Need help? Ask the community or hire an expert.
Go to Avira Answers
??:Worm/Warezov.DLL.C
????:13/12/2012
??:??
????:?
????????????
??/?????????
?? / ????????????
????:?
????:153.128 ??
MD5 ???:6d5b6945f50dc801208525936d5c24b9
VDF ??:7.11.53.216 - 13 Aralık 2012 Perşembe
IVDF ??:7.11.53.216 - 13 Aralık 2012 Perşembe

 ???? ????:
   • ????


??:
   •  Mcafee: W32/Stration@MM
   •  Kaspersky: Email-Worm.Win32.Warezov.ab
   •  TrendMicro: WORM_STRATION.BC
   •  F-Secure: Email-Worm.Win32.Warezov.ab
   •  Eset: Win32/Stration.AR


??/????:
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


???:
   • ??????????
   • ??????
   • ???????????
   • ????????
   • ?????


?????????????:


 ?? ???????????:
   • %WINDIR%\tsrv.exe



??????:

– ??????????????:
   • %WINDIR%\tsrv.wax

%HOME%\Desktop\%?????????%.tmp ???????????????????:
   • %?????%

%SYSDIR%\msji449c14b7.dll ?????????????????? ???: Worm/Stration

%SYSDIR%\cmut449c14b7.dll ?????????????????? ???: Worm/Warezov.AB

%SYSDIR%\hpzl449c14b7.exe ?????????????????? ???: Worm/Warezov.AB.2

%WINDIR%\tsrv.dll ?????????????????? ???: Worm/Warezov.AB.1

 ??? ????????????????????????:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   • "tsrv"="%WINDIR%\tsrv.exe s"



?????????:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
   ??:
   • "AppInit_DLLs"=""
   ??:
   • "AppInit_DLLs"=" msji449c14b7.dll"

 ???? ?????? SMTP ???????????? ?????????????? ?????????:


???:
?????????
???????? ???????????????????????? ??????????????????????????? ???????????????????????????? ??????????


???:
– ????????????????????
 ? WAB (Windows ???) ??????????
– ???????


??????:



???: sec@%???????%
??: Mail server report.
??:
   • Mail server report.
     
     Our firewall determined the e-mails containing worm copies are being sent from your computer.
     Nowadays it happens from many computers, because this is a new virus type (Network Worms).
     Using the new bug in the Windows, these viruses infect the computer unnoticeably.
     After the penetrating into the computer the virus harvests all the e-mail addresses and sends the copies of itself to these e-mail
     addresses
     Please install updates for worm elimination and your computer restoring.
     
     Best regards,
     Customers support service
??:
   • Update-KB%??%-x86.exe



???: secur@%???????%
??: Mail server report.
??:
   • Mail server report.
     
     Our firewall determined the e-mails containing worm copies are being sent from your computer.
     Nowadays it happens from many computers, because this is a new virus type (Network Worms).
     Using the new bug in the Windows, these viruses infect the computer unnoticeably.
     After the penetrating into the computer the virus harvests all the e-mail addresses and sends the copies of itself to these e-mail
     addresses
     Please install updates for worm elimination and your computer restoring.
     
     Best regards,
     Customers support service
??:
   • Update-KB%??%-x86.exe



???: serv@%???????%
??: Mail server report.
??:
   • Mail server report.
     
     Our firewall determined the e-mails containing worm copies are being sent from your computer.
     Nowadays it happens from many computers, because this is a new virus type (Network Worms).
     Using the new bug in the Windows, these viruses infect the computer unnoticeably.
     After the penetrating into the computer the virus harvests all the e-mail addresses and sends the copies of itself to these e-mail
     addresses
     Please install updates for worm elimination and your computer restoring.
     
     Best regards,
     Customers support service
??:
   • Update-KB%??%-x86.exe


??:
??????:
   • Error
   • Good day
   • hello
   • Mail Delivery System
   • Mail Transaction Failed
   • picture
   • Server Report
   • Status
   • test



??:
???????????:

   • Mail transaction failed. Partial message is available.

   • The message cannot be represented in 7-bit ASCII encoding
     and has been sent as a binary attachment

   • The message contains Unicode characters and has been sent
     as a binary attachment.


??:
????????????:

–  ??????????:
   • body
   • data
   • doc
   • docs
   • document
   • file
   • message
   • readme
   • test
   • text

    ??????????:
   • .elm
   • .msg
   • .dat
   • .txt
   • .log

    ?????????????:
   • .bat
   • .exe
   • .scr
   • .cmd
   • .pif

??????????????



??????????:



 ?? ???????????????:

?????????????????

?????????:
   • download.microsoft.com
   • go.microsoft.com
   • msdn.microsoft.com
   • office.microsoft.com
   • windowsupdate.microsoft.com
   • http://www.microsoft.com/downloads/Search.aspx?displaylang=en
   • avp.ru
   • www.avp.ru
   • http://avp.ru
   • http://www.avp.ru
   • kaspersky.ru
   • www.kaspersky.ru
   • http://kaspersky.ru
   • kaspersky.com
   • www.kaspersky.com
   • http://kaspersky.com
   • kaspersky-labs.com
   • www.kaspersky-labs.com
   • http://kaspersky-labs.com
   • avp.ru/download/
   • www.avp.ru/download/
   • http://www.avp.ru/download/
   • http://www.kaspersky.ru/updates/
   • http://www.kaspersky-labs.com/updates/
   • http://kaspersky.ru/updates/
   • http://kaspersky-labs.com/updates/
   • downloads1.kaspersky-labs.com
   • downloads2.kaspersky-labs.com
   • downloads3.kaspersky-labs.com
   • downloads4.kaspersky-labs.com
   • downloads5.kaspersky-labs.com
   • http://downloads1.kaspersky-labs.com
   • http://downloads2.kaspersky-labs.com
   • http://downloads3.kaspersky-labs.com
   • http://downloads4.kaspersky-labs.com
   • http://downloads5.kaspersky-labs.com
   • downloads1.kaspersky-labs.com/products/
   • downloads2.kaspersky-labs.com/products/
   • downloads3.kaspersky-labs.com/products/
   • downloads4.kaspersky-labs.com/products/
   • downloads5.kaspersky-labs.com/products/
   • http://downloads1.kaspersky-labs.com/products/
   • http://downloads2.kaspersky-labs.com/products/
   • http://downloads3.kaspersky-labs.com/products/
   • http://downloads4.kaspersky-labs.com/products/
   • http://downloads5.kaspersky-labs.com/products/
   • downloads1.kaspersky-labs.com/updates/
   • downloads2.kaspersky-labs.com/updates/
   • downloads3.kaspersky-labs.com/updates/
   • downloads4.kaspersky-labs.com/updates/
   • downloads5.kaspersky-labs.com/updates/
   • http://downloads1.kaspersky-labs.com/updates/
   • http://downloads2.kaspersky-labs.com/updates/
   • http://downloads3.kaspersky-labs.com/updates/
   • http://downloads4.kaspersky-labs.com/updates/
   • http://downloads5.kaspersky-labs.com/updates/
   • ftp://downloads1.kaspersky-labs.com
   • ftp://downloads2.kaspersky-labs.com
   • ftp://downloads3.kaspersky-labs.com
   • ftp://downloads4.kaspersky-labs.com
   • ftp://downloads5.kaspersky-labs.com
   • ftp://downloads1.kaspersky-labs.com/products/
   • ftp://downloads2.kaspersky-labs.com/products/
   • ftp://downloads3.kaspersky-labs.com/products/
   • ftp://downloads4.kaspersky-labs.com/products/
   • ftp://downloads5.kaspersky-labs.com/products/
   • ftp://downloads1.kaspersky-labs.com/updates/
   • ftp://downloads2.kaspersky-labs.com/updates/
   • ftp://downloads3.kaspersky-labs.com/updates/
   • ftp://downloads4.kaspersky-labs.com/updates/
   • ftp://downloads5.kaspersky-labs.com/updates/
   • http://updates.kaspersky-labs.com/updates/
   • http://updates1.kaspersky-labs.com/updates/
   • http://updates2.kaspersky-labs.com/updates/
   • http://updates3.kaspersky-labs.com/updates/
   • http://updates4.kaspersky-labs.com/updates/
   • ftp://updates.kaspersky-labs.com/updates/
   • ftp://updates1.kaspersky-labs.com/updates/
   • ftp://updates2.kaspersky-labs.com/updates/
   • ftp://updates3.kaspersky-labs.com/updates/
   • ftp://updates4.kaspersky-labs.com/updates/
   • viruslist.com
   • www.viruslist.com
   • http://viruslist.com
   • viruslist.ru
   • www.viruslist.ru
   • http://viruslist.ru
   • ftp://ftp.kasperskylab.ru/updates/
   • symantec.com
   • www.symantec.com
   • http://symantec.com
   • customer.symantec.com
   • http://customer.symantec.com
   • liveupdate.symantec.com
   • http://liveupdate.symantec.com
   • liveupdate.symantecliveupdate.com
   • http://liveupdate.symantecliveupdate.com
   • securityresponse.symantec.com
   • http://securityresponse.symantec.com
   • service1.symantec.com
   • http://service1.symantec.com
   • symantec.com/updates
   • http://symantec.com/updates
   • updates.symantec.com
   • http://updates.symantec.com
   • eset.com/
   • www.eset.com/
   • http://www.eset.com/
   • eset.com/products/index.php
   • www.eset.com/products/index.php
   • http://www.eset.com/products/index.php
   • eset.com/download/index.php
   • www.eset.com/download/index.php
   • http://www.eset.com/download/index.php
   • eset.com/joomla/
   • www.eset.com/joomla/
   • http://www.eset.com/joomla/
   • u3.eset.com/
   • http://u3.eset.com/
   • u4.eset.com/
   • http://u4.eset.com/
   • www.symantec.com/updates




????hosts ???????:


 ???? –  ?????????????: tsrv.dll

    ???:
   • %?????????%


 ?????? ????:
????????? MS Visual C++ ????


???????:
????????????????????????????????:
   • MEW

Açıklamayı yerleştiren Adriana Popa tarihinde 26 Eylül 2006 Salı
Açıklamayı güncelleyen: Adriana Popa tarihinde 26 Eylül 2006 Salı

Geri . . . .
https:// Bu pencere güvenlik amacıyla şifrelenmiştir.