A
Worm.AInfBot.p egy másik malware által kerülhet a
rendszerre, vagy a gyanútlan felhasználó által
kártékony oldalak látogatása közben
|
Malware Tipus
|
:
|
Féreg
|
|
Más néven
|
:
|
BDS/IRCBot.592384S [Avira], Generic BackDoor!yx
[McAfee]
|
|
Fenyegetett rendsuerek
|
:
|
Windows 2000, Windows 95, Windows 98, Windows Me,
Windows NT, Windows Server 2003, Windows XP
|
|
Rizikófaktor
|
:
|
Alacsony
|
A Worm.AInfBot.p a következő folyamatokat inditja el a
rendszeren:
Az alábbi fájlokat hozza
létre:
%System%\wbem\wmiclisv.exe
%System%\drivers\minidrv32.sys
Az
automatikus futás érdekében az alábbi
regiszterbejegyzéseket hozza létre vagy
módositja:
Group = "SST miniport
drivers"
DisplayName = "MiniPort Driver Hub"
ImagePath
=
"\??\%System%\drivers\minidrv32.sys"
HKLM\System\CurrentControlSet\Services\minidrv32
DisplayName
= "WMI Client Service"
Descript-xion = "Manages WMI
data for client applications."
ImagePath =
""%System%\wbem\wmiclisv.exe""
HKLM\System\CurrentControlSet\Services\WMICLISV
%System%\wbem\wmiclisv.exe
= "%System%\wbem\wmiclisv.exe:*:
Microsoft
Enabled"
HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile\AuthorizedApplications\List
A
féreg a HOSTS fájlt is módositja, amely a
hostnevet tartalmazza az IP cimhez. A fájl általában
a következő mappában található:
•
%System%\drivers\etc\hosts
Ezután az alábbiakat
adja hozzá a host fájlhozfile:
127.0.0.1 msnfix.changelog.fr
127.0.0.1
www.incodesolutions.com
127.0.0.1 virusinfo.prevx.com
127.0.0.1
download.bleepingcomputer.com
127.0.0.1 www.dazhizhu.cn
127.0.0.1
foro.noticias3d.com
127.0.0.1 www.nabble.com
127.0.0.1
lurker.clamav.net
127.0.0.1 lexikon.ikarus.at
127.0.0.1
research.sunbelt-software.com
127.0.0.1
www.virusdoctor.jp
127.0.0.1 www.elitepvpers.de
127.0.0.1
www.superuser.co.kr
127.0.0.1 ntfaq.co.kr
127.0.0.1
v.dreamwiz.com
127.0.0.1 cit.kookmin.ac.kr
127.0.0.1
forums.whatthetech.com
127.0.0.1 forum.hijackthis.de
127.0.0.1
www.huaifai.go.th
127.0.0.1 www.mostz.com
127.0.0.1
www.krupunmai.com
127.0.0.1 www.cddchiangmai.net
127.0.0.1
forum.malekal.com
127.0.0.1 tech.pantip.com
127.0.0.1
sapcupgrades.com
127.0.0.1 www.247fixes.com
127.0.0.1
forum.sysinternals.com
127.0.0.1
forum.telecharger.01net.com
127.0.0.1 sophos.com
127.0.0.1
foros.softonic.com
127.0.0.1 avast-home.uptodown.com
127.0.0.1
www.f-secure.com
127.0.0.1 www.chkrootkit.org
127.0.0.1
diamondcs.com.au
127.0.0.1 www.rootkit.nl
127.0.0.1
www.sysinternals.com
127.0.0.1 z-oleg.com
127.0.0.1
espanol.dir.groups.yahoo.com
127.0.0.1
www.castlecrops.com
127.0.0.1 www.misec.net
127.0.0.1
safecomputing.umn.edu
127.0.0.1 www.antirootkit.com
127.0.0.1
www.greatis.com
127.0.0.1 ar.answers.yahoo.com
127.0.0.1
www.rootkit.com
127.0.0.1 www.pctools.com
127.0.0.1
www.pcsupportadvisor.com
127.0.0.1 www.resplendence.com
127.0.0.1
www.personal.psu.edu
127.0.0.1 foro.ethek.com
127.0.0.1
vil.nail.comm
127.0.0.1 search.mcafee.com
127.0.0.1
wwww.mcafee.com
127.0.0.1 download.nai.com
127.0.0.1
wwww.experts-exchange.com
127.0.0.1 www.bakunos.com
127.0.0.1
www.darkclockers.com
127.0.0.1 www.Merijn.org
127.0.0.1
www.spywareinfo.com
127.0.0.1 www.spybot.info
127.0.0.1
www.viruslist.com
127.0.0.1 www.hijackthis.de
127.0.0.1
www.f-secure.com
127.0.0.1 forum.kaspersky.com
127.0.0.1
majorgeeks.com
127.0.0.1 www.avp.com
127.0.0.1
www.virustotal.com
127.0.0.1 www.sophos.com
127.0.0.1
linhadefensiva.uol.com.br
127.0.0.1 cmmings.cn
127.0.0.1
www.sergiwa.com
127.0.0.1 www.avg-antivirus.net
127.0.0.1
www.kaspersky-labs.com
127.0.0.1 www.kaspersky.com
127.0.0.1
www.bleepingcomputer.com
127.0.0.1 www.free.grisoft.com
127.0.0.1
alerta-antivirus.inteco.es
127.0.0.1
securityresponse.symantec.com
127.0.0.1
www.analysis.seclab.tuwien.ac.at
127.0.0.1
www.symantec.com
127.0.0.1 www.kztechs.com
127.0.0.1
ad-aware-se.uptodown.com
127.0.0.1
liveupdate.symantecliveupdate.com
127.0.0.1
liveupdate.symantec.com
127.0.0.1 customer.symantec.com
127.0.0.1
update.symantec.com
127.0.0.1 www.box.net
127.0.0.1
www.mcafee.com
127.0.0.1 www.free.avg.com
127.0.0.1
download.mcafee.com
127.0.0.1 mast.mcafee.com
127.0.0.1
www.tecno-soft.com
127.0.0.1 ladooscuro.es
127.0.0.1
ftp.drweb.com
127.0.0.1 guru0.grisoft.cz
127.0.0.1
guru1.grisoft.cz
127.0.0.1 guru2.grisoft.cz
127.0.0.1
guru3.grisoft.cz
127.0.0.1 download.bleepingcomputer.com
127.0.0.1
it.answers.yahoo.com
127.0.0.1 guru4.grisoft.cz
127.0.0.1
guru5.grisoft.cz
127.0.0.1 www.virusspy.com
127.0.0.1
www.download.f-secure.com
127.0.0.1
www.malwareremoval.com
127.0.0.1 forums.cnet.com
127.0.0.1
hjt-data.trend-braintree.com
127.0.0.1 www.pantip.com
127.0.0.1
secubox.aldria.com
127.0.0.1 www.forospyware.com
127.0.0.1
www.manuelruvalcaba.com
127.0.0.1 www.zonavirus.com
127.0.0.1
www.siteadvisor.com
127.0.0.1 blog.threatfire.com
127.0.0.1
www.threatexpert.com
127.0.0.1 blog.hispasec.com
127.0.0.1
www.configurarequipos.com
127.0.0.1
sosvirus.changelog.fr
127.0.0.1 mailcenter.rising.com.cn
127.0.0.1
mailcenter.rising.com
127.0.0.1 www.rising.com.cn
127.0.0.1
www.rising.com
127.0.0.1 www.babooforum.com.br
127.0.0.1
www.runscanner.net
127.0.0.1 sosvirus.changelog.fr
127.0.0.1
upload.changelog.fr
127.0.0.1 www.raymond.cc
127.0.0.1
changelog.fr
127.0.0.1 www.pcentraide.com
127.0.0.1
atazita.blogspot.com
127.0.0.1 www.thinkpad.cn
127.0.0.1
www.final4ever.com
127.0.0.1 files.filefont.com
127.0.0.1
www.infos-du-net.com
127.0.0.1 www.trendsecure.com
127.0.0.1
forum.hardware.fr
127.0.0.1
www.utilidades-utiles.comwww.spychecker.com
127.0.0.1
www.geekstogo.com
127.0.0.1 forums.maddoktor2.com
127.0.0.1
www.smokey-services.eu
127.0.0.1 www.clubic.com
127.0.0.1
www.linhadefensiva.org
127.0.0.1
download.sysinternals.com
127.0.0.1 www.pcguide.com
127.0.0.1
www.thetechguide.com
127.0.0.1 www.ozzu.com
127.0.0.1
www.changedetection.com
127.0.0.1
espanol.groups.yahoo.com
127.0.0.1
community.thaiware.com
127.0.0.1 www.avpclub.ddns.info
127.0.0.1
www.offensivecomputing.net
127.0.0.1 www.grisoft.com
127.0.0.1
boardreader.com
127.0.0.1 www.guiadohardware.net
127.0.0.1
www.msnvirusremoval.com
127.0.0.1 www.cisrt.org
127.0.0.1
fixmyim.com
127.0.0.1 samroeng.hi5.com
127.0.0.1
foro.elhacker.net
127.0.0.1 www.daboweb.com
127.0.0.1
service1.symantec.com
127.0.0.1 forums.techguy.org
127.0.0.1
www.incodesolutions.com
127.0.0.1
hijackthis.download3000.com
127.0.0.1
www.cybertechhelp.com
127.0.0.1 www.superdicas.com.br
127.0.0.1
www.51nb.com
127.0.0.1 downloads.andymanchesta.com
127.0.0.1
andymanchesta.com
127.0.0.1 info.prevx.com
127.0.0.1
aknow.prevx.com
127.0.0.1 www.zonavirus.com
127.0.0.1
securitywonks.net
127.0.0.1 www.lavasoft.com
127.0.0.1
www.virscan.org
127.0.0.1 www.eeload.com
127.0.0.1
down.www.kingsoft.com
127.0.0.1 www.file.net
127.0.0.1
onecare.live.com
127.0.0.1 mvps.org
127.0.0.1
www.laneros.com
127.0.0.1 www.housecall.trendmicro.com
127.0.0.1
www.avast.com
127.0.0.1 www.free.avg.com
127.0.0.1
www.onlinescan.avast.com
127.0.0.1 www.ewido.net
127.0.0.1
www.trucoswindows.net
127.0.0.1
www.futurenow.bitdefender.com
127.0.0.1
www.bitdefender.com
127.0.0.1 www.f-prot.com
127.0.0.1
www.trendsecure.com
127.0.0.1 security.symantec.com
127.0.0.1
oldtimer.geekstogo.com
127.0.0.1 www.avira.com
127.0.0.1
www.eset.com
127.0.0.1 www.free.avg.com
127.0.0.1
www.free-av.com
127.0.0.1 kr.ahnlab.com
127.0.0.1
www.eset.com
127.0.0.1 forospyware.com
127.0.0.1
thejokerx.blogspot.com
127.0.0.1 www.2-spyware.com
127.0.0.1
www.antivir.es
127.0.0.1 www.prevx.com
127.0.0.1
www.ikarus.net
127.0.0.1 bbs.s-sos.net
127.0.0.1
www.housecall.trendmicro.com
127.0.0.1
www.superdicas.com.br
127.0.0.1
www.forums.majorgeeks.com
127.0.0.1 www.castlecops.com
127.0.0.1
www.virusspy.com
127.0.0.1 andymanchesta.com
127.0.0.1
www.kaspersky.es
127.0.0.1 subs.geekstogo.com
127.0.0.1
www.trendmicro.com
127.0.0.1 www.fortinet.com
127.0.0.1
www.safer-networking.org
127.0.0.1
www.fortiguardcenter.com
127.0.0.1 www.dougknox.com
127.0.0.1
www.vsantivirus.com
127.0.0.1 www.firewallguide.com
127.0.0.1
www.auditmypc.com
127.0.0.1 www.spywaredb.com
127.0.0.1
www.mxttchina.com
127.0.0.1 www.ziggamza.net
127.0.0.1
www.forospyware.es
127.0.0.1 www.antivirus.comodo.com
127.0.0.1
www.spywareterminator.com
127.0.0.1
www.eradicatespyware.net
127.0.0.1
www.freespywareremoval.info
127.0.0.1
www.personalfirewall.comodo.com
127.0.0.1 www.clamav.net
127.0.0.1
www.antivirus.about.com
127.0.0.1 www.pandasecurity.com
127.0.0.1
www.webphand.com
127.0.0.1 mx.answers.yahoo.com
127.0.0.1
www.securitywonks.net
127.0.0.1 www.sandboxie.com
127.0.0.1
www.clamwin.com
127.0.0.1 www.cwsandbox.org
127.0.0.1
www.ca.com
127.0.0.1 www.arswp.com
127.0.0.1
es.answers.yahoo.com
127.0.0.1 www.trucoswindows.es
127.0.0.1
www.networkworld.com
127.0.0.1 www.cddchiangmai.net
127.0.0.1
www.threatexpert.com
127.0.0.1 www.norman.com
127.0.0.1
espanol.answers.yahoo.com
127.0.0.1 www.tallemu.com
127.0.0.1
virscan.org
127.0.0.1 www.viruschief.com
127.0.0.1
scanner.virus.org
127.0.0.1 www.hijackthis.de
127.0.0.1
housecall65.trendmicro.com
127.0.0.1
www.guiadohardware.net
127.0.0.1 hjt.networktechs.com
127.0.0.1
www.techsupportforum.com
127.0.0.1 www.whatthetech.com
127.0.0.1
www.soccersuck.com
127.0.0.1 www.pcentraide.com
127.0.0.1
comunidad.wilkinsonpc.com.co
127.0.0.1
forum.piriform.com
127.0.0.1 www.tweaksforgeeks.com
127.0.0.1
www.daniweb.com
127.0.0.1 www.geekstogo.com
127.0.0.1
es.answers.yahoo.com
127.0.0.1 www.techsupportforum.com
127.0.0.1
www.pchell.com
127.0.0.1 www.spyany.com
127.0.0.1
forums.techguy.org
127.0.0.1 www.experts-exchange.com
127.0.0.1
www.wikio.es
127.0.0.1 www.pandasecurity.com
127.0.0.1
forums.devshed.com
127.0.0.1 forum.tweaks.com
127.0.0.1
www.wilderssecurity.com
127.0.0.1 www.techspot.com
127.0.0.1
www.thecomputerpitstop.com
127.0.0.1 es.wasalive.com
127.0.0.1
secunia.com
127.0.0.1 www.thaiadmin.org
127.0.0.1
es.kioskea.net
127.0.0.1 www.taringa.net
127.0.0.1
www.cyberdefender.com
127.0.0.1 www.feedage.com
127.0.0.1
new.taringa.net
127.0.0.1 forum.zazana.com
127.0.0.1
forum.clubedohardware.com.br
127.0.0.1 www.computing.net
127.0.0.1
discussions.virtualdr.com
127.0.0.1
forum.securitycadets.com
127.0.0.1 www.techimo.com
127.0.0.1
13iii.com
127.0.0.1 www.dicasweb.com.br
127.0.0.1
www.infosecpodcast.com
127.0.0.1 www.usbcleaner.cn
127.0.0.1
www.net-security.org
127.0.0.1 www.bleedingthreats.net
127.0.0.1
acs.pandasoftware.com
127.0.0.1 www.funkytoad.com
127.0.0.1
www.360safe.cn
127.0.0.1 www.360safe.com
127.0.0.1
bbs.360safe.cn
127.0.0.1 bbs.360safe.com
127.0.0.1
codehard.wordpress.com
127.0.0.1
forum.clubedohardware.com.br
127.0.0.1
support.cmclab.net
127.0.0.1 www.360.cn
127.0.0.1
www.360.com
127.0.0.1 bbs.360safe.cn
127.0.0.1
bbs.360safe.com
127.0.0.1 www.forospyware.es
127.0.0.1
p3dev.taringa.net
127.0.0.1 www.precisesecurity.com
127.0.0.1
baike.360.cn
127.0.0.1 baike.360.com
127.0.0.1
kaba.360.cn
127.0.0.1 kaba.360.com
127.0.0.1
deckard.geekstogo.com
127.0.0.1 www.taringa.net
127.0.0.1
forums.comodo.com
127.0.0.1 www.mvps.org
127.0.0.1
down.360safe.cn
127.0.0.1 down.360safe.com
127.0.0.1
x.360safe.com
127.0.0.1 dl.360safe.com
127.0.0.1
ftp.drweb.com
127.0.0.1 www.hotshare.net
127.0.0.1
es.wasalive.com
127.0.0.1 support.cmclab.net
127.0.0.1
updatem.360safe.com
127.0.0.1 updatem.360safe.cn
127.0.0.1
update.360safe.cn
127.0.0.1 update.360safe.com
127.0.0.1
www.utilidades-utiles.com
127.0.0.1 forum.kaspersky.com
127.0.0.1
bbs.duba.net
127.0.0.1 www.duba.net
127.0.0.1
zhidao.baidu.com
127.0.0.1 hi.baidu.com
127.0.0.1
www.drweb.com.es
127.0.0.1 msncleaner.softonic.com
127.0.0.1
www.javacoolsoftware.com
127.0.0.1 file.ikaka.com
127.0.0.1
file.ikaka.cn
127.0.0.1 bbs.ikaka.com
127.0.0.1
zhidao.ikaka.com
127.0.0.1 www.eset-la.com
127.0.0.1
www.eset-la.com
127.0.0.1 software-files.download.com
127.0.0.1
www.ikaka.com
127.0.0.1 www.ikaka.cn
127.0.0.1
bbs.cfan.com.cn
127.0.0.1 www.cfan.com.cn
127.0.0.1
www.pandasecurity.com
127.0.0.1 es.mcafee.com
127.0.0.1
downloads.malwarebytes.org
127.0.0.1 bbs.kafan.cn
127.0.0.1
bbs.kafan.com
127.0.0.1 bbs.kpfans.com
127.0.0.1
bbs.taisha.org
127.0.0.1 www.manuelruvalcaba.com
127.0.0.1
support.f-secure.com
127.0.0.1 bbs.winzheng.com
127.0.0.1
alerta-antivirus.inteco.es
127.0.0.1 foros.zonavirus.com
127.0.0.1
alerta-antivirus.red.es
127.0.0.1 www.zonavirus.com
127.0.0.1
www.malwarebytes.org
127.0.0.1 www.commentcamarche.net
127.0.0.1
www.ewido.net
127.0.0.1 www.infospyware.com
127.0.0.1
www.bitdefender.es
127.0.0.1 housecall.trendmicro.com
127.0.0.1
foros.toxico-pc.com
127.0.0.1 www.d-a-l.com
127.0.0.1
www.beartai.com
127.0.0.1 www.emsisoft.de
127.0.0.1
www.securitynewsportal.com
Megoldás:
Kapcsolja ki a rendszer visszaállítását.
Windows
Me-nél:
Kattintson a Start gombra, majd Beállítások,
Vezérlőpult. Kattintson duplán a "Rendszer"-re
majd a "Teljesítmény"-re. Kattintson a
Fájlrendszerre majd a Troubleshooting-ra. Válassza ki a
"rendszer visszaállítás kikapcsolása"
lehetőséget, és kattintson az "Alkalmazás"-ra.
Indítsa újra a gépet.
Windows XP-nél:
Kattintson a Start gombra, majd Beállítások,
Vezérlőpult.
Kattintson duplán a "Rendszer"-re
és utána arra hogy "A rendszer visszaállítása".
Pipálja ki a "A rendszer visszaállítás
kikapcsolása az összes meghajtón" és
kattintson az "Alkalmazás"-ra. Indítsa újra
a gépet.
A Quick Heal-t használóknak
ajánlott letölteni a legújabb vírusleírásokat,
és a Quick Heal Scanner segítségével
átvizsgálni a gépet.
