Need help? Ask the community or hire an expert.
Go to Avira Answers
??:TR/Scar.apqx
????:13/12/2012
??:?????
????:?
????????????????
??/????????
?? / ????????????
????:?
????:43.008 ??
MD5 ???:5cdef39df4850fe9d241490fe4305df2
VDF ??:7.11.53.216 - 2012년 12월 13일 목요일
IVDF ??:7.11.53.216 - 2012년 12월 13일 목요일

 ???? ??:
   •  Mcafee: W32/Koobface.worm.gen.d
   •  Sophos: W32/Koobface-V
   •  Panda: W32/Koobface.JT.worm
   •  Eset: Win32/Koobface.NCK
   •  Bitdefender: Win32.Worm.Koobface.AMW


??/????:
   • Windows 2000
   • Windows XP
   • Windows 2003


???:
   • ??????
   • ??????
   • ?????

 ?? ???????????:
   • %???%\windows\ld15.exe



???????????????



??????:
   • %TEMPDIR%\zpskon_1270677929.exe
   • %???%\3.reg
   • %????????%\df1a245s4_1592.exe
   • %????????%\SelfDel.bat
   • %????????%\sd.dat
   • %WINDIR%\dxxdv34567.bat
   • %???%\h.tmp
   • %TEMPDIR%\captcha.bat
   • %???%\1.bat
   • %TEMPDIR%\zpskon_1270669724.exe
   • %HOME%\Local Settings\Application Data\rdr_1270658517.exe



??????:

%???%\3.reg ???????????????????:
   • %????????%

%????????%\df1a245s4_1592.exe ?????????????????? ???: TR/Dropper.Gen

%HOME%\Local Settings\Application Data\010112010146100109.xxe
%TEMPDIR%\zpskon_1270682172.exe ?????????????????? ???: BDS/Backdoor.Gen

%HOME%\Local Settings\Application Data\010112010146115119.xxe
%HOME%\Local Settings\Application Data\rdr_1270658517.exe ?????????????????? ???: TR/Dropper.Gen

%???%\windows\bill106.exe ?????????????????? ???: TR/Dropper.Gen

%????????%\SelfDel.bat ???????????? ?????????????
%SYSDIR%\drivers\etc\hosts
%TEMPDIR%\zpskon_1270677929.exe ?????????????????? ???: TR/Dropper.Gen

%WINDIR%\fdgg34353edfgdfdf
%???%\windows\bk23567.dat
%HOME%\Local Settings\Application Data\0101120101465198.xxe
%???%\h.tmp
%WINDIR%\dxxdv34567.bat ???????????? ?????????????
%PROGRAM FILES%\webserver\webserver.exe ?????????????????? ???: BDS/Backdoor.Gen

%????????%\sd.dat
%TEMPDIR%\captcha.bat ???????????? ?????????????
%SYSDIR%\captcha.dll
%TEMPDIR%\zpskon_1270669724.exe ?????????????????? ???: TR/ATRAPS.Gen

%???%\1.bat ???????????? ?????????????



??????????:

????????:
   • http://banmismokingban.com/**********/?action=%???%&v=%??%
   • http://uuviet.toila.net/**********/?action=%???%&v=%??%
   • http://prospect-m.ru/**********/?action=%???%&v=%??%
   • http://glyk.ch/**********/?action=%???%&v=%??%
   • http://sindhpk.com/**********/?action=%???%&v=%??%
   • http://www.smoketrend.de/**********/?action=%???%&v=%??%
   • http://rabadanmakeupartist.com/**********/?action=%???%&v=%??%
   • http://www.friesen-research.com/**********/?action=%???%&v=%??%
   • http://azfatso.org/**********/?action=%???%&v=%??%
   • http://lineaidea.it/**********/?action=%???%&v=%??%
   • http://mysex.co.il/**********/?action=%???%&v=%??%
   • http://daveshieldsmedia.com/**********/?action=%???%&v=%??%
   • http://kingdom-shakers.com/**********/?action=%???%&v=%??%
   • http://www.eurostandart.biz/**********/?action=%???%&v=%??%
   • http://drpaulaprice.com/**********/?action=%???%&v=%??%
   • http://eurorot.com/**********/?action=%???%&v=%??%
   • http://rowanhenderson.com/**********/?action=%???%&v=%??%
   • http://sigmai.co.il/**********/?action=%???%&v=%??%
   • http://anlaegkp.dk/**********/?action=%???%&v=%??%
   • http://inartdesigns.com/**********/?action=%???%&v=%??%
   • http://inartdesigns.com/**********/?action=%???%&ff=%??%&a=%??%&v=%??%&l=%??%&c_fb=%??%&c_ms=%??%&c_hi=%??%&c_tw=%??%&c_be=%??%&c_tg=%??%&c_nl=%??%&iedef=%??%
   • http://mdcoc.net/**********/?getexe=%???%
   • http://www.idif.it/**********/?action=%???%&v=%??%&crc=%??%
   • http://www.idif.it/**********/?action=%???%&a=%??%&v=%??%&c_fb=%??%&ie=%???%
   • http://www.person.doae.go.th/**********/?getexe=%???%
   • http://www.person.doae.go.th/**********/?getexe=%???%
   • http://www.person.doae.go.th/**********/?getexe=%???%
   • http://www.person.doae.go.th/**********/?getexe=%???%
   • http://amazingpets.org/**********/?action=%???%&v=%??%&crc=%??%
   • http://amazingpets.org/**********/?action=%???%&mode=%???%&age=%??%&a=%??%&v=%??%&c_fb=%??%&ie=%???%


???????:
   • http://insta-find.com/adm/**********


???????:
   • http://u07012010u.com/**********/?uptime=%??%&v=%??%&sub=%??%&ping=%??%&proxy=%??%&hits=%??%&noref=%??%&port=%??%




??????????:

???:
   • %WINDIR%\ld15.exe


???:
   • %TEMPDIR%\\zpskon_1270669724.exe


???:
   • cmd /c c:\1.bat


???:
   • zpskon_12706697


???:
   • %TEMPDIR%\\zpskon_1270677929.exe


???:
   • sc create "captcha" type= share start= auto binPath= "%SYSDIR%\svchost.exe -k captcha"


???:
   • %TEMPDIR%\zpskon_1270677929.exe


???:
   • %TEMPDIR%\\zpskon_1270682172.exe


???:
   • reg add "HKLM\SYSTEM\CurrentControlSet\Services\captcha\parameters" /v ServiceDll /t REG_EXPAND_SZ /d "%WINDIR%\system


???:
   • reg add HKLM\Software\Microsoft\Windows\CurrentVersion /v Port /t REG_DWORD /d 1002


???:
   • netsh add allowedprogram "%PROGRAM FILES%\webserver\webserver.exe" webserver ENABLE


???:
   • cmd /c %WINDIR%\dxxdv34567.bat


???:
   • reg add "HKLM\SYSTEM\CurrentControlSet\Services\captcha" /v FailureActions /t REG_BINARY /d 0000000000000000000000000300


???:
   • reg add "HKLM\SYSTEM\CurrentControlSet\Services\captcha" /v Type /t REG_DWORD /d 288 /f


???:
   • reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\svchost" /v captcha /t REG_MULTI_SZ /d "captcha\0" /f


???:
   • rundll32 captcha,ServiceMain


???:
   • regedit /s c:\2.reg


???:
   • netsh firewall add portopening TCP 1002 webserver ENABLE


???:
   • netsh firewall add portopening TCP 53 webserver ENABLE


???:
   • sc create "webserver" binPath= "%PROGRAM FILES%\webserver\webserver.exe" type= share start= auto


???:
   • reg add "HKLM\SYSTEM\CurrentControlSet\Services\webserver" /v FailureActions /t REG_BINARY /d 00000000000000000000000003


???:
   • sc start "webserver"


???:
   • df1a245s4_1592.exe


???:
   • cmd /c SelfDel.bat


???:
   • %????????%\df1a245s4_1592.exe


???:
   • %WINDIR%\bill106.exe


???:
   • "%HOME%\Local Settings\Application Data\rdr_1270658517.exe"


???:
   • cmd /c "%HOME%\Local Settings\Application Data\rdr_1270658517.exe" /res >%temp%\captcha.bat


???:
   • "%HOME%\Local Settings\Application Data\rdr_1270658517.exe" /res


???:
   • cmd /c "%temp%\captcha.bat"


???:
   • netsh firewall add allowedprogram name="captcha" program="%SYSDIR%\svchost.exe" mode=ENABLE

 ??? ????????????????????????:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   • "sysldtray"="%WINDIR%\ld15.exe"
   • "sysfbtray"="%WINDIR%\bill106.exe"



?????????:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion]
   ??:
   • "Port"=dword:0x000003ea

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
   ??:
   • "captcha"="captcha"

 ?? ???????????????:

????????????????:
   • 85.13.206.115 u07012010u.com


 ?????? ???????:
???????????????????????????????

설명 삽입자 Petre Galan   2010년 4월 12일 월요일
설명 업데이트 Petre Galan   2010년 4월 12일 월요일

뒤로 . . . .
https:// 이 창은 보안을 위해 암호화되었습니다.