Need help? Ask the community or hire an expert.
Go to Avira Answers
??:BDS/Prorat.16.47
????:13/12/2012
??:???????
????:?
????????????
??/????????
?? / ?????????
????:?
????:1.586.688 ??
MD5 ???:F87808A97ECF77C6E4208C0A9010451D
VDF ??:7.11.53.216

 ???? ????:
   • ???????


??:
   •  Symantec: Backdoor.Prorat
   •  Kaspersky: Backdoor.Win32.Prorat.16
   •  Sophos: Troj/Prorat-P
   •  Eset: Win32/Prorat.16
   •  Bitdefender: Backdoor.Prorat.1.6


??/????:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


???:
   • ??????
   • ????
   • ?????
   • ?????

 ?? ???????????:
   • %SYSDIR%\fservice.exe
   • %SYSDIR%\sservice.exe
   • %WINDIR%\services.exe



??????:

%SYSDIR%\wininv.dll ??????????????????
%SYSDIR%\winkey.dll ??????????????????
%WINDIR%\ktd32.atm

 ??? ????????????????????????:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\
   Run]
   • "DirectX For Microsoft Windows"="%SYSDIR%\fservice.exe"



?????????????:

[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
   {5Y99AE78-58TT-11dW-BE53-Y67078979Y}]
   • "StubPath"="%SYSDIR%\sservice.exe"

[HKCU\Software\Microsoft DirectX\WinSettings]
   • "Bulas"=%???????%
   • "FW_KILL"=%???????%
   • "XP_FW_Disable"=%???????%
   • "XP_SYS_Recovery"=%???????%
   • "ICQ_UIN"=%???????%
   • "ICQ_UIN2"=%???????%
   • "Kurban_Ismi"=%???????%
   • "Mail"=%???????%
   • "Online_List"=%???????%
   • "Port"=%???????%
   • "Sifre"=%???????%
   • "Hata"=%???????%
   • "Tport"=%???????%
   • "ServerVersionInt"=%???????%



?????????:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
   ??:
   • "Shell"="Explorer.exe"
   ??:
   • "Shell"="Explorer.exe %SYSDIR%\fservice.exe"

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess]
   ??:
   • "Start"=%???????%
   ??:
   • "Start"=dword:00000004

[HKLM\SYSTEM\ControlSet001\Services\srservice]
   ??:
   • "Start"=%???????%
   ??:
   • "Start"=dword:00000004

 ???? ???????:

%WINDIR%\services.exe ? TCP ??? 5110 ?????????
%WINDIR%\services.exe ? TCP ??? 5112 ???? FTP ????
%WINDIR%\services.exe ? TCP ??? 51100 ???? FTP ????

???????????:
     ????
     ??????
     ??????????
     ???????
     ????
     IP ??
     ?? ID
     ????????
     ????
     ???
     ????
     Windows ??????


??????:
     ????
     ????
     ????
     ?????
     ????
     ????
     ???? Shell
     ??????
     ??????
     ????
     ??????
     ????
     ????
     ????

 ?? ???:
????????????:
   • [ProRat v1.4 Trojan Horse - Coded by PO Group - Made in Turkey]

 ?????? ???????:
????????????????????????????????:
   • Molebox

Açıklamayı yerleştiren Dragos Tomescu tarihinde 31 Ağustos 2005 Çarşamba
Açıklamayı güncelleyen: Dragos Tomescu tarihinde 2 Eylül 2005 Cuma

Geri . . . .
https:// Bu pencere güvenlik amacıyla şifrelenmiştir.