Нужен совет? Обратитесь за помощью к сообществу или специалистам.
Перейти к Avira Answers
???:Worm/Rbot.78808
?????????:21/11/2005
???:?????
? ???????? ????????:??
?????????? ????? ?????????:??????
????????? ???????????????:???????
????????? ???????????:???????
???? ??????????:??
?????? ?????:78.808 ????.
??????????? ????? MD5:b68e656d8281c44c1c04f3a1c8ad3cf4
?????? VDF:6.32.00.202

 ????? ????? ???????????????:
   • ????????? ????


?????????? (?liases):
   •  Kaspersky: Backdoor.Win32.Rbot.gen
   •  TrendMicro: WORM_RBOT.DAQ
   •  F-Secure: Backdoor.Win32.Rbot.gen
   •  Sophos: W32/Rbot-Fam
   •  Panda: W32/Gaobot.LJN.worm
   •  VirusBuster: Worm.RBot.DAY
   •  Eset: Win32/Rbot
   •  Bitdefender: Backdoor.Rbot.CPQ


???????????? ???????:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


???????????:
   • ????????????? ? ?????????? ????????? ? ?????????? ???????
   • ????????? ???????
   • ?????????? ?????????? ??
   • ????????? ?????????????????? ???????????? ? ??????????

 ????? ????????? ??????????? ?????:
   • %SYSDIR%\svchsot.exe



??????????? ????? ????????? ?????????.

 ?????? ??????????? ????? ??????? ??? ?????????? ??????? ????????? ????? ???????????? ???????.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   • "MicroSft Personal Firewall"="svchsot.exe"

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
   • "MicroSft Personal Firewall"="svchsot.exe"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
   • "MicroSft Personal Firewall"="svchsot.exe"



?????????? ????????? ????? ???????:

HKLM\SOFTWARE\Microsoft\Ole
   ??????? ????????:
   • "EnableDCOM"=%????????? ????????????%
   ????? ????????:
   • "EnableDCOM"="N"

HKLM\SYSTEM\CurrentControlSet\Control\Lsa
   ??????? ????????:
   • "restrictanonymous"=%????????? ????????????%
   ????? ????????:
   • "restrictanonymous"=dword:00000001

 ??????? ????????????? ??????????? ????????? ???????? ?????????? ?????????? ? ?????? ??????????? ??? ????? ??????????? ???????????????. ??????????? ?????????? ?????.

????? ??????? ?????????? ? ????????? ??????? ??????? ?????? ???????:
   • IPC$
   • C$
   • C$\windows\system32
   • c$\winnt\system32
   • ADMIN$\system32\
   • ADMIN$


??? ??????????? ??????? ? ?????????? ?????????? ???????????? ????????? ??????????????? ??????????:

?????????????? ????? ????????????? ? ??????.

?????? ???? ????????????? ? ???????:
   • intranet; lan; main; winpass; blank; office; control; nokia; siemens;
      compaq; dell; cisco; ibm; orainstall; sqlpassoainstall; sql; db1234;
      db1; databasepassword; data; databasepass; dbpassword; dbpass; access;
      domainpassword; domainpass; domain; hello; hell; god; sex; slut;
      bitch; fuck; exchange; backup; technical; loginpass; login; mary;
      katie; kate; george; eric; chris; ian; neil; lee; brian; susan; sue;
      sam; luke; peter; john; mike; bill; fred; joe; jen; bob; qwe; zxc;
      asd; qaz; win2000; winnt; winxp; win2k; win98; windows; oeminstall;
      oemuser; oem; user; homeuser; home; accounting; accounts; internet;
      www; web; outlook; mail; qwerty; null; server; system; changeme;
      linux; unix; demo; none; test; 2004; 2003; 2002; 2001; 2000;
      1234567890; 123456789; 12345678; 1234567; 123456; 12345; 1234; 123;
      007; pwd; pass; pass1234; passwd; password; password1; adm; db2;
      oracle; dba; database; default; guest; wwwadmin; teacher; student;
      owner; computer; staff; admins; administrat; administrateur;
      administrador; administrator



????????:
???????????? ????????? ????? ? ????????????:
– MS03-026 (???????????? ?????? RPC Interface)
– MS03-039 (???????????? ?????? RPCSS Service)
– MS04-011 (?????????? LSASS)


????????? IP ???????:
????????? ????????? IP ??????. ?????? ??? ????? ?????????? IP ?????? ????????? ? ???????? ???????????. ?????????????? ??????? ?????????? ?????????? ? ???? ???????.


??????? ?????????????:
?? ????????? ?????????? ????????? TFTP ??? FTP ??????. ?? ????????? ???????????? ??????? ????????? ?? ????????? ?????????.


????????? ?????????:
?????????????? ??????? ??????? ??????????? ????????? ?? ????? ?????????? ??????????. ??? ????????????? ? ??????? ??????? NetScheduleJobAdd.

 IRC ??? ???????? ????????? ?????????? ? ????????? ?????????? ?????????? ?????????? ??????????? ? IRC ???????:

??????: unixguy.hack**********
????: 8877
?????? ???????: guy
?????: #LLiFee#
???: USA| %????????? ?????????? ?? ????? ????%
??????: guy



 ?????? ??????????? ????????? ???????? ???????? ? ?????????? ????????? ??????????:
    • ?????????? ??????????? ??????
    • ?????????? ??????? ???-??????
    • ???????? ??????????
    • ??????? ????????????
     ?????????? ? ????????
    • ????????? ????? ?? ?????
    • ????????? ??????????? ??????
    • ?????????? ? ????
    • ?????????? ? ?????????? ?????????
    • ????? ??????
    • ????????? ?????
    • ??? ????????????
    • ?????????? ?? ???????????? ??????? Windows


 ??????????? ????????? ???????? ???????????? ????????? ????????? ????????:
     ?????? DDoS ICMP ?????
     ?????? DDoS SYN ?????
    • ??????????? DDoS TCP ?????
     ??????????? DDoS UDP ?????
    • ????????? DCOM
    • ????????? ??????? ????? ?????? ???????
    • ????????? ????
    • ???????? DCOM
    • ?????????? ??????? ????? ?????? ???????
    • ????????? ????
    • ?????????? ???????
    • ???????? ?????????? ??????????
    • ?????????? DDoS ?????
     ???????? ????
    • ????????????? ????
     ??????????? ??????
    • ????????????? ???????
    • ????????? ??????????? ?????
     ?????? ????????? ???????? ??????????
     ?????? ????????? ???????????????
    • ??????? ???????????? ??????? ?????????
    • ?????????? ???????
     ??????????? ??????????????
    • ????????? ????
     ????????? ???-????????

 ????? ??????? ????? ????????? ??????????:
– Windows Produkt ID

CD ?????:
   • Battlefield 1942; Battlefield 1942 (Road To Rome); Battlefield 1942
      (Secret Weapons of WWII); Battlefield Vietnam; Black and White;
      Command & Conquer Generals; Command and Conquer: Generals (Zero Hour);
      Command and Conquer: Red Alert 2; Command and Conquer: Tiberian Sun;
      Counter-Strike (Retail); Chrome; FIFA 2002; FIFA 2003; Freedom Force;
      Global Operations; Gunman Chronicles; Half-Life; Hidden & Dangerous 2;
      IGI 2: Covert Strike; Industry Giant 2; James Bond 007: Nightfire;
      Legends of Might and Magic; Medal of Honor: Allied Assault; Medal of
      Honor: Allied Assault: Breakthrough; Medal of Honor: Allied Assault:
      Spearhead; Nascar Racing 2002; Nascar Racing 2003; Need For Speed Hot
      Pursuit 2; Need For Speed: Underground; Neverwinter Nights;
      Neverwinter Nights (Hordes of the Underdark); Neverwinter Nights
      (Shadows of Undrentide); NHL 2003; NHL 2002; NOX; Rainbow Six III
      RavenShield; Shogun: Total War: Warlord Edition; Soldier of Fortune II
      - Double Helix; Soldiers Of Anarchy; The Gladiators; Unreal Tournament
      2003; Unreal Tournament 2004

??????????? ??????? ??????. ????? ????????? ??????????????????? ????????:
   • :.login; :,login; :!login; :@login; :$login; :%login; :^login;
      :*login; :-login; :+login; :/login; :\login; :=login; :?login;
      :'login; :`login; :~login; : login; :.auth; :,auth; :!auth; :@auth;
      :$auth; :%auth; :^auth; :&auth; :*auth; :-auth; :+auth; :/auth;
      :\auth; :=auth; :?auth; :'auth; :`auth; :~auth; : auth; :.id; :,id;
      :!id; :@id; :$id; :%id; :^id; :&id; :*id; :-id; :+id; :/id; :\id;
      :=id; :?id; :'id; :`id; :~id; : id; :.hashin; :!hashin; :$hashin;
      :%hashin; :.secure; :!secure; :.l; :!l; :$l; :%l; :.x; :!x; :$x; :%x;
      :.syn; :!syn; :$syn; :%syn

?????? ??????? ???????????????? ??? ????????? ???-???????? ? ????? ?? ????????? ??????????????????? ? URL:
   • paypal.com
   • PAYPAL.com

 ???????????????:
     ??????? ??????
     ??????????????? ??????????

 ?????? ???????:
????????? ???????:
   • BoT

 ?????? ????? ???? ????????????????:
????????? ???? ???????? ?? MS Visual C++.


????????:
??? ?????????? ??????????? ? ?????????? ??????? ????? ?? ??? ????????? ????????? ??????????:

Описание добавил Irina Boldea в(о) четверг, 6 апреля 2006 г.
Описание обновил Irina Boldea в(о) среда, 19 апреля 2006 г.

Назад . . . .
https:// Это окно зашифровано для вашей безопасности.