로그인
님 환영합니다
Language:
한국어
English
Deutsch
Français
Español
Italiano
Nederlands
Português
Türkçe
Русский
日本語
简体中文
繁體中文
한국어
저희 회사 및 제품에 대한 자세한 정보는 저희
글로벌 웹사이트
에서 보실 수 있습니다.
개인용
기업용
고객지원
연락처
Search
요약
전체 설명
통계
Alias:
Win32.Weird, W95.Weird
Type:
Worm
Size:
Origin:
Date:
00-00-0000
Damage:
W95/Weird.10240.a creates various files.
VDF Version:
Danger:
Low
Distribution:
Low
Technical Details
W95/Weird.10240.a inserts a hidden process, opens an IP address and waits for instructions. This hidden process resembles other Client/ Server Trojans, as NetBus, Backdoor and BackOrifice.
When the infected file is opened, the virus creates a 10KB file in C:\WinDIR containing the virus code. The name of this file is based on the computer name of the infected system. This file contains the server application.
Then, the virus creates a copy of Explorer.exe in C:\WinDIR. This file has the same name, but another extension, as for example Explorer.3. This new file is infected and it replaces Explorer.exe using an entry in WININIT.INI. When Windows is restarted, the infected version of Explorer is activated.
Supplementary information, for Windows 2000 users only:
It looks like the virus can not infect Windows 2000 systems. It can not create the 10KB file in \Winnt. But it makes a virus copy of Explorer.exe in \Windows. It still makes the entry in WININIT.INI, which supposedly replaces Explorer.exe with the infected file when Windows restarts. But it does not happen and the WININIT.INI remains unchanged.
설명 삽입자 Crony Walker 2004년 6월 15일 화요일
뒤로
.
.
.
.
내 계정
https
://
이 창은 보안을 위해 암호화되었습니다.
로그인
비밀번호 분실
비밀번호 재설정
내 프로필
제품
결제 기록
알림
비밀번호 재설정
문의처
로그아웃
