Нужен совет? Обратитесь за помощью к сообществу или специалистам.
Перейти к Avira Answers
???:TR/Fake.Rean.1990
?????????:19/05/2011
???:????????? ?????????
? ???????? ????????:??
?????????? ????? ?????????:??????
????????? ???????????????:??????
????????? ???????????:?? ??????? ?? ????????
???? ??????????:??
?????? ?????:335.872 ????.
??????????? ????? MD5:43B180A31F429FEF227317D8ACDD764B
?????? VDF:7.11.08.62 - четверг, 19 мая 2011 г.
?????? IVDF:7.11.08.62 - четверг, 19 мая 2011 г.

 ????? ????? ???????????????:
   • ??? ??????????? ????????? ???????????????


?????????? (?liases):
   •  TrendMicro: TROJ_GEN.F43EZF2
   •  Sophos: Mal/FakeAV-JR
     Microsoft: Rogue:Win32/FakeRean


???????????? ???????:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows 7


???????????:
   • ????????? ?????? ? ???-????????? IT-security ????????
   • ??????? ?????
   • ??????? ??????? ???????? ????????????
   • ????????? ???????


????? ??????? ?????????? ????????? ??????????:




 ????? ????????? ??????????? ?????:
   • %HOME%\Local Settings\Application Data\%????????? ????????? ??????????%.exe



??????????? ????? ????????? ?????????.



????????? ????????? ?????:

%TEMPDIR%\yhbg3tg3h3g4h14025p2238o573nc128353y14f7
%ALLUSERSPROFILE%\Application Data\yhbg3tg3h3g4h14025p2238o573nc128353y14f7
%HOME%\Local Settings\Application Data\yhbg3tg3h3g4h14025p2238o573nc128353y14f7
%TEMPDIR%\yhbg3tg3h3g4h14025p2238o573nc128353y14f7
%HOME%\Templates\yhbg3tg3h3g4h14025p2238o573nc128353y14f7

 ?????? ??????????? ????????? ????? ???????:

[HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\
   FirewallPolicy\StandardProfile]
   • "DoNotAllowExceptions"=dword:00000000
   • "EnableFirewall"=dword:00000000
   • "DisableNotifications"=dword:00000001

[HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\
   FirewallPolicy\DomainProfile]
   • "EnableFirewall"=dword:00000000
   • "DoNotAllowExceptions"=dword:00000000
   • "DisableNotifications"=dword:00000001

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "ctfmon.exe"="%SYSDIR%\ctfmon.exe"

[HKCR\.exe\shell\open\command]
   • "(Default)"="\"%HOME%\Local Settings\Application Data\\%????????? ????????? ??????????%.exe\" -a \"%1\" %*"
   • "IsolatedCommand"="\"%1\" %*"

[HKCR\exefile\shell\open\command]
   • "(Default)"="\"%HOME%\Local Settings\Application Data\\%????????? ????????? ??????????%.exe\" -a \"%1\" %*"
   • "IsolatedCommand"="\"%1\" %*"

[HKCR\exefile\shell\runas\command]
   • "(Default)"="\"%1\" %*"
   • "IsolatedCommand"="\"%1\" %*"

[HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\
   command]
   • "(Default)"="\"%HOME%\Local Settings\Application Data\\%????????? ????????? ??????????%.exe\" -a \"%PROGRAM FILES%\Intern"



?????????? ????????? ???? ???????:

[HKLM\SOFTWARE\Microsoft\Security Center]
   ????? ????????:
   • "AntiVirusDisableNotify"=dword:00000001
   • "FirewallDisableNotify"=dword:00000001
   • "FirewallOverride"=dword:00000001
   • "UpdatesDisableNotify"=dword:00000001
   • "AntiVirusOverride"=dword:00000001

 ????????????? ??????????? ? ??????? ? ???????? ?????????? ???????????? ??????.

    ??? ????????:
   • iexplore.exe


 ?????? ?????? ? ????????-????????:
   • **********ifyzadiby.com/1015001512;
      **********upinycom.com/1015001512;
      **********ecolun.com/1015001512;
      **********epelihyzex.com/1015001512;
      **********eriwihat.com/1015001512;
      **********idicawisos.com/1015001512;
      **********ipabamefuw.com/1015001512;
      **********ucerybaqecy.com/1015001512;
      **********ylocimemyja.com/1015001512;
      **********oralipijago.com/1015001512;
      **********ykacagatet.com/1015001512;
      **********ipemura.com/1015001512;
      **********ulipum.com/1015001512;
      **********awekugygil.com/1015001512;
      **********ujykolenuja.com/1015001512

Описание добавил Andrei Ilie в(о) четверг, 11 августа 2011 г.
Описание обновил Andrei Ilie в(о) четверг, 11 августа 2011 г.

Назад . . . .
https:// Это окно зашифровано для вашей безопасности.