Need help? Ask the community or hire an expert.
Go to Avira Answers
??:TR/Spy.109568.14
????:13/12/2012
??:?????
????:?
????????????????
??/????????????
?? / ?????????
????:?
????:109.568 ??
MD5 ???:c233fc38820506102d47e03c3de4362e
VDF ??:7.11.53.216 - 2012년 12월 13일 목요일
IVDF ??:7.11.53.216 - 2012년 12월 13일 목요일

 ???? ????:
    Messenger


??:
   •  Kaspersky: Trojan.Win32.Agent.gvmi
   •  Bitdefender: Trojan.Agent.ARGO
   •  Panda: W32/OscarBot.YX.worm
     GData: Trojan.Agent.ARGO


??/????:
   • Windows 2000
   • Windows XP
   • Windows 2003


???:
   • ?????
   • ??????
   • ????????
   • ?????

 ?? ???????????:
   • %WINDIR%\jusched.exe
   • %WINDIR%\jusched.exb



???????????????




??????????:

???:
   • netsh firewall add allowedprogram 1.exe 1 ENABLE


???:
   • %WINDIR%\jusched.exe


???:
   • explorer.exe http://browseusers.myspace.com/Browse/Browse.aspx


???:
   • net stop wuauserv


???:
   • sc config wuauserv start= disabled


???:
   • net1 stop wuauserv

 ??? ????????????????????????:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "Java developer Script Browse"="%WINDIR%\jusched.exe"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\
   Install\Software\Microsoft\Windows\CurrentVersion\Run]
   • "Java developer Script Browse"="%WINDIR%\jusched.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   • "Java developer Script Browse"="%WINDIR%\jusched.exe"



???????????? Windows XP ???:

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\
   FirewallPolicy\StandardProfile\AuthorizedApplications\List]
   • "%?????%"="%WINDIR%\jusched.exe:*:Enabled:Java
      developer Script Browse"

 Messenger ???? Messenger ???? ?????????:

 AIM Messenger
 Skype
 Yahoo Messenger

? URL ??????????????? ????????????????????????

 IRC ????????????????????? IRC ???:

???: 41.160.14**********.53
??: 2345
??: #!gf!
??: NEW-[USA|00|P|%??%]

 ?? ?? Internet ???
   • http://browseusers.myspace.com/Browse/**********
   • http://200.223.159.82/**********


Mutex:
?????? Mutex:
   • Micro Upe

 ?????? ????:
????????? MS Visual C++ ????


???????:
???????????????????????????????

설명 삽입자 Petre Galan   2011년 4월 15일 금요일
설명 업데이트 Petre Galan   2011년 4월 15일 금요일

뒤로 . . . .
https:// 이 창은 보안을 위해 암호화되었습니다.