Нужен совет? Обратитесь за помощью к сообществу или специалистам.
Перейти к Avira Answers
???:TR/Fake.Rean.2001
?????????:19/05/2011
???:????????? ?????????
? ???????? ????????:??
?????????? ????? ?????????:??????
????????? ???????????????:??????
????????? ???????????:?? ??????? ?? ????????
???? ??????????:??
?????? ?????:335.872 ????.
??????????? ????? MD5:8F394FBAAA9D38CF40A9154D9F0CD807
?????? VDF:7.11.08.67 - четверг, 19 мая 2011 г.
?????? IVDF:7.11.08.67 - четверг, 19 мая 2011 г.

 ????? ????? ???????????????:
   • ??? ??????????? ????????? ???????????????


?????????? (?liases):
   •  TrendMicro: TROJ_FAKEAL.SMLA
   •  Sophos: Troj/Buzus-GH
     Microsoft: Rogue:Win32/FakeRean


???????????? ???????:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows 7


???????????:
   • ????????? ?????? ? ???-????????? IT-security ????????
   • ??????? ?????
   • ??????? ??????? ???????? ????????????
   • ????????? ???????


????? ??????? ?????????? ????????? ??????????:




 ????? ????????? ??????????? ?????:
   • %HOME%\Local Settings\Application Data\%????????? ????????? ??????????%.exe



??????????? ????? ????????? ?????????.



????????? ????????? ?????:

%TEMPDIR%\a3txu8ye2t3hgfq041111cb6k8we0g0m4
%ALLUSERSPROFILE%\Application Data\a3txu8ye2t3hgfq041111cb6k8we0g0m4
%HOME%\Local Settings\Application Data\a3txu8ye2t3hgfq041111cb6k8we0g0m4
%TEMPDIR%\a3txu8ye2t3hgfq041111cb6k8we0g0m4
%HOME%\Templates\a3txu8ye2t3hgfq041111cb6k8we0g0m4

 ?????? ??????????? ????????? ????? ???????:

[HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\
   FirewallPolicy\StandardProfile]
   • "DoNotAllowExceptions"=dword:00000000
   • "EnableFirewall"=dword:00000000
   • "DisableNotifications"=dword:00000001

[HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\
   FirewallPolicy\DomainProfile]
   • "EnableFirewall"=dword:00000000
   • "DoNotAllowExceptions"=dword:00000000
   • "DisableNotifications"=dword:00000001

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "ctfmon.exe"="%SYSDIR%\ctfmon.exe"

[HKCR\.exe\shell\open\command]
   • "(Default)"="\"%HOME%\Local Settings\Application Data\\%????????? ????????? ??????????%.exe\" -a \"%1\" %*"
   • "IsolatedCommand"="\"%1\" %*"

[HKCR\exefile\shell\open\command]
   • "(Default)"="\"%HOME%\Local Settings\Application Data\\%????????? ????????? ??????????%.exe\" -a \"%1\" %*"
   • "IsolatedCommand"="\"%1\" %*"

[HKCR\exefile\shell\runas\command]
   • "(Default)"="\"%1\" %*"
   • "IsolatedCommand"="\"%1\" %*"

[HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\
   command]
   • "(Default)"="\"%HOME%\Local Settings\Application Data\\%????????? ????????? ??????????%.exe\" -a \"%PROGRAM FILES%\Intern"



?????????? ????????? ???? ???????:

[HKLM\SOFTWARE\Microsoft\Security Center]
   ????? ????????:
   • "AntiVirusDisableNotify"=dword:00000001
   • "FirewallDisableNotify"=dword:00000001
   • "FirewallOverride"=dword:00000001
   • "UpdatesDisableNotify"=dword:00000001
   • "AntiVirusOverride"=dword:00000001

 ????????????? ??????????? ? ??????? ? ???????? ?????????? ???????????? ??????.

    ??? ????????:
   • iexplore.exe


 ?????? ?????? ? ????????-????????:
   • **********ifyzadiby.com/1015001512;
      **********upinycom.com/1015001512;
      **********ecolun.com/1015001512;
      **********epelihyzex.com/1015001512;
      **********eriwihat.com/1015001512;
      **********idicawisos.com/1015001512;
      **********ipabamefuw.com/1015001512;
      **********ucerybaqecy.com/1015001512;
      **********ylocimemyja.com/1015001512;
      **********oralipijago.com/1015001512;
      **********ykacagatet.com/1015001512;
      **********ipemura.com/1015001512;
      **********ulipum.com/1015001512;
      **********awekugygil.com/1015001512;
      **********ujykolenuja.com/1015001512

Описание добавил Andrei Ilie в(о) вторник, 16 августа 2011 г.
Описание обновил Andrei Ilie в(о) вторник, 16 августа 2011 г.

Назад . . . .
https:// Это окно зашифровано для вашей безопасности.