9/14/2010

dqm.exe virüsü ve çözümü

nodqq.exe
herss.exe
dsoqq.exe
nodqq0.dll
cvasds0.dll
dsoqq0.dll

c:\windows\system32\com.run


c:\windows\system32\dp1.fne


c:\windows\system32\eAPI.fne


c:\windows\system32\internet.fne


c:\windows\system32\krnln.fnr


c:\windows\system32\og.dll

c:\windows\system32\og.edt


c:\windows\system32\RegEx.fnr


c:\windows\system32\shell.fne


c:\windows\system32\spec.fne


c:\windows\system32\ul.dll








c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\1.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\a.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\b.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\c.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\d.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\e.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\f.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\g.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\h.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\i.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\J.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\k.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\l.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\m.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\mru.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\n.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\o.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\p.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\q.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\r.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\s.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\t.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\u.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\v.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\w.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\x.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\y.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\z.xml


c:\documents and settings\kullanıcıadı\Application Data\SystemProc\lsass.exe

yukarıdaki dosyalar C sürücüsünde aşağıdaki dosyalar tüm sürücülerde ve takılı olan flaş belleklerde mavcuttur

 
Sürücüadı:\dqm.exe
Sürücüadı:\autorun.inf
Sürücüadı:\ dosyaadı.exe

herss.exe ailesinden

veya

Sürücüadı:\ Dosyaadı.exe

nodqq.exe  ailesinden


çözüm





hijackthis ve combofix programlarını kullandıktan sonra


aşağıdaki antivirüslerden herhangi biri ile tarama yapmak


Antivirüsler Bu illeti 2010.04.16 Tarihinden itibaren Virüs veya Trojan olarak algılamışlardır




Antivirüs Adı                                    Virüse Verdiği İsim


a-squared                                   Worm.Win32.Taterf!IK
AhnLab-V3                                  Win32/Autorun.worm.128512.D
Authentium                                 W32/Taterf.B!Generic
AVG                                           Win32/NSAnti.J
CAT-QuickHeal                            Trojan.Agent.WD
ClamAV                                      PUA.Packed.ASPack
Comodo                                      TrojWare.Win32.Trojan.Agent.Gen
DrWeb                                        Trojan.PWS.Wsgame.12661
F-Prot                                         W32/Taterf.B!Generic
Ikarus T3                                     Worm.Win32.Taterf
McAfee-GW-Edition                      Heuristic.LooksLike.Win32.Suspicious.B
Microsoft                                     Worm:Win32/Taterf.DL
Panda                                         Suspicious file
Prevx                                           Medium Risk Malware
Rising                                          Trojan.Win32.Generic.51FF61E2
Sunbelt                                         BehavesLike.Win32.Malware (v)
VBA32                                          MalwareScope.Worm.Viking.2

Hiç yorum yok:

Related Posts Plugin for WordPress, Blogger...