9/14/2010

g6jk.exe çözümü

nodqq.exe
herss.exe
dsoqq.exe
nodqq0.dll
cvasds0.dll
dsoqq0.dll

c:\windows\system32\com.run


c:\windows\system32\dp1.fne


c:\windows\system32\eAPI.fne


c:\windows\system32\internet.fne


c:\windows\system32\krnln.fnr


c:\windows\system32\og.dll


c:\windows\system32\og.edt

c:\windows\system32\RegEx.fnr


c:\windows\system32\shell.fne


c:\windows\system32\spec.fne


c:\windows\system32\ul.dll








c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\1.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\a.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\b.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\c.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\d.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\e.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\f.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\g.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\h.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\i.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\J.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\k.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\l.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\m.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\mru.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\n.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\o.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\p.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\q.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\r.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\s.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\t.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\u.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\v.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\w.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\x.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\y.xml


c:\documents and settings\kullanıcıadı\Application Data\PriceGong\Data\z.xml


c:\documents and settings\kullanıcıadı\Application Data\SystemProc\lsass.exe

yukarıdaki dosyalar C sürücüsünde aşağıdaki dosyalar tüm sürücülerde ve takılı olan flaş belleklerde mavcuttur

 
Sürücüadı:\g6jk.exe
Sürücüadı:\autorun.inf
Sürücüadı:\ dosyaadı.exe

herss.exe ailesinden

veya

Sürücüadı:\ Dosyaadı.exe

nodqq.exe  ailesinden


çözüm





hijackthis ve combofix programlarını kullandıktan sonra


aşağıdaki antivirüslerden herhangi biri ile tarama yapmak


Antivirüsler Bu illeti 2010.07.04 Tarihinden itibaren Virüs veya Trojan olarak algılamışlardır




Antivirüs Adı                                    Virüse Verdiği İsim


a-squared                                 Trojan-GameThief.Win32.Taworm!IK
AhnLab-V3                                Trojan/Win32.OnlineGameHack
Avast                                       Win32:Rootkit-gen
AVG                                         Win32/NSAnti.J
BitDefender                              Trojan.Generic.4368286
CAT-QuickHeal                          TrojanDropper.Agent.aohd
ClamAV                                    PUA.Packed.ASPack
Comodo                                   TrojWare.Win32.Trojan.Agent.Gen
F-Secure                                  Trojan.Generic.4368286
GData                                     Trojan.Generic.4368286
Ikarus T3                                 Trojan-GameThief.Win32.Taworm
Kaspersky                                Trojan-GameThief.Win32.Magania.dlhj
McAfee                                    Generic PWS.ak
McAfee-GW-Edition                    Artemis!5DEE44B7B7A4
Microsoft                                 Worm:Win32/Taterf.B
nProtect                                  Trojan.Generic.4368286
Panda                                     Trj/CI.A
Prevx                                      Medium Risk Malware
Sunbelt                                    BehavesLike.Win32.Malware (v)
VBA32                                    BScope.Trojan-PSW.AmGames
VirusBuster                            Trojan.Magania.Gen!Pac.3

Hiç yorum yok:

Related Posts Plugin for WordPress, Blogger...