PCの修理が必要ですか?
専門家に頼む
????TR/Spy.ZBot.awgq
????16/02/2011
?????????
????????
???????
???????
??????????????
?????????????
????????184.832 ???
MD5???????8142026d807be4faedaec15bc1256fb6
VDF???????7.10.08.215
IVDF???????7.11.03.121 - 2011年2月16日水曜日

 ???? ??
   •  McAfee: PWS-Spyeye
   •  Kaspersky: Trojan-Spy.Win32.Zbot.awgq
   •  Sophos: Mal/FakeAV-BW
   •  Bitdefender: Trojan.Generic.KD.95303
   •  Panda Trj/SpyEyes.E
     GData: Trojan.Generic.KD.95303


????????/OS?
   • Windows 2000
   • Windows XP
   • Windows 2003


???
   • ?????????????
   • ?????????
   • ????????

 ???? ??????????????????
   • C:\windowsxxx.exe\windowsxxx.exe



???????????????????



???????????????

C:\windowsxxx.exe\config.bin



??????????????????

?????????????????????????
   • C:\windowsxxx.exe\windowsxxx.exe

 ????? ??????????????????????????????????????????

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "windowsxxx.exe"="C:\windowsxxx.exe\windowsxxx.exe"



?????????????????????

–  [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
   • AutoConfigURL
   • ProxyOverride
   • ProxyServer



???????????????????

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
   • "WarnOnIntranet"=dword:0x00000000

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
   Zones\0]
   • "1409"=dword:0x00000003

[HKCU\Software\Microsoft\Internet Explorer\PhishingFilter]
   • "ShownServiceDownBalloon"=dword:0x00000000

[HKCU\Software\Microsoft\Internet Explorer\Recovery]
   • "ClearBrowsingHistoryOnExit"=dword:0x00000000



???????????????????

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
   Zones\1]
   ????
   • "1406"=dword:0x00000000
   • "1409"=dword:0x00000003
   • "1609"=dword:0x00000000

[HKCU\Software\Microsoft\Internet Explorer\PhishingFilter]
   ????
   • "EnabledV8"=dword:0x00000000

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
   Zones\0]
   ????
   • "1406"=dword:0x00000000
   • "1609"=dword:0x00000000

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
   Zones\2]
   ????
   • "1406"=dword:0x00000000
   • "1409"=dword:0x00000003
   • "1609"=dword:0x00000000

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
   Lockdown_Zones\4]
   ????
   • "1406"=dword:0x00000000

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
   Lockdown_Zones\1]
   ????
   • "1406"=dword:0x00000000

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
   Lockdown_Zones\2]
   ????
   • "1406"=dword:0x00000000

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
   Lockdown_Zones\3]
   ????
   • "1406"=dword:0x00000000

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
   ????
   • "EnableHttp1_1"=dword:0x00000001
   • "MigrateProxy"=dword:0x00000001
   • "ProxyEnable"=dword:0x00000000
   • "ProxyHttp1.1"=dword:0x00000001
   • "WarnOnPost"=hex:00,00,00,00
   • "WarnOnPostRedirect"=dword:0x00000000

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
   Zones\3]
   ????
   • "1406"=dword:0x00000000
   • "1409"=dword:0x00000003
   • "1609"=dword:0x00000000

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
   Zones\4]
   ????
   • "1406"=dword:0x00000000
   • "1409"=dword:0x00000003
   • "1609"=dword:0x00000000

 ????? ??????????
??????
   • 94.228.22**********.67:9933 (TCP)
   • http://my-trust.net:81/var/**********?guid=%???%&ver=%??% &stat=%???%&ie=%???%&os=%???%&ut=%???%&cpu=%??% &ccrc=%???%&md5=%???%



???????????????
    • ???????
    • CPU???
     ???????????
     ??????????????
     ???????
     ??????OS???????

 ?? ??????????????

?????????????????
   • Mozilla Firefox
   • Internet Explorer

 ??(Injection) ??????????????????????

    ??????????????
   • explorer.exe



??????????????????????

??????????????????????


 ???  ??????????????????????????????????????
   • http://www.microsoft.com


Mutex(??????)
???Mutex(??????????????
   • __window__
   • __SPYNET_REPALREADYSENDED__

 ??????? ??????????
??????????????????????????????????????????????????

説明の挿入者 Petre Galan の 2011年4月12日火曜日
説明の更新者 Petre Galan の 2011年4月14日木曜日

戻る . . . .
https:// このウィンドウは暗号化されています。