Нужен совет? Обратитесь за помощью к сообществу или специалистам.
Перейти к Avira Answers
???:TR/Spy.Agent.abd
?????????:01/03/2009
???:????????? ?????????
? ???????? ????????:??
?????????? ????? ?????????:?? ??????? ?? ????????
????????? ???????????????:???????
????????? ???????????:???????
???? ??????????:??
?????? ?????:81.920 ????.
??????????? ????? MD5:1695b91b4a13345b9f97527d2d7ca370
?????? IVDF:7.01.02.97 - воскресенье, 1 марта 2009 г.

 ????? ?????? ???????????????:
   • ????????? ????
   • ???????????? ????


?????????? (?liases):
   •  Bitdefender: Trojan.Generic.4661937
   •  Panda: W32/P2Pworm.OJ
   •  Eset: Win32/AutoRun.IRCBot.FC


???????????? ???????:
   • Windows 2000
   • Windows XP
   • Windows 2003


???????????:
   • ????????? ?????????????????? ???????????? ? ??????????
   • ??????? ??????????? ?????
   • ????????? ???????

 ????? ????????? ??????????? ?????:
   • %HOME%\Application Data\jusched.exe
   • %TEMPDIR%\windump.exe



???? ????? ?????????.
%??????? ????? ??????????? ?????????%\%every *.exe file%

?? ????????? ??????????:
   • %??????????? ????%





??????? ????????? ?? ?????????? ????????? ????:

??? ?????:
   • %HOME%\Application Data\jusched.exe

 ?????? ??????????? ???? ??????? ??? ?????????? ??????? ???????? ????? ???????????? ???????.

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "SunJavaUpdateSched"="%HOME%\Application Data\jusched.exe"

 P2P ??????????????? ??? ????????????? ?????? ?????? ? ???????????? ???? ????????:   ???????????? ????? ?????????? ???? ?? ????????? ??????????????????? ?????? ?????
   • my music\imesh\; frostwire\saved\; frostwire\shared\; limewire\saved\;
      my music\bearshare\; shareaza downloads\; winmx\shared\; tesla\files\;
      limewire\shared\; morpheus\my shared folder\; emule\incoming\;
      edonkey2000\incoming\; bearshare\shared\; grokster\my grokster\;
      icq\shared folder\; kazaa lite k++\my shared folder\; kazaa lite\my
      shared folder\; kazaa\my shared folder\

   ?????????? ????? ????????? ??????????? ????? ?????? ???????:
   • E$
   • D$
   • C$
   • ADMIN$

   ??? ???????? ?????????? ?????? ????????? ????????? ?????:
   • RuneScape 2010 - Newest Exploits.exe; Yamicsoft Windows 7 Manager v1 1
      8 x64.exe; Microsoft Windows Home Server 2010 Build 7360.exe; 3delite
      MP3 Stream Editor v3 4 4 1980 WinALL.exe; Error Repair Professional 4
      1 3 AT4RE DM999.exe; cute dogs screensaver.exe; Babylon 8 - Instant
      translation tool.exe; Recover Keys v3 0 3 7-MAZE.exe; Uniture Memory
      Booster v6 1 0 5158-MESMERiZE.exe; redsn0w-win 0 8.exe; WinRAR-3 91
      Full + Keymaker.exe; Sony Vegas Pro 9.0 Full.exe; LimeWire Pro.exe;
      Adobe Photoshop CS4 Extended + Keygen + Activation.exe; Setup OneCare
      for Windows 7.exe; YouTube Downloader all Access.exe; MS Office 2007
      Activation KeyGen.exe;
      LimeWire.Pro.v5.4.6.1.Multilingual.Retail-ZWT.exe; DiceRoller2 0.exe;
      Adobe Dreamweaver CS4 Keygen.exe; Xilisoft 3GP Video Converter v5 1 26
      1231 Key.exe; Xilisoft Apple TV Video Converter v5 1 26 1030 Inc.exe;
      Xilisoft AVI MPEG Converter v5 1 26 1030 Keyg.exe; Xilisoft AVI MPEG
      Joiner v1 0 34 1012 Keygen.exe; Xilisoft Blackberry Ringtone Maker v1
      0 12 1204.exe; Xilisoft Blu Ray Ripper v5 2 4 0108 Keygen.exe;
      Xilisoft Burn Pro v1 0 64 0112 Keygen.exe; Xilisoft CD Ripper v1 0 47
      0904 Keygen.exe; Atomix Virtual DJ v6.0.2 FINAL Professional.exe;
      WinZip PRO v12.1 + Serials.exe; Driver Genius Professional 2009 9.0.0
      Build 186.exe; Microsoft Office 2010 Enterprise Corporate Edition.exe;
      Diskeeper 2010 Pro Premier v14 0 900t Final.exe; Dr Web AntiVirus v5 0
      10 11260 R-EAT.exe; Autorun Virus Remover v2 3 1022-Lz0.exe; CleanMyPC
      Registry Cleaner v4 02-TE.exe; Diskeeper 2010 Pro Premier v14 0
      900.exe; Website X5 Designer v7.7 WYSIWYG Website Creator.exe; Windows
      7 Toolkit v1.8 activations+full suite.exe; Microsoft Office
      Professional Plus x32 x64 2010.exe; Adobe Photoshop CS4 KeyGen.exe;
      ScreenCapture; DesktopCalendar.exe; Web Dumper 3.1.1 Keygen.exe; Adobe
      Photoshop CS3 patch.exe; Loaris Trojan Remover 1.2.0 Patch.exe; Trojan
      Killer 2.0.6.4 Patch.exe; WinRAR 3.92 Final.exe; RAR Password Recovery
      Magic v6 1 1 172-BEAN.exe; Borderlands Proper-Razor1911.exe; Microsoft
      AutoCollage 2008.exe; Microsoft Office Accounting Professional
      2009.exe; Miscrosoft Office Ultimate 2007.exe; facebook for
      dummies.exe; kaspersky license key 2010.exe; office 2007
      activation.exe; paypal hack 2010.exe; Garmin mobile xt keygen.exe;
      Windows 2008 Server KeyGen.exe


 ??????? ????????????? ??????????? ????????? ???????? ?????????? ?????????? ? ?????? ??????????? ??? ????? ??????????? ???????????????. ??????????? ?????????? ?????.


??? ??????????? ??????? ? ?????????? ?????????? ???????????? ????????? ??????????????? ??????????:

?????? ???????:
   • www; start; testing; abcde; 911; 111; 777; apple; apollo13; 123abc;
      abcd; aaa; 2000; 2004; 2005; 2006; system; hacker; boss; intranet;
      hell; sam; siemens; nokia; mysql; oracle; sexy; sex; qwe; qw; pwd;
      test; user; web; winpass; winnt; win95; win98; win2k; win2000;
      pass1234; pass; linux; loginpass; login; server; home; database; data;
      bitch; winxp; internet; ibm; billy; bob; command; access; 1234567890;
      123456789; 12345678; 1234567; 123456; 12345; 1234; 123; 007; awerty;
      qwerty; default; wwwadmin; computer; owner; root; guest;
      amministratore; administrator; admins; admin; andy; nepenthes;
      currentuser


 IRC ??? ???????? ????????? ?????????? ? ????????? ?????????? ?????????? ?????????? ??????????? ? IRC ???????:

??????: ybtva.vcjubvf.**********.hx
????: 47221
?????: #uobg-ohl
???: USA|XP|USER-289AF73617|%?????%

 Backdoor ????????????? ?????????? ? ????????
?????????:
   • 204.60.13**********.18:4444 (TCP)


 ?????? ???????:
????????? ???????:
   • aNoThErPeZeZeZergqde

 ?????? ????? ???? ????????????????:
????????? ???? ???????? ?? MS Visual C++.


????????:
??? ?????????? ??????????? ? ?????????? ??????? ????? ?? ??? ????????? ????????? ??????????:

Описание добавил Petre Galan в(о) пятница, 17 декабря 2010 г.
Описание обновил Petre Galan в(о) пятница, 17 декабря 2010 г.

Назад . . . .
https:// Это окно зашифровано для вашей безопасности.