·Î±×ÀÎ Çϼ¼¿ä!
¹ÙÀÌ·¯½º °Ë»ö    
 
Home > º¸¾È/¹ÙÀÌ·¯½º Á¤º¸ > ¹ÙÀÌ·¯½º ã±â
[ ¸®½ºÆ®·Î ]
¹ÙÀÌ·¯½º À̸§ Trojan-W32/Magania.200704.C ¹ÙÀÌ·¯½º Á¾·ù Trojan
½ÇÇà ȯ°æ Á¦ÀÛÁö Áß±¹
¹ß°ßÀÏ 01010101 ¹ÙÀÌ·¯½ºÅ©±â 200704
¸ÞÀÏ Á¦¸ñ ¾øÀ½
÷ºÎÆÄÀÏ

Áõ»ó

 ¹é±×¶ó¿îµå·Î ½ÇÇàÇϸç, ¿ø°Ý Á¢¼ÓÀ» Çã¿ëÇÏ´Â Æ®·ÎÀÌ ¸ñ¸¶À̸ç,

USB µî À̵¿½Äµå¶óÀ̺ê Á¢¼Ó ½Ã À©µµ¿ì ¿À·ù ¸Þ¼¼Áö ¹ß»ý.

 

 

ÆÄÀÏ»ý¼º:

%Temp%\105703_fer.temp

%System%\CRESS.com

%System%\NWCWorkstationfd.d11

 

 

·¹Áö½ºÆ®¸® Å° »ý¼º:

[HKEY_LOCAL_MACHINE

 \SOFTWARE

  \Microsoft

   \Windows

    \CurrentVersion

     \policies

      \Explorer

       \Run]

 

[HKEY_LOCAL_MACHINE

 \SYSTEM

  \ControlSet001

   \Enum

    \Root

     \LEGACY_NWCWORKSTATION]

 

[HKEY_LOCAL_MACHINE

 \SYSTEM

  \ControlSet001

   \Services

    \NWCWorkstation]

 

[HKEY_LOCAL_MACHINE

 \SYSTEM

  \CurrentControlSet

   \Enum

    \Root

     \LEGACY_NWCWORKSTATION]

 

[HKEY_LOCAL_MACHINE

 \SYSTEM

  \CurrentControlSet

   \Services

    \NWCWorkstation\Enum]

 

 

·¹Áö½ºÆ®¸® »èÁ¦:

[HKEY_LOCAL_MACHINE

 \SOFTWARE

  \Microsoft

   \Windows

    \CurrentVersion

     \policies

      \system]

legalnoticecaption = ""

legalnoticetext = ""

 

 

Ä¡·á ¹æ¹ý

Åͺ¸¹é½Å Á¦Ç°±ºÀ¸·Î Áø´Ü/Ä¡·á °¡´ÉÇÕ´Ï´Ù.

´Ü,  À̵¿½Ä µå¶óÀ̺긦 Á¢¼Ó ÇØÁ¦ÇϽŠÈÄ ½ÇÇà ÇϽñ⠹ٶø´Ï´Ù .

 

Á÷Á¢Ä¡·á¹æ¹ý

À̵¿½Ä µå¶óÀÌºê »ç¿ë ½Ã ÀÚµ¿ ½ÇÇà ÇϽÃÁö ¸¶½Ã°í, Ž»ö±â¸¦ ÀÌ¿ëÇÏ¿© µå¶óÀ̺êÀÇ ³»¿ëÀ» È®ÀΠ¶Ç´Â ½ÇÇà ÇϽñ⠹ٶø´Ï´Ù.


¼öµ¿ È®ÀÎ


 


1.    [½ÃÀÛ]-[½ÇÇà]-[cmd] ½ÇÇà



 





 


2.    %System% ¿¡¼­ dir/ah



 



3.    ¼û°ÜÁø ¸ñ·Ïµé Áß CRESS.com ¹× NWCWorkstationfd.d11 (±âŸ NETSVCS_0x0fd.d11, NETSVCS_0x1fd.d11, NETSVCS_0x2fd.d11, NETSVCS_0x3fd.d11, NETSVCS_0x4fd.d11 µî ÆÄÀÏ)ÆÄÀÏ È®ÀÎ



 



4.    ÀÛ¾÷°ü¸®ÀÚ¿¡¼­ CRESS.com È®ÀÎ





¼öµ¿ Ä¡·á (Àӽà ¹æÆí)


 


1.    ÀÛ¾÷°ü¸®ÀÚ¿¡¼­ CRESS.com Á¾·á



 



2.    NWCWorkstation ¼­ºñ½º Á¾·á




 



3.    Cmd ºê¶ó¿ìÀú¿¡¼­ %system%ÀÇ ¼û±è ¼Ó¼ºÇØÁ¦


(Attrib –s –r –h  CRESS.com


Attrib –s –r –h  NWCWorkstationfd.d11


Attrib –s –r –h  NETSVCS_*.d11)



 



4.    Cmd ºê¶ó¿ìÀú¿¡¼­ %system% ÇØ´çÆÄÀÏ »èÁ¦


(del CRESS.com


del  NETSVCS_*.d11)




 


5.    [½ÃÀÛ]-[½ÇÇà]-[regedit] ½ÇÇà




 


6.    ÇØ´çÅ° °ª »èÁ¦(»¡°­»öÀÇ Run »èÁ¦)


([HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]


CRESS = "CRESS.COM") 



      



7.    ·¹Áö½ºÆ®¸®ÀÇ Å°°ªº¯°æ ÈÄ »èÁ¦ (Start = 0x00000002 -> Start = 0x00000004 º¯°æ ÈÄ NWCWorkstation »èÁ¦)


([HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NWCWorkstation]


Start = 0x00000004)         




 



8.    ·¹Áö½ºÆ®¸®ÀÇ Å°°ªº¯°æ ÈÄ »èÁ¦(NETSVCS_0x0°ü·Ã Å° °ª »èÁ¦)


 ([HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NETSVCS_0x0])




 



9.     Cmd ºê¶ó¿ìÀú¿¡¼­ %system% ÇØ´çÆÄÀÏ »èÁ¦ (del  NWCWorkstationfd.d11)




 



»èÁ¦ µÈ ·¹Áö °ª º¹¿ø


legalnoticecaption = ""


legalnoticetext = "")


1.    [½ÃÀÛ]-[½ÇÇà]-[regedit] ½ÇÇà




 


2.    »èÁ¦ µÈ ·¹Áö½ºÆ®¸® ÁöÁ¡ À̵¿


([HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system])




 



3.    ÇØ´ç ¹®ÀÚ¿­ °ª »ý¼º


("legalnoticecaption", "legalnoticetext")





        





  ȸ»ç¼Ò°³ ÀÌ¿ë¾à°ü °³ÀÎÁ¤º¸º¸È£Á¤Ã¥ ±¤°í¾È³» ÄÁÅÙÃ÷ Á¦ÈÞ  

ÁÖ¼Ò : ¼­¿ïƯº°½Ã ¸¶Æ÷±¸ °ø´öµ¿ 253-42È£ Áö¹æÀçÁ¤È¸°ü 11Ãþ | »ç¾÷ÀÚ µî·Ï¹øÈ£ : 220-81-67981
°³ÀÎÁ¤º¸°ü¸® Ã¥ÀÓÀÚ : ´ëÇ¥ÀÌ»ç ÀÓÇüÅà | Åë½ÅÆǸž÷ ½Å°í¹øÈ£ Á¦ ¸¶Æ÷-2419È£
e-mail : webmaster@everyzone.com(°í°´Áö¿ø) | vaccine@everyzone.com(¹ÙÀÌ·¯½º)