresser.com;
      www.abgenis.net; www.freefixer.com; forums.afterdawn.com;
      forum.torrents.ro; www.networkworld.com; www.cddchiangmai.net;
      www.threatexpert.com; www.norman.com; espanol.answers.yahoo.com;
      www.tallemu.com; foro.portalhacker.net; www.groupwhere.org;
      sniff.runescapetube.com; forum.p30world.com; virscan.org;
      www.viruschief.com; scanner.virus.org; www.hijackthis.de;
      housecall65.trendmicro.com; www.guiadohardware.net;
      forums.whatthetech.com; mustlovewine.com; www3.malekal.com;
      esetnod32antivirus.blogspot.com; hjt.networktechs.com;
      www.techsupportforum.com; www.whatthetech.com; www.soccersuck.com;
      www.pcentraide.com; comunidad.wilkinsonpc.com.co; forum.hocit.com;
      forum.smadav.net; fgp.e2doo.com; community.thaiware.com;
      irc.evoporn.com; forum.piriform.com; www.tweaksforgeeks.com;
      www.daniweb.com; www.geekstogo.com; es.answers.yahoo.com;
      www.techsupportforum.com; dnl-eu8.kaspersky-labs.com; www.oprekpc.com;
      shv4.ath.cx; www.pcworld.com; in.answers.yahoo.com; www.pchell.com;
      www.spyany.com; forums.techguy.org; www.experts-exchange.com;
      www.wikio.es; www.pandasecurity.com; forums.devshed.com;
      devbuilds.kaspersky-labs.com; hana-ahmad.blogspot.com;
      www.linkmania.ro; www.trojaner-board.de; forum.tweaks.com;
      www.wilderssecurity.com; www.techspot.com; www.thecomputerpitstop.com;
      es.wasalive.com; secunia.com; www.killtrojan.net; www.ulop.net;
      www.eliters.com; sip4.voipkosovasite.com; www.ftw.ro;
      anggiawan.web.id; es.kioskea.net; www.taringa.net;
      www.cyberdefender.com; www.feedage.com; new.taringa.net;
      forum.zazana.com; forum.clubedohardware.com.br; mks.com.pl;
      www.vietcaravan.us; trbotnet.sytes.net; community.norton.com;
      www.computing.net; discussions.virtualdr.com;
      forum.securitycadets.com; www.techimo.com; 13iii.com;
      www.dicasweb.com.br; www.javacoolsoftware.net; cofradia.org;
      wasteland-bg.com; www.windowexe.com; malekal.com; www.carigold.com;
      www.infosecpodcast.com; www.usbcleaner.cn; www.net-security.org;
      www.bleedingthreats.net; acs.pandasoftware.com; www.funkytoad.com;
      malwarebytes.org; sabithpocker.blogspot.com; comprolive.vox.com;
      www.worton.com; www.360safe.cn; www.360safe.com; bbs.360safe.cn;
      bbs.360safe.com; codehard.wordpress.com; forum.clubedohardware.com.br;
      antitrick.com; www.configurarequipos.com; www.jiwang.org;
      anti-virus-software-review.toptenreviews.com; www.360.cn; www.360.com;
      bbs.360safe.cn; bbs.360safe.com; www.forospyware.es;
      p3dev.taringa.net; www.precisesecurity.com; dlpe.antivir.com;
      www.jvme.com; share.skype.com; comprolive.com; gotoknow.org;
      www.forofantasiasmiguel.com; baike.360.cn; baike.360.com; kaba.360.cn;
      kaba.360.com; deckard.geekstogo.com; www.taringa.net;
      forums.comodo.com; www.mvps.org; melcy.wordpress.com;
      forum.softpedia.com; pcvids.wordpress.com; shop.symantecstore.com;
      down.360safe.cn; down.360safe.com; x.360safe.com; dl.360safe.com;
      ftp.drweb.com; www.hotshare.net; es.wasalive.com; free.antivirus.com;
      forum.hocit.com; destavision-forum.com; inspiresoft.blogspot.com;
      universomanualidades.foroactivo.com; updatem.360safe.com;
      updatem.360safe.cn; update.360safe.cn; update.360safe.com;
      www.utilidades-utiles.com; forum.kaspersky.com;
      www.indowebster.web.id; zastita.com; www.sz-pet.com;
      foros.abcdatos.com; www.elektroda.pl; bbs.duba.net; www.duba.net;
      zhidao.baidu.com; hi.baidu.com; www.drweb.com.es;
      msncleaner.softonic.com; www.javacoolsoftware.com;
      beniono.wordpress.com; www.4-gsmteam.com; msntubers.freehostia.com;
      store.norton.com; file.ikaka.com; file.ikaka.cn; bbs.ikaka.com;
      zhidao.ikaka.com; www.eset-la.com; download.eset.com;
      software-files.download.com; www.faravirusi.com; www.winbots.es;
      forum.chip.de; www.thailandsusu.com; debates.motos.net; www.ikaka.com;
      www.ikaka.cn; bbs.cfan.com.cn; www.cfan.com.cn; www.pandasecurity.com;
      es.mcafee.com; downloads.malwarebytes.org; www.devirusare.com;
      forum.skype.com; shitit.net; www.webimmune.net; forum.swzone.it;
      bbs.kafan.cn; bbs.kafan.com; bbs.kpfans.com; bbs.taisha.org;
      www.manuelruvalcaba.com; support.f-secure.com; bbs.winzheng.com;
      devirusare.com; social.microsoft.com; www.shitit.net;
      mx.answers.yahoo.com; darkzone.in.th; alerta-antivirus.inteco.es;
      foros.zonavirus.com; alerta-antivirus.red.es; www.zonavirus.com;
      www.malwarebytes.org; www.commentcamarche.net;
      news.support.veritas.com; www.zonealarm.com;
      malwarebytes-anti-malware.softonic.com; www.ewido.net;
      www.infospyware.com; www.bitdefender.es; housecall.trendmicro.com;
      foros.toxico-pc.com; www.identi.es; es.kioskea.net; virusinfo.info;
      forums.zonealarm.com; foro.infiernohacker.com;
      nitroamd.spaces.live.com; www.emsisoft.de; www.securitynewsportal.com;
      irc.ekizmedia.com; zone.arminboutique.com; story.dnsentrymx.com


 Processi terminati Lista dei processi che vengono terminati:
   • MSMPENG.EXE; MSASCUI.EXE; GUARDXKICKOFF.EXE; GUARDXSERVICE.EXE;
      VIRUSUTILITIES.EXE; VBA32-PERSONAL-LATEST-ENGLISH.EXE;
      TrendMicro_TISPro_16.1_1063_x32.EXE; WITSETUP.EXE; AVINSTALL.EXE;
      K7TS_SETUP.EXE; P08PROMO.EXE; ISSDM_EN_32.EXE; VIPRE.EXE;
      UNLOCKER.EXE; UNLOCKERASSISTANT.EXE; UNLOCKER1.8.7.EXE;
      REGUNLOCKER.EXE; COMPAQ_PROPIETARIO.EXE; ATF-CLEANER.EXE;
      SAFEBOOTKEYREPAIR.EXEOTMOVEIT3.EXEHOSTSXPERT.EXEDAFT.EXE; VIRUS.EXE;
      HIJACK-THIS.EXE; MRT.EXE; MRTSTUB.EXE; WINDOWS-KB890930-V2.2.EXE;
      HJ.EXE; ELISTA.EXE; PENCLEAN.EXE; MBAM-SETUP.EXE; MBAM.EXE; AVZ.EXE;
      JAJA.EXE; OTMOVEIT.EXEMBAM-SETUP.EXE; REGMON.EXE; COMBO-FIX.EXE;
      COMBOFIX.BAT; COMBOFIX.SCR; COMBOFIX.COM; NTVDM.EXE; GUARD.EXE;
      LISTO.EXE; TCPVIEW.EXE; REGEDIT.COM; REGEDIT.SCR; FOLDERCURE.EXE;
      KILLAUTOPLUS.EXE; MYPHOTOKILLER.EXE; REG.EXE; TASKKILL.EXE;
      AUTORUNS.EXE; SRENGPS.EXE; COMBOFIX.EXE; SDFIX.EXE; CATCHME.EXE;
      GMER.EXE; MBR.EXE; CF9409.EXE;
      REGUNLOCKER.EXETSNTEVAL.EXEXP_TASKMGRENAB.EXE; SUPERANTISPYWARE.EXE;
      BOOTSAFE.EXE; SRESTORE.EXE; MSNCLEANER.EXE; BUSCAREG.EXE;
      KAKASETUPV6.EXE; SUPERKILLER.EXE; DUBATOOL_AV_KILLER.EXE;
      DELAYDELFILE.EXE; SEEM.EXE; BC5CA6A.EXE; ROOTALYZER.EXE;
      ROOTKITBUSTER.EXE; HELIOS.EXE; DARKSPY105.EXE; HOOKANLZ.EXE;
      PAVARK.EXE; SRENGLDR.EXE; APORTS.EXE; FPORT.EXE; PORTDETECTIVE.EXE;
      PORTMONITOR.EXE; NETSTAT.EXE; OLLYDBG.EXE; HJTINSTALL.EXE;
      HJTSETUP.EXE; HIJACKTHIS_SFX.EXE; HIJACKTHIS.EXE; HIJACKTHIS_V2.EXE;
      MSNFIX.EXE; PROCEXP.EXE; TASKMAN.EXE; TASKLIST.EXE; TASKMON.EXE;
      PSKILL.EXE; ROOTKITREVEALER.EXE; FSBL.EXE; FSB.EXE; AVGARKT.EXE;
      ROOTKIT_DETECTIVE.EXE; UNHACKME.EXE; HACKMON.EXE; RKD.EXE;
      ROOTKITNO.EXE; REANIMATOR.EXE; HOOKANLZ.EXE; ROOTREPEAL.EXE;
      ICESWORD.EXE; LORDPE.EXE; PG2.EXE; PROCDUMP.EXE; PROCESSMONITOR.EXE;
      SPYBOTSD160.EXE; TEATIMER.EXE; SPYBOTSD.EXE; WIRESHARK.EXE; APM.EXE;
      APT.EXE; ASVIEWER.EXE; CPORTS.EXE; CPROCESS.EXE; DLLCOMPARE.EXE;
      A2HIJACKFREESETUP.EXE; EULALYZERSETUP.EXE; FILEALYZ.EXE; FILEFIND.EXE;
      FIXPATH.EXE; HOSTSFILEREADER.EXE; IEFIX.EXE; AVENGER.EXE;
      INSTALLWATCHPRO25.EXE; KILLBOX.EXE; NETALYZ.EXE; OBJMONSETUP.EXE;
      PGSETUP.EXE; FIXBAGLE.EXE; CUREIT.EXE; PROCMON.EXE;
      PROJECTWHOISINSTALLER.EXE; REGALYZ.EXE; REGCOOL.EXE;
      REGISTRAR_LITE.EXE; REGSCANNER.EXE; REGSHOT.EXE; REGX2.EXE; SPF.EXE;
      SRENGLDR.EXE; STARTDRECK.EXE; SYSANALYZER_SETUP.EXE; UNIEXTRACT.EXE;
      UNLOCKER1.8.7.EXE; RAVP.EXE; MBAM.EXE; USBGUARD.EXE; AVZ.EXE; OTL.EXE;
      CPF.EXE; ZLCLIENT.EXE; 123.COM; 123.EXE


 Dettagli del file Software di compressione:
Per complicarne l'individuazione e ridurre la dimensione del file, viene compresso con un software di compressione.

Descrizione inserita da Petre Galan su venerdì 25 giugno 2010
Descrizione aggiornata da Petre Galan su venerdì 25 giugno 2010

Indietro . . . .
https:// Questa finestra è criptata per tua sicurezza.