Need help? Ask the community or hire an expert.
Go to Avira Answers
??:Worm/Conficker.Z.16
????:13/12/2012
??:??
????:?
????????????????
??/????????????
?? / ????????????
????:?
????:169.760 ??
MD5 ???:8c0281272aebef92beca9aa756f715e7
VDF ??:7.11.53.216 - 2012년 12월 13일 목요일
IVDF ??:7.11.53.216 - 2012년 12월 13일 목요일

 ???? ????:
    ??????Autorun??
   • ????


??:
   •  Mcafee: W32/Conficker.worm.gen.a virus
   •  Sophos: Mal/Conficker-A
   •  Panda: W32/Conficker.C.worm
   •  Eset: Win32/Conficker.AA


??/????:
   • Windows 2000
   • Windows XP
   • Windows 2003


???:
   • ????????
   • ??????
   • ??????
   • ?????
   • ??????
MS07-019
CVE-2007-1204

 ?? ???????????:
   • %????????%\qepdjla.dll
   • %???%\RECYCLER\%CLSID%\qepdjla.dll



???????????????



??????:

%???%\autorun.inf ???????????????????:
   • %????????%




????????:

???????:
   • http://www.wha**********.com/




??????????:

???:
   • explorer C:

 ??? ?????????????????????????:

[HKLM\SYSTEM\CurrentControlSet\Services\mgvjx]
   • "Description"="Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start."
   • "DisplayName"="Server Monitor"
   • "ErrorControl"=dword:0x00000000
   • "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs"
   • "ObjectName"="LocalSystem"
   • "Start"=dword:0x00000002
   • "Type"=dword:0x00000020



???????????? Windows XP ???:

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\
   FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
   • "8182:TCP"="8182:TCP:*:Enabled:opijcn"



?????????????:

[HKLM\SYSTEM\CurrentControlSet\Services\mgvjx\Parameters]
   • "ServiceDll"="%SYSDIR%\qepdjla.dll"



?????????:

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\
   Winlogon]
   ??:
   • "ParseAutoexec"="1"

[HKCU\Software\Microsoft\Internet Explorer\Toolbar]
   ??:
   • "Locked"=dword:0x00000001

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
   ??:
   • "DontPrettyPath"=dword:0x00000000
   • "Filter"=dword:0x00000000
   • "Hidden"=dword:0x00000002
   • "HideFileExt"=dword:0x00000000
   • "HideIcons"=dword:0x00000000
   • "MapNetDrvBtn"=dword:0x00000001
   • "SeparateProcess"=dword:0x00000001
   • "ShowCompColor"=dword:0x00000001
   • "ShowInfoTip"=dword:0x00000000
   • "SuperHidden"=dword:0x00000000
   • "WebView"=dword:0x00000000

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
   ??:
   • "netsvcs"="6to4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
   Folder\Hidden\SHOWALL]
   ??:
   • "CheckedValue"=dword:0x00000000

 ???? ?????????????????????????????


????:
??????????:
– MS04-007 (ASN.1 ??)
– MS05-039 (????????)
 MS06-040 (?????????)

 ???? – ??????????????

    ???:
   • svchost.exe


 ??  ??????????? Internet ??:
   • http://checkip.dyndns.org


Mutex:
?????? Mutex:
   • dvkwjdesgb
   • jqvvgoiocfv

 ?????? ????:
????????? MS Visual C++ ????


???????:
???????????????????????????????

설명 삽입자 Petre Galan   2010년 11월 5일 금요일
설명 업데이트 Andrei Ivanes   2010년 11월 11일 목요일

뒤로 . . . .
https:// 이 창은 보안을 위해 암호화되었습니다.