This is a new worm attack, the worm attacks the system NT/2000 platform port 445 by way of exhaustive detection of an administrator password, and cloned into a backdoor program makes the security of the machine down to 0. Remind you, must give their super user to set a safe, strong passwords.
The following is a preliminary analysis of the virus:
Virus Name: Worm.DvLdr
Virus type: PE worm
Mode of transmission: 445 port to connect an exhaustive exploration crack passwords
About the virus: the virus in the body, including a number of executable files. The main program for DvLdr32.exe, prepared for the VC + +6 and using aspack compressed. Virus comes with two command-line tool, respectively psexesvc and Remote process launcher, both the normal web publishing tools sysinternals. Accompanied with an installation package, is responsible for the attack succeeds, the host machine to install VNC remote control tool.
The worm runs, randomly select two IP segment, connect the other 445 port, the port for the Samba and NT systems as file sharing and open ports. If the worm successfully connect to this port, use a dictionary with their exhaustive probe each other's administrator user password, once the successful detection of the other super-user password, then copy itself into the system. Registration registry HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun
Add three keys: "TaskMan" = "% 1Fontsrundll32.exe"; "Explorer" = "% 1Fontsexplorer.exe"; "messnger" = "% 1system32Dvldr32.exe". Where% 1 is being attacked machine WinNT directory. Explorer.exe for the VNC own management tools. And cloned into the VNC remote control tool to attack the system, also modified the VNC registry configuration, making VNC server icon does not appear in the system tray.
Treatment: From the above process, the system will be attacked by infection depends largely on whether the worm Aministrator password dictionary list. If the worm does not get super user's password, then the follow-up actions are impossible to carry out a series of infections, so to remind the general manager of the Administrator must set a strong password.
銆??濡傛灉涓嶅垢宸茬粡琚爼铏劅鏌擄紝閭d箞闄や簡鍙婃椂鏇存敼瀵嗙爜锛岃繕闇?缁撴潫鎺夋锠曡櫕鐨勮繘绋嬶紝娓呴櫎瀹冩墍鍋氱殑涓?郴鍒椾慨鏀癸細
銆??棣栧厛浣跨敤杩涚▼绠$悊鍣ㄧ粨鏉熸帀dvldr32.exe杩涚▼銆傞噸鏂板惎鍔ㄧ郴缁燂紝纭娌℃湁drldr32.exe杩欎釜杩涚▼锛岀劧鍚庡垹闄ゆ枃浠讹細
銆??锛匴indir锛匜ontsrundll32.exe
銆??%WINDIR锛匜ontsexplorer.exe
銆??%WINDIR锛匜ontsomnithread_rt.dll
銆??%WINDIR锛匜ontsVNCHooks.dll
銆??%SYSTEMDIR%dvldr32.exe
銆??锛匰YSTEMDIR%cygwin1.dll
銆??%STARTMENU%ProgramsStartupINST.exe
銆??娓呴櫎娉ㄥ唽琛ㄩ」鐩細
銆??鍒犻櫎涓婚敭锛欻KEY_CURRENT_USERSoftwareORL
銆??鍒犻櫎HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun涓嬬殑涓夐」閿?锛?br />
銆??"TaskMan"="锛?Fontsrundll32.exe"
銆??"Explorer"="锛?Fontsexplorer.exe"
銆??"messnger"="锛?system32Dvldr32.exe"
相关链接:
Video format for ps3
Online video convergence can watch movies without having to download
Lists System Maintenance
Helpdesk And Remote PC Shop
avi to MP4 converter free download
mp3 to m4a CONVERTER free
Vacations MP4 Converter
321 DVD To IPod PSP Ripper
Top Geography Education
reviews Firewall And Proxy Servers
Mr. Chen will be back in the more TERRIBLE
Photoshop effect of manufacturing flames SOAR
Converter Mp4 To Avi
e-cology in the pan of a micro-series
Value DVD to Zune Converter
Step by step with ME to learn X-Spaces personal space template changes
MP3 M3U To ID3
No comments:
Post a Comment