Need help? Ask the community or hire an expert.
Go to Avira Answers
??:Worm/IrcBot.72704.2
????:13/12/2012
??:??
????:?
????????????????
??/????????????
?? / ?????????
????:?
????:72.704 ??
MD5 ???:2a91f0e5cee1d0498ead2ba35c92c5e7
VDF ??:7.11.53.216 - 13 Aralık 2012 Perşembe
IVDF ??:7.11.53.216 - 13 Aralık 2012 Perşembe

 ???? ????:
    Messenger


??:
   •  Bitdefender: Win32.Worm.Palevo.BN
   •  Panda: BCK/IRCBot.CYN
   •  Eset: IRC/SdBot


??/????:
   • Windows 2000
   • Windows XP
   • Windows 2003


???:
   • ?????
   • ????????
   • ??????
   • ??????
   • ?????

 ?? ???????????:
   • %WINDIR%\jusched.exe
   • %WINDIR%\jusched.exb



???????????????




????????:

???????:
   • http://208.43.36.96/**********




??????????:

???:
   • net stop MsMpSvc


???:
   • net1 stop MsMpSvc


???:
   • netsh firewall add allowedprogram 1.exe 1 ENABLE


???:
   • %WINDIR%\jusched.exe


???:
   • explorer.exe http://browseusers.myspace.com/Browse/Browse.aspx


???:
   • net stop wuauserv


???:
   • sc config wuauserv start= disabled


???:
   • net1 stop wuauserv

 ??? ????????????????????????:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "Java developer Script Browse"="%WINDIR%\jusched.exe"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\
   Install\Software\Microsoft\Windows\CurrentVersion\Run]
   • "Java developer Script Browse"="%WINDIR%\jusched.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   • "Java developer Script Browse"="%WINDIR%\jusched.exe"



???????????? Windows XP ???:

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\
   FirewallPolicy\StandardProfile\AuthorizedApplications\List]
   • "%?????%"="%WINDIR%\jusched.exe:*:Enabled:Java
      developer Script Browse"

 Messenger ???? Messenger ???? ?????????:

 Yahoo Messenger

? URL ??????????????? ????????????????????????

 IRC ????????????????????? IRC ???:

???: 210.170.**********.115
??: 2345
??: #!gf#
??: NEW-[USA|00|P|%??%]

 ?????? ????:
????????? MS Visual C++ ????


???????:
???????????????????????????????

Açıklamayı yerleştiren Petre Galan tarihinde 10 Kasım 2010 Çarşamba
Açıklamayı güncelleyen: Alexander Vukcevic tarihinde 15 Kasım 2010 Pazartesi

Geri . . . .
https:// Bu pencere güvenlik amacıyla şifrelenmiştir.