Need help? Ask the community or hire an expert.
Go to Avira Answers
病毒:Worm/RBot.80901
发现日期:13/12/2012
类型:蠕虫
广泛传播:
病毒传播个案呈报:低程度
感染/传播能力:中等程度
破坏 / 损害程度:中等程度
静态文件:
文件大小:80.901 字节
MD5 校检和:c0bb51c0d36477812cf7731510094b23
VDF 版本:7.11.53.216

 况概描述 传播方法:
   • 局域网络


别名:
   •  Symantec: W32.Spybot.Worm
   •  Kaspersky: Backdoor.Win32.Rbot.ayc
   •  TrendMicro: WORM_RBOT.BNZ
   •  Sophos: W32/Rbot-ADE
   •  Grisoft: IRC/BackDoor.SdBot.188.BS
   •  VirusBuster: Worm.RBot.BGU
   •  Eset: Win32/Rbot
   •  Bitdefender: Backdoor.Rbot.ADE


平台/操作系统:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


副作用:
   • 关闭安全应用程序
   • 注册表修改
   • 利用软件漏洞
   • 第三方控件

 文件 它将本身复制到以下位置:
   • %SYSDIR%\taskmngr.exe



它会删除其本身最初执行的副本。

 注册表 会在无限循环中连续添加以下注册表项,以便在重新引导之后运行进程。

–  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   • "Win32 NT Adv Services"="taskmngr.exe"

–  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
   • "Win32 NT Adv Services"="taskmngr.exe"



会添加以下注册表项目注册值:

– HKCU\Software\Microsoft\OLE
   • "Win32 NT Adv Services"="taskmngr.exe"



会更改以下注册表项:

– HKLM\SOFTWARE\Microsoft\Ole
   旧值:
   • "EnableDCOM"=%用户定义的设置%
   新值:
   • "EnableDCOM"="N"

– HKLM\SYSTEM\CurrentControlSet\Control\Lsa
   旧值:
   • "restrictanonymous"=%用户定义的设置%
   新值:
   • "restrictanonymous"=dword:00000001

 网络感染 该恶意软件会尝试以下方式连接其他计算机来作广泛传播/感染。

它会将其本身的副本植入以下网络共享中:
   • IPC$
   • C$
   • C$\windows\system32
   • c$\winnt\system32
   • ADMIN$\system32\
   • ADMIN$


它使用以下登录信息来访问远程计算机:

–缓存用户名和密码。

– 以下用户名列表:
   • Zytowski; Zwiers; Zurn; Zucconi; Zoldak; Zerbini; Zegans; Zangwill;
      Zahedi; Zachary; Youk-See; Yoo; Yoffe; Yetiv; Yesson; Yedidia; Ybarra;
      Yates; Yarchuk; Yankee; Yamane; Yacono; Votey; Vorhaus; Woods-Powell;
      Woods; Wooden; Woo; VonHoffman; Wolk; Voigt; Viviani; Vitali; Wilson;
      Willstatter; Villarreal; Wilkinson; Wilkin; Wilk; Wilhelm; Wilder;
      Vignola; Viens; Wiener; Wiedersheim; Viano; Viana; Whittaker; Whitla;
      White; Whilton; Whately; Wetzel; Wescott; Verghese; Venne; Wengret;
      Welsh; Welles; Velasquez; Weissman; Weissbourd; Weinhaus; Weingarten;
      Weighart; Waugh; Vasquez; Wasowska; Warshafsky; Vanheeckeren;
      Vandenberg; VanZwet; vanAllen; Walter; Wallenberg; Wales; Valencia;
      Valberg; Waite; Vacca; Uzuner; Usdan; Urdang-Brown; Urban; Upsdell;
      Untermeyer; Ullman; Tzamarias; Twells; Tuttle; Turek; Turano; Tukan;
      Tudge; Tuck; Tsukurov; Tsomides; Tsiatis; Truss; Troy; Troiani;
      Tringali; Trewin; Trenga; Traebert; Toye; Towler; Torske; Torresi;
      Topulos; Toomer; Tomford; Tolman; Tolls; Tollestrup; Tofallis;
      Timmons; Till; Tierney; Throop; Thomsen; Thisted; Thibault; Theodos;
      Thavaneswaran; Than; Terracini; Tenney; Temmer; Temes; Teague;
      Tcherepnin; Tawn; Taveras; Tatar; Tanowitz; Tandler; Tambiah;
      Talaugon; Tai; Tagiuri; Swindle; Sweetser; Sweeting; Surdam; Suo;
      Sumner; Sullivan; Stringer; Streiff; Strauch; Strange; Stott; Storer;
      Stonich; Stolzenberg; Stockwell; Stockton; Stock; Stillwell; Stiepock;
      Stewart-Oaten; Stepniewska; Stephanian; Steiner; Stefani; Statlender;
      States; Stassinopolus; Stang; Stam; Stalvey; StMartin; Spinrad;
      Spiliotis; Spiegelhalter; Spicer; Sperber; Spence; Speizer; Spaulding;
      Sparrow; Spanier; Soultanian; Soule; Soukup; Sottak; Sorg; Sorabella;
      Sommariva; Somers; Solon; Socolow; Snodgrass; Sniffen; Smilow; Slowe;
      Sloan; Skoda; Skerry; Skane; Sites; Sirilli; Sinsabaugh; Silvetti;
      Silverman; Signa; Sigini; Sigalot; Siesto; Shimon; Shibata; Shia;
      Shesko; Shepstone; Sheppard; Shepherd; Sheats; Shea; Shavelson;
      Shatrov; Shar; Shanley; Shankland; Shakis; Shaikh; Seyfert; Sexton;
      Seterdahl; Sennett; Sen; Selvage; Sekler; Segal; Seeber; Seaton;
      Scudder; Scovel; Schwickrath; Schwan; Schuyler; Schutte; Schuman;
      Schossberger; Schmitt; Schilling; Schifini; Schiano; Scheiner;
      Scharlemann; Scharf; Scepan; Scarponi; Sayied; Sawtell; Satterthwaite;
      Satta; Satin; Sase; Sartore; Sarin; Sapers; Sanna; Sanchez-Ramirez;
      Samson; Sali; Sahu; Safire; Sadler; Sabatello; Ryu; Rush; Ruescher;
      Ruderman; Ruan; Royal; Row; Ronen; Rogers; Roesler; Rocha; Robinson;
      Rivera; Rish; Rineer; Rindos; Rielly; Richmond; Rhea; Resnik; Repetto;
      Renick; Remak; Reinold; Cunningham; Reedquist; Redden-Tyler; Rayport;
      Rapple; Rankin; Rangan; Raney; Rajagopalan; Radeke; Rabkin; Rabe;
      Quetin; Quaday; Pynchon; Pugh; Puccia; Prothrow-Stith; Proietti;
      Pritz; Pritchard; Prevost; Preucel; Presper; Powers; Poolman; Poma;
      Politis; Polanyi; Polak; Poirier; Pointer; Poincaire; Pocobene; Plous;
      Plasket; Plant; Plancon; Pinot; Pilbeam; Pfister; Pettit; Pettibone;
      Petruzello; Peters; Perrimon; Perone; Perna; Perlman; Perlak; Perko;
      Pereira; Penny; Peishel; Pederson; Pearlberg; Peabody; Paynter;
      Pawloski; Pavlon; Pavetti; Pattullo; Patrick; Patefield; Pascucci;
      Partridge; Parris; Parmeggiani; Paoletti; Pantilla; Panizzon;
      Panadero; Palmitesta; Pallara; Palepu; Palayoor; Paine; PaesDealmeida;
      Ovid; Ouchida; Otten; Ottaviani; Ostrowski; Ospina; Orsi; Orfield;
      Oray; Opel; O'meara; Oman; O'malley; Olszewski; Olson; Olsen; Oldford;
      O'hagan; Ogata; Ocougne; Nuzum; Notman; Nitabach; Nisenson; Nickoloff;
      Nickerson; Newlin; Newfeld; Neuman; Nesci; Nenna; Nelson; Nayduch;
      Naviaux; Nardone; Nardi; Napolitano; Naddeo; Mussachio; Mumford;
      Mulroy; Mulkern; Mugnai; Muello; Mudarri; Motooka; Mostafavi; Mosler;
      Mosher; Mortimer; Morrow; Morrison; Moreton; Morani; MooreDeCh.;
      Montilio; Monque; Moiamedi; Mohr; Moeller; Modestino; Mocroft; Mittal;
      Mitropoulos; Gonzalez; Minichiello; Mini; Minh; Mills; Mieher; Middle;
      Michelman; Meurer; Metropolis; Metelka; Merz; Merseth; Merminod;
      Merlani; Merikoski; Menzies; Memisoglu; Meccariello; Mcnulty; Mcnealy;
      Mclaren; Mclane; Mckenna; Mcintosh; McIlroy; Mcgoldrick; Mcghee;
      McFadden; Mcelroy; Mcdowell; Mcclearn; Mccall; Mccaffery; Mcbride;
      Mazziotta; Mazzali; May; Mauzy; Mattson; Matsukata; Matarazzo;
      Matalka; Mass; Marubini; Marton; Martochio; Martinez; Marques;
      Margetts; Margalit; Marcus; Marchbanks; March; Mantovan; Manganiello;
      Mandel; Manalis; Malova; Maller; Malatesta; Maisano; Maine-Hershey;
      Maier; Mahony; Maggio; Madigan; Macy; MacMillan; Mackenney; Macintyre;
      Maceachern; Macdonald; Maccormac; Luzader; Lutcavage; Lussier; Luoma;
      Lunetta; Luecke; Luczkow; Luciano; Lucas; Lubin; Loza; Lowenstein;
      Loveman; Loss; Longworth; Locatelli; Lizardo; Livolsi; Livi;
      Livernash; Litvak; Little; Lipponen; Lippmann; Linzee; Linehan; Line;
      Linder; Linda; Linares; Lim; Lightfoot; Light; Liem; Lidano; Liakos;
      Lessi; Lesser; l'Enclos; Lenard; Leite; Leclercq; Lecce; Lecar;
      Lawless; Lashley; Laserna; Lanzit; Lantieri; Lankes; Landes;
      Lallemant; Laing; Lafler; Labunka; Kuwabara; Kusman; Kumar; Kuenzli;
      Krysiak; Kroemer; Kraus; Krasney; Krailo; Kraemer; Kovaks; Kotter;
      Korzybski; Kool; Konrad; Koniaris; Kommer; Koivumaki; Kohn; Koch;
      Kobrick; Knuff; Klint; Klinkenborg; Kling; Klemperer; Kleinfelder;
      Kleiman; Kleckner; Kittridge; Kirscht; Kippenberger; Kinsley; Kindall;
      Kimura; Kimmett; Kimmel; Khong; Keul; Kerry; Kendall; Kemsley;
      Kempton; Kelsey; Kelker; Keith; Keepper; Keenan; Kee; Kawachi; Kasten;
      Kassower; Karpouzes; Kangis; Kamel; Kalman; Kalinowski; Kalil;
      Kaligian; Kalbfleisch; Kafadar; Kaboolian; Kabbash; Julious; Juliano;
      Jucks; Jorgensen; Jolly; Johns; Johannsen; Johannesson; Jewett;
      Jespersen; Jenkins; Jellis; Jeffers; Jay; Jarrell; Jarnagin;
      Janjigian; Jamil; Jain; Jagoe; Jagger; Jagers; Jackson; Jacenko; Iyer;
      Isserman; Isbill; Isaievych; Isaac; Inniss; Inamura; Igarashi;
      Ichikawa; Iaquinta; Hyde; Hutchings; Hurtubise; Hupp; Huntington;
      Hungerford; Huidekoper; Huey; Hoy; Howard; Hottle; Hostage; Hoshida;
      Horsley; Hopkins; Hooker; Holzman; Holway; Holter; Holoien; Holmes;
      Hokoda; Hokanson; Hoffman; Hoffer; Hock; Hoang; Hitchcock; Hirst;
      Hind; Himmelfarb; Heyeck; Heubert; Hester; Herrera; Hernandez;
      Henrichs; Henery; Hemphill; Helprin; Hellmiss; Hellman; Heiland; Heft;
      Heermans; Hazlewood; Haynes; Hayes; Hawkes; Haviaras; Harwell;
      Hartnett; Hartmann; Hartman; Harrigan; Harlow; Hargraves; Harding;
      Hanssen; Hand; Hammerness; Hamer; Hambarzumjan; Halpert; Hallowell;
      Halkias; Haley; Hackshaw; Hackman; Haar; Guo; Gunn; Guenthart; Gruppe;
      Gruner; Grummell; Grigoletto; Griffiths; Greenfeld; Greenberg;
      Gravell; Gozzi; Goody; Goodearl; Good; Goncalves; Goldfarb; Glendon;
      Glegg; Gleason; Gist; Gillispie; Gill; Gili; Gilbert; Gibson; Gibbens;
      Ghorai; Gerrett; Georgi; Gemberling; Geller; Garonna; Garman;
      Garfield; Gambini; Galwey; Galeotti; Gaggiotti; Gabrielli; Fusaro;
      Furth; Fuller; Fujii-Abe; Frye; Fryberger; Frowiss; Frisken;
      Friedland; Fried; Freundlich; Freid; Frazier-Davis; Franz;
      Franklin-Kenea; Francisco; Fossi; Fossey; Fortier; Fortes; Forester;
      Folks; Flores; Flier; Fitzmaurice; Fisk; Fiorina; Finnegan;
      Finkelstein; Fink; Field; Fido; Feuer; Ferriell; Ferrante; Fernandes;
      Fernald; Feldman; Fejzo; Feigenbaum; Fates; Fasso'; Farren; Farone;
      Faris; Falorsi; Falco-Acosta; Faioes; Fagan; Fabbris; Everett;
      Euripides; Etter; Estes; Espinoza; Erez; Erdos; Erdman; Erbach;
      Eppling; Enyeart; Encinas; Elvis; Elmerick; Elmendorf; Eliasson;
      Eickenhorst; Edward; Edner; Edley; Eckel; Ebeling; Eardley; Dwyer;
      Dussault; Durrett; Duffin; D'souza; Drinker; Dowsland; Doug; Doty;
      Dosi; Dorf; Dore; Doonan; Donner; Donahue; Doherty; Dockery; Dirksen;
      Dionysius; Dilworth; Difronzo; Difabio; Diefenbach; Dicks; D'fini;
      Deutsch; Desombre; Denison; Denham; Denault; Demusz; Dempster; Deming;
      Dell'acqua; Delger; Deleon-Rendon; Delattre; Defeciani; Dees; Debroff;
      deRousse; del'Enclos; DeLaPena; DeGennaro; Dawkins; David; Daskalu;
      Dasgupta; Das; D'arcangelo; Dapice; Dante; Danieli; D'Ambra; Daly;
      Daldalian; daSilva; Cyders; Cvek; Cutler; Currier; Cui; Croxton;
      Croxen; Croshaw; Crocker; Crawford; Coutaux; Counter; Cosmides;
      Cornish; Corey; Connors; Condodina; Concino; Comstock; Compton;
      Collis; Collard; Colella; Coldren; Coito; Coblenz; Clow; Clifton;
      Clement; Clark; Clancy; Claffey; Cifarelli; Cicero; Ciampaglia;
      Church; Chupasko; Chu; Christopher; Christie; Christiano; Christian;
      Christenson; Chinman; Chinipardaz; Childs; Childress; Chien;
      Chiassino; Chervinsky; Cherry; Cheang; Charles; Chapman; Cerioli;
      Ceniceros; Cavell; Cavanagh; Castelda; Caspar; Case; Cascio; Cartmill;
      Carper; Caroti; Carmichael; Carlyle; Carlos; Carlin; Carayannopoulos;
      Caratozzolo; Capursi; Cappuccio; Capodilupo; Capocaccia; Caperton;
      Capanni; Canley; Cammilleri; Cammelli; Calnan; Cage; Byrd; Byerly;
      Byatt; Busetta; Burridge; Burke; Burdzy; Burden; Bunton; Bullard;
      Budding; Buchan; Brzycki; Brook; Broca; Britz; Brinton; Bridges;
      Bridgeman; Brewer; Brennan; Brenan; Breed; Brecht; Bradach; Bradac;
      Bracalente; Boyne; Boym; Boyland; Boyes; Boyajian; Boxer; Bowers;
      Bourneuf; Boudrot; Boudin; Botosh; Bothman; Bossi; Borden; Borack;
      Boorstin; Boone; Bookbinder; Book; Bontempo; Boniface; Bonham; Boner;
      Bologna; Bollinger; Bolick; Bolger; Blyth; Bloxham; Bloemhof;
      Bloembergen; Bloch; Blizard; Bliss; Blanke; Blakemore; Blagg;
      Blackwell; Blackbourn; Bisho; Bisema; Bir; Binion; Bickel; Biagioli;
      Beynart; Betti; Berrizbeitia; Bernston; Bernassola; Bernardo;
      Berke-Jenkins; Bergson; Benedict-Dye; Belloc; Bellini; Bellhouse;
      Bellavance; Belin-Collart; Belfer; Belaoussof; Belanger; Behenna;
      Bedford; Beder; Beckman; Bean; Beal; Beacon; Bayo; Bayles; Baumiller;
      Batchelder; Bashevis; Basavappa; Bartoo; Bartolome; Bartholomew;
      Barry; Barriola; Barnett; Barneson; Barbetti; Barberi; Baranowska;
      Baranczak; Barajas; Barabesi; Banta; Baltz; Ballew; Ballatori; Baleja;
      Bakanowsky; Bailar; Bagnold; Baglivo; Bady; Backus; Bachmuth; Azima;
      Ayling; Aykroyd; Ayiemba; Axworthy; Axelrod; Aurelius; Augustus;
      Atkins; Arky; Arjas; Aristotle; Arellano; Arduini; Arbia; Antos;
      Anthony; Ansley; Anfinrud; Andron; Andrelus; Ando; Andel; Anand;
      Amsden; Ameer; Amatangelo; Amaral; Altenhofen; Altenberger; Altavilla;
      Alongi; Allison; Aleks; Alda; Alcorn; Alavi; Ahlers; Adorno; Adibe;
      Adelstein; Addison; Adams; Ackerman; Abdulrazak

– 以下密码列表:
   • pass; ADMINISTRATOR; Administrateur; Administrador; Admin; ADMIN;
      linux; db2; oracle; dba; database; default; guest; wwwadmin; teacher;
      student; owner; computer; user; staff; admins; administrat;
      administrateur; administrador; administrator



漏洞攻击:
它会利用以下漏洞攻击:
– MS02-061 (SQL Server Web 中的权限提升)
– MS03-026 (RPC 接口中的缓冲区溢出)
– MS03-039 (RPCSS 服务中的缓冲区溢出)
– MS03-049 (工作站服务中的缓冲区溢出)
– MS04-011 (LSASS 漏洞)


感染进程:
在受影响的计算机上创建 TFTP 或 FTP 脚本,以便将恶意软件下载到远程位置。


远程执行:
–它会尝试在刚感染的计算机上安排远程执行恶意软件。 因此,它会使用NetScheduleJobAdd 功能。

 IRC 为了提供系统信息和远程控制,它会连接到以下 IRC 服务器:

服务器: www.zone**********
端口: 4446
通道: #hi
昵称: [XP|USA]%数字%
密码: high



– 此恶意软件能够搜集并发送类似如下信息:
    • CPU 速度
    • 当前用户
    • 有关驱动程序的详细信息
    • 可用磁盘空间
    • 可用内存
    • 有关网络的信息
    • 运行中进程的信息
    • 内存大小
    • 用户名
    • Windows 操作系统信息


– 而且,它能够进行此般操作:
    • 启动 DDoS ICMP 洪水攻击
    • 启动 DDoS SYN 洪水攻击
    • 启动 DDoS UDP 洪水攻击
    • 关闭 DCOM
    • 关闭网络文件共享
    • 下载文件
    • 启用 DCOM
    • 启用网络共享
    • 执行文件
    • 加入 IRC 通道
    • 结束进程
    • 离开 IRC 通道
    • 打开远程 Shell
    • 执行 DDoS 攻击
    • 执行网络扫描
    • 执行端口重定向
    • 注册服务
    • 重新引导系统
    • 发送电子邮件
    • 启动传播例程
    • 终止恶意软件
    • 终止进程
    • 自行更新
    • 上传文件
    • 访问网站

 进程终止 被终止进程列表:
   • _AVP32.EXE; _AVPCC.EXE; _AVPM.EXE; ACKWIN32.EXE; ADAWARE.EXE;
      ADVXDWIN.EXE; AGENTSVR.EXE; AGENTW.EXE; ALERTSVC.EXE; ALEVIR.EXE;
      ALOGSERV.EXE; AMON9X.EXE; ANTI-TROJAN.EXE; ANTIVIRUS.EXE; ANTS.EXE;
      APIMONITOR.EXE; APLICA32.EXE; APVXDWIN.EXE; ARR.EXE; ATCON.EXE;
      ATGUARD.EXE; ATRO55EN.EXE; ATUPDATER.EXE; ATWATCH.EXE; AU.EXE;
      AUPDATE.EXE; AUTODOWN.EXE; AUTO-PROTECT.NAV80TRY.EXE; AUTOTRACE.EXE;
      AUTOUPDATE.EXE; AVCONSOL.EXE; AVE32.EXE; AVGCC32.EXE; AVGCTRL.EXE;
      AVGNT.EXE; AVGSERV.EXE; AVGSERV9.EXE; AVGUARD.EXE; AVGW.EXE;
      AVKPOP.EXE; AVKSERV.EXE; AVKSERVICE.EXE; AVKWCTl9.EXE; AVLTMAIN.EXE;
      AVNT.EXE; AVP.EXE; AVP32.EXE; AVPCC.EXE; AVPDOS32.EXE; AVPM.EXE;
      AVPTC32.EXE; AVPUPD.EXE; AVSCHED32.EXE; AVSYNMGR.EXE; AVWIN95.EXE;
      AVWINNT.EXE; AVWUPD.EXE; AVWUPD32.EXE; AVWUPSRV.EXE; AVXMONITOR9X.EXE;
      AVXMONITORNT.EXE; AVXQUAR.EXE; BACKWEB.EXE; BARGAINS.EXE;
      BD_PROFESSIONAL.EXE; BEAGLE.EXE; BELT.EXE; BIDEF.EXE; BIDSERVER.EXE;
      BIPCP.EXE; BIPCPEVALSETUP.EXE; BISP.EXE; BLACKD.EXE; BLACKICE.EXE;
      BLSS.EXE; BOOTCONF.EXE; BOOTWARN.EXE; BORG2.EXE; BPC.EXE; BRASIL.EXE;
      BS120.EXE; BUNDLE.EXE; BVT.EXE; CCAPP.EXE; CCEVTMGR.EXE; CCPXYSVC.EXE;
      CDP.EXE; CFD.EXE; CFGWIZ.EXE; CFIADMIN.EXE; CFIAUDIT.EXE; CFINET.EXE;
      CFINET32.EXE; Claw95.EXE; CLAW95CF.EXE; CLEAN.EXE; CLEANER.EXE;
      CLEANER3.EXE; CLEANPC.EXE; CLICK.EXE; CMD32.EXE; CMESYS.EXE;
      CMGRDIAN.EXE; CMON016.EXE; CONNECTIONMONITOR.EXE; CPD.EXE;
      CPF9X206.EXE; CPFNT206.EXE; CTRL.EXE; CV.EXE; CWNB181.EXE;
      CWNTDWMO.EXE; DATEMANAGER.EXE; DCOMX.EXE; DEFALERT.EXE;
      DEFSCANGUI.EXE; DEFWATCH.EXE; DEPUTY.EXE; DIVX.EXE; DLLCACHE.EXE;
      DLLREG.EXE; DOORS.EXE; DPF.EXE; DPFSETUP.EXE; DPPS2.EXE; DRWATSON.EXE;
      DRWEB32.EXE; DRWEBUPW.EXE; DSSAGENT.EXE; DVP95.EXE; DVP95_0.EXE;
      ECENGINE.EXE; EFPEADM.EXE; EMSW.EXE; ENT.EXE; ESAFE.EXE; ESCANH95.EXE;
      ESCANHNT.EXE; ESCANV95.EXE; ESPWATCH.EXE; ETHEREAL.EXE;
      ETRUSTCIPE.EXE; EVPN.EXE; EXANTIVIRUS-CNET.EXE; EXE.AVXW.EXE;
      EXPERT.EXE; EXPLORE.EXE; F-AGNT95.EXE; FAMEH32.EXE; FAST.EXE;
      FCH32.EXE; FIH32.EXE; FINDVIRU.EXE; FIREWALL.EXE; FLOWPROTECTOR.EXE;
      FNRB32.EXE; FPROT.EXE; F-PROT.EXE; F-PROT95.EXE; FP-WIN.EXE;
      FP-WIN_TRIAL.EXE; FRW.EXE; FSAA.EXE; FSAV.EXE; FSAV32.EXE;
      FSAV530STBYB.EXE; FSAV530WTBYB.EXE; FSAV95.EXE; FSGK32.EXE; FSM32.EXE;
      FSMA32.EXE; FSMB32.EXE; F-STOPW.EXE; GATOR.EXE; GBMENU.EXE;
      GBPOLL.EXE; GENERICS.EXE; GMT.EXE; GUARD.EXE; GUARDDOG.EXE;
      HACKTRACERSETUP.EXE; HBINST.EXE; HBSRV.EXE; HOTACTIO.EXE;
      HOTPATCH.EXE; HTLOG.EXE; HTPATCH.EXE; HWPE.EXE; HXDL.EXE; HXIUL.EXE;
      IAMAPP.EXE; IAMSERV.EXE; IAMSTATS.EXE; IBMASN.EXE; IBMAVSP.EXE;
      ICLOAD95.EXE; ICLOADNT.EXE; ICMON.EXE; ICSUPP95.EXE; ICSUPPNT.EXE;
      IDLE.EXE; IEDLL.EXE; IEDRIVER.EXE; IEXPLORER.EXE; IFACE.EXE;
      IFW2000.EXE; INETLNFO.EXE; INFUS.EXE; INFWIN.EXE; INIT.EXE;
      INTDEL.EXE; INTREN.EXE; IOMON98.EXE; IPARMOR.EXE; IRIS.EXE; ISASS.EXE;
      ISRV95.EXE; ISTSVC.EXE; JAMMER.EXE; JDBGMRG.EXE; JEDI.EXE;
      KAVLITE40ENG.EXE; KAVPERS40ENG.EXE; KAVPF.EXE; KAZZA.EXE;
      KEENVALUE.EXE; KERIO-PF-213-EN-WIN.EXE; KERIO-WRL-421-EN-WIN.EXE;
      KERIO-WRP-421-EN-WIN.EXE; KERNEL32.EXE; KILLPROCESSSETUP161.EXE;
      LAUNCHER.EXE; LDNETMON.EXE; LDPRO.EXE; LDPROMENU.EXE; LDSCAN.EXE;
      LNETINFO.EXE; LOADER.EXE; LOCALNET.EXE; LOCKDOWN.EXE;
      LOCKDOWN2000.EXE; LOOKOUT.EXE; LORDPE.EXE; LSETUP.EXE; LUALL.EXE;
      LUAU.EXE; LUCOMSERVER.EXE; LUINIT.EXE; LUSPT.EXE; MAPISVC32.EXE;
      MCAGENT.EXE; MCMNHDLR.EXE; MCSHIELD.EXE; MCTOOL.EXE; MCUPDATE.EXE;
      MCVSRTE.EXE; MCVSSHLD.EXE; MD.EXE; MFIN32.EXE; MFW2EN.EXE;
      MFWENG3.02D30.EXE; MGAVRTCL.EXE; MGAVRTE.EXE; MGHTML.EXE; MGUI.EXE;
      MINILOG.EXE; MMOD.EXE; MONITOR.EXE; MOOLIVE.EXE; MOSTAT.EXE;
      MPFAGENT.EXE; MPFSERVICE.EXE; MPFTRAY.EXE; MRFLUX.EXE; MSAPP.EXE;
      MSBB.EXE; MSBLAST.EXE; MSCACHE.EXE; MSCCN32.EXE; MSCMAN.EXE;
      MSCONFIG.EXE; MSDM.EXE; MSDOS.EXE; MSIEXEC16.EXE; MSINFO32.EXE;
      MSLAUGH.EXE; MSMGT.EXE; MSMSGRI32.EXE; MSSMMC32.EXE; MSSYS.EXE;
      MSVXD.EXE; MU0311AD.EXE; MWATCH.EXE; N32SCANW.EXE; NAV.EXE;
      NAVAP.NAVAPSVC.EXE; NAVAPSVC.EXE; NAVAPW32.EXE; NAVDX.EXE;
      NAVENGNAVEX15.NAVLU32.EXE; NAVLU32.EXE; NAVNT.EXE; NAVSTUB.EXE;
      NAVW32.EXE; NAVWNT.EXE; NC2000.EXE; NCINST4.EXE; NDD32.EXE;
      NEOMONITOR.EXE; NEOWATCHLOG.EXE; NETARMOR.EXE; NETD32.EXE;
      NETINFO.EXE; NETMON.EXE; NETSCANPRO.EXE; NETSPYHUNTER-1.2.EXE;
      NETSTAT.EXE; NETUTILS.EXE; NISSERV.EXE; NISUM.EXE; NMAIN.EXE;
      NOD32.EXE; NORMIST.EXE; NORTON_INTERNET_SECU_3.0_407.EXE;
      NOTSTART.EXE; NPF40_TW_98_NT_ME_2K.EXE; NPFMESSENGER.EXE;
      NPROTECT.EXE; NPSCHECK.EXE; NPSSVC.EXE; NSCHED32.EXE; NSSYS32.EXE;
      NSTASK32.EXE; NSUPDATE.EXE; NT.EXE; NTRTSCAN.EXE; NTVDM.EXE;
      NTXconfig.EXE; NUI.EXE; NUPGRADE.EXE; NVARCH16.EXE; NVC95.EXE;
      NVSVC32.EXE; NWINST4.EXE; NWSERVICE.EXE; NWTOOL16.EXE; OLLYDBG.EXE;
      ONSRVR.EXE; OPTIMIZE.EXE; OSTRONET.EXE; OTFIX.EXE; OUTPOST.EXE;
      OUTPOSTINSTALL.EXE; OUTPOSTPROINSTALL.EXE; PADMIN.EXE; PANIXK.EXE;
      PATCH.EXE; PAVCL.EXE; PAVPROXY.EXE; PAVSCHED.EXE; PAVW.EXE;
      PCC2002S902.EXE; PCC2K_76_1436.EXE; PCCIOMON.EXE; PCCNTMON.EXE;
      PCCWIN97.EXE; PCCWIN98.EXE; PCDSETUP.EXE; PCFWALLICON.EXE;
      PCIP10117_0.EXE; PCSCAN.EXE; PDSETUP.EXE; PENIS.EXE; PERISCOPE.EXE;
      PERSFW.EXE; PERSWF.EXE; PF2.EXE; PFWADMIN.EXE; PGMONITR.EXE;
      PINGSCAN.EXE; PLATIN.EXE; POP3TRAP.EXE; POPROXY.EXE; POPSCAN.EXE;
      PORTDETECTIVE.EXE; PORTMONITOR.EXE; POWERSCAN.EXE; PPINUPDT.EXE;
      PPTBC.EXE; PPVSTOP.EXE; PRIZESURFER.EXE; PRMT.EXE; PRMVR.EXE;
      PROCDUMP.EXE; PROCESSMONITOR.EXE; PROCEXPLORERV1.0.EXE;
      PROGRAMAUDITOR.EXE; PROPORT.EXE; PROTECTX.EXE; PSPF.EXE; PURGE.EXE;
      PUSSY.EXE; PVIEW95.EXE; QCONSOLE.EXE; QSERVER.EXE; RAPAPP.EXE;
      RAV7.EXE; RAV7WIN.EXE; RAV8WIN32ENG.EXE; RAY.EXE; RB32.EXE;
      RCSYNC.EXE; REALMON.EXE; REGED.EXE; REGEDIT.EXE; REGEDT32.EXE;
      RESCUE.EXE; RESCUE32.EXE; RRGUARD.EXE; RSHELL.EXE; RTVSCAN.EXE;
      RTVSCN95.EXE; RULAUNCH.EXE; RUN32DLL.EXE; RUNDLL.EXE; RUNDLL16.EXE;
      RUXDLL32.EXE; SAFEWEB.EXE; SAHAGENT.EXE; SAVE.EXE; SAVENOW.EXE;
      SBSERV.EXE; SC.EXE; SCAM32.EXE; SCAN32.EXE; SCAN95.EXE; SCANPM.EXE;
      SCRSCAN.EXE; SCRSVR.EXE; SCVHOST.EXE; SD.EXE; SERV95.EXE; SERVICE.EXE;
      SERVLCE.EXE; SERVLCES.EXE; SETUP_FLOWPROTECTOR_US.EXE;
      SETUPVAMEEVAL.EXE; SFC.EXE; SGSSFW32.EXE; SH.EXE; SHELLSPYINSTALL.EXE;
      SHN.EXE; SHOWBEHIND.EXE; SMC.EXE; SMS.EXE; SMSS32.EXE; SOAP.EXE;
      SOFI.EXE; SPERM.EXE; SPF.EXE; SPHINX.EXE; SPOLER.EXE; SPOOLCV.EXE;
      SPOOLSV32.EXE; SPYXX.EXE; SREXE.EXE; SRNG.EXE; SS3EDIT.EXE;
      SSG_4104.EXE; SSGRATE.EXE; ST2.EXE; START.EXE; STCLOADER.EXE;
      SUPFTRL.EXE; SUPPORT.EXE; SUPPORTER5.EXE; SVC.EXE; SVCHOSTC.EXE;
      SVCHOSTS.EXE; SVSHOST.EXE; SWEEP95.EXE;
      SWEEPNET.SWEEPSRV.SYS.SWNETSUP.EXE; SYMPROXYSVC.EXE; SYMTRAY.EXE;
      SYSEDIT.EXE; SYSTEM.EXE; SYSTEM32.EXE; SYSUPD.EXE; TASKMG.EXE;
      TASKMO.EXE; TASKMON.EXE; TAUMON.EXE; TBSCAN.EXE; TC.EXE; TCA.EXE;
      TCM.EXE; TDS2-98.EXE; TDS2-NT.EXE; TDS-3.EXE; TEEKIDS.EXE; TFAK.EXE;
      TFAK5.EXE; TGBOB.EXE; TITANIN.EXE; TITANINXP.EXE; TRACERT.EXE;
      TRICKLER.EXE; TRJSCAN.EXE; TRJSETUP.EXE; TROJANTRAP3.EXE; TSADBOT.EXE;
      TVMD.EXE; TVTMD.EXE; UNDOBOOT.EXE; UPDAT.EXE; UPDATE.EXE; UPGRAD.EXE;
      UTPOST.EXE; VBCMSERV.EXE; VBCONS.EXE; VBUST.EXE; VBWIN9X.EXE;
      VBWINNTW.EXE; VCSETUP.EXE; VET32.EXE; VET95.EXE; VETTRAY.EXE;
      VFSETUP.EXE; VIR-HELP.EXE; VIRUSMDPERSONALFIREWALL.EXE; VNLAN300.EXE;
      VNPC3000.EXE; VPC32.EXE; VPC42.EXE; VPFW30S.EXE; VPTRAY.EXE;
      VSCAN40.EXE; VSCENU6.02D30.EXE; VSCHED.EXE; VSECOMR.EXE; VSHWIN32.EXE;
      VSISETUP.EXE; VSMAIN.EXE; VSMON.EXE; VSSTAT.EXE; VSWIN9XE.EXE;
      VSWINNTSE.EXE; VSWINPERSE.EXE; W32DSM89.EXE; W9X.EXE; WATCHDOG.EXE;
      WEBDAV.EXE; WEBSCANX.EXE; WEBTRAP.EXE; WFINDV32.EXE; WGFE95.EXE;
      WHOSWATCHINGME.EXE; WIMMUN32.EXE; WIN32.EXE; WIN32US.EXE;
      WINACTIVE.EXE; WIN-BUGSFIX.EXE; WINDOW.EXE; WINDOWS.EXE; WININETD.EXE;
      WININIT.EXE; WININITX.EXE; WINLOGIN.EXE; WINMAIN.EXE; WINNET.EXE;
      WINPPR32.EXE; WINRECON.EXE; WINSERVN.EXE; WINSSK32.EXE; WINSTART.EXE;
      WINSTART001.EXE; WINTSK32.EXE; WINUPDATE.EXE; WKUFIND.EXE; WNAD.EXE;
      WNT.EXE; WRADMIN.EXE; WRCTRL.EXE; WSBGATE.EXE; WUPDATER.EXE;
      WUPDT.EXE; WYVERNWORKSFIREWALL.EXE; XPF202EN.EXE; ZAPRO.EXE;
      ZAPSETUP3001.EXE; ZATUTOR.EXE; ZONALM2601.EXE; ZONEALARM.EXE

它会尝试终止以下进程并删除相应的文件:
   • i11r54n4.exe; irun4.exe; d3dupdate.exe; rate.exe; ssate.exe;
      winsys.exe; winupd.exe; SysMonXP.exe; bbeagle.exe; Penis32.exe;
      mscvb32.exe; sysinfo.exe; PandaAVEngine.exe; F-AGOBOT.EXE;
      HIJACKTHIS.EXE


 其他 Mutex:
它会创建以下 Mutex:
   • NLX

 文件详细信息 编程语言:
该恶意软件程序是用 MS Visual C++ 编写的。


运行时压缩程序:
为了提高检测难度以及减小文件,它已使用运行时压缩程序进行压缩。

설명 삽입자 Irina Boldea   2006년 5월 11일 목요일
설명 업데이트 Irina Boldea   2006년 5월 11일 목요일

뒤로 . . . .
https:// 이 창은 보안을 위해 암호화되었습니다.