9/14/2010

eyruu.exe çözümü

nodqq.exe
herss.exe
dsoqq.exe
nodqq0.dll
cvasds0.dll
dsoqq0.dll

c:\windows\system32\com.run


c:\windows\system32\dp1.fne


c:\windows\system32\eAPI.fne


c:\windows\system32\internet.fne


c:\windows\system32\krnln.fnr


c:\windows\system32\og.dll

c:\windows\system32\og.edt


c:\windows\system32\RegEx.fnr


c:\windows\system32\shell.fne


c:\windows\system32\spec.fne


c:\windows\system32\ul.dll








c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\1.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\a.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\b.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\c.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\d.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\e.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\f.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\g.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\h.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\i.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\J.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\k.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\l.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\m.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\mru.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\n.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\o.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\p.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\q.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\r.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\s.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\t.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\u.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\v.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\w.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\x.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\y.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\z.xml


c:\documents and settings\kullanıcıadı\Application Data\SystemProc\lsass.exe

yukarıdaki dosyalar C sürücüsünde aşağıdaki dosyalar tüm sürücülerde ve takılı olan flaş belleklerde mavcuttur

 
Sürücüadı:\eyruu.exe
Sürücüadı:\autorun.inf
Sürücüadı:\ dosyaadı.exe

herss.exe ailesinden

veya

Sürücüadı:\ Dosyaadı.exe

nodqq.exe  ailesinden


çözüm





hijackthis ve combofix programlarını kullandıktan sonra


aşağıdaki antivirüslerden herhangi biri ile tarama yapmak


Antivirüsler Bu illeti 2010.06.23 Tarihinden itibaren Virüs veya Trojan olarak algılamışlardır




Antivirüs Adı                                    Virüse Verdiği İsim


a-squared                                  Trojan-GameThief.Win32.Taworm!IK
AhnLab-V3                                Trojan/Win32.OnlineGameHack
Avast                                       Win32:Herso
AVG                                         Win32/NSAnti.J
CAT-QuickHeal                          TrojanGameThief.Magania.dijf
ClamAV                                    PUA.Packed.ASPack
Comodo                                    TrojWare.Win32.Trojan.Agent.Gen
DrWeb                                     Trojan.PWS.Wsgame.13295
GData                                      Win32:Herso
Ikarus T3                                 Trojan-GameThief.Win32.Taworm
McAfee                                    Generic PWS.y!cqn
McAfee-GW-Edition                    Artemis!1EC5E93F0BDE
Microsoft                                  Worm:Win32/Taterf.B
NOD32                                     a variant of Win32/PSW.OnLineGames.PNZ
Panda                                      W32/Lineage.LLS
Prevx                                        Medium Risk Malware
Sophos                                    Troj/Lineag-GV
Sunbelt                                  BehavesLike.Win32.Malware (v)
VBA32                                     BScope.Trojan-PSW.AmGames
VirusBuster                             Trojan.Magania.Gen!Pac.3

Hiç yorum yok:

Related Posts Plugin for WordPress, Blogger...