Need help? Ask the community or hire an expert.
Go to Avira Answers
??:Worm/Rbot.70124
????:13/12/2012
??:??
????:?
????????????
??/?????????
?? / ?????????
????:?
????:70.124 ??
MD5 ???:5d60c68d65f9603cc58d8598fb7c188d
VDF ??:7.11.53.216

 ???? ????:
   • ????


??:
   •  Symantec: W32.Spybot.Worm
   •  Kaspersky: Backdoor.Win32.Rbot.aeu
   •  TrendMicro: WORM_RBOT.DLL
   •  F-Secure: Backdoor.Win32.Rbot.aeu
   •  Sophos: W32/Rbot-Fam
   •  Panda: W32/Sdbot.GDE.worm
   •  VirusBuster: Worm.RBot.EFW
   •  Bitdefender: Backdoor.RBot.14D26921


??/????:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


???:
   • ?????
   • ??????
   • ?????

 ?? ???????????:
   • %SYSDIR%\svccms.exe



???????????????

 ??? ????????????????????????:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   • "msconfig41"="svccms.exe"

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
   • "msconfig41"="svccms.exe"



?????????:

HKLM\SOFTWARE\Microsoft\Ole
   ??:
   • "EnableDCOM"=%???????%
   ??:
   • "EnableDCOM"="N"

HKLM\SYSTEM\CurrentControlSet\Control\Lsa
   ??:
   • "restrictanonymous"=%???????%
   • "restrictanonymoussam"=%???????%
   ??:
   • "restrictanonymous"=dword:00000001
   • "restrictanonymoussam"=dword:00000001

 ???? ?????????????????????????????

??????????????????:
   • ADMIN$
   • IPC$
   • C$


?????????????????:

?????????

????????:
   • root; computer; owner; student; teacher; wwwadmin; guest; default;
      database; dba; oracle; db2; administrator; administrador;
      administrateur; administrat; admins; admin; adm; password1; password;
      passwd; pass1234; pass; pwd; 007; 123; 1234; 12345; 123456; 1234567;
      12345678; 123456789; 1234567890; 2000; 2001; 2002; 2003; 2004; test;
      guest; none; demo; unix; linux; changeme; default; system; server;
      root; null; qwerty; mail; outlook; web; www; internet; accounts;
      accounting; home; homeuser; user; oem; oemuser; oeminstall; windows;
      win98; win2k; winxp; winnt; win2000; qaz; asd; zxc; qwe; bob; jen;
      joe; fred; bill; mike; john; peter; luke; sam; sue; susan; peter;
      brian; lee; neil; ian; chris; eric; george; kate; bob; katie; mary;
      login; loginpass; technical; backup; exchange; fuck; bitch; slut; sex;
      god; hell; hello; domain; domainpass; domainpassword; database;
      access; dbpass; dbpassword; databasepass; data; databasepassword; db1;
      db2; db1234; sql; sqlpassoainstall; orainstall; oracle; ibm; cisco;
      dell; compaq; siemens; nokia; control; office; blank; winpass; main;
      lan; internet; intranet; student; teacher; staff



????:
??????????:
– MS03-026 (RPC ?????????)
– MS03-039 (RPCSS ?????????)
– MS03-049 (????????????)
– MS04-007 (ASN.1 ??)
– MS04-011 (LSASS ??)


IP ????:
?????? IP ???????????????????? ???????????????????


????:
??????????? TFTP ? FTP ??????????????????


????:
???????????????????????? ???????NetScheduleJobAdd ???

 IRC ????????????????????? IRC ???:

???: newircd.3071et**********
??: 8010
??: #final
??: USA|%?????????%
??: he.he

???: newircd.3071et**********
??: 8010
??: #finaldownload
??: USA|%?????????%
??: he.he



 ??????????????????:
    • CPU ??
    • ????
     ???????????
    • ??????
    • ????
    • ???????
    • ????????
    • ????
    • ???
    • Windows ??????


 ????????????:
     ?? DDoS ICMP ????
     ?? DDoS SYN ????
     ?? DDoS UDP ????
    • ?? DCOM
    • ????????
    • ????
    • ?? DCOM
    • ??????
    • ????
    • ?? IRC ??
    • ????
    • ?? IRC ??
    • ???? Shell
    • ?? DDoS ??
     ??????
     ????
    • ??????
    • ??????
     ??????
    • ????
     ????
    • ????

 ???? ???????:

%SYSDIR%\msgame32.exe ? UDP ??? 69 ???? TFTP ????

 ?? Mutex:
?????? Mutex:
   • shitman11211

 ?????? ????:
????????? MS Visual C++ ????


???????:
???????????????????????????????

Beschrijving ingevoegd door Irina Boldea op vrijdag 7 april 2006
Beschrijving bijgewerkt door Irina Boldea op vrijdag 7 april 2006

Terug . . . .
https:// Dit venster is voor uw veiligheid gecodeerd.