PC¼¼ÀÌÆÛ ºü¸¥ ¸Þ´º


 PC¼¼ÀÌÆÛ ¸Þ´º ¾È³»
PC¼¼ÀÌÆÛ È¨
·Î±×ÀÎ (À¯·á»ç¿ëÀÚ)
ÇÁ·Î±×·¥ ¼Ò°³
ÇÁ·Î±×·¥ °¡À̵å
 - ±¸¸Å¹æ¹ý
 - »óÇ°±Ç°áÁ¦
 - ÀÚµ¿°áÁ¦ Ãë¼Ò
 - °Ë»ç¤ýÄ¡·á¹æ¹ý
 - ȯ°æ¼³Á¤
 - ÆÄÀϺ¹¿ø
¾Ç¼ºÄÚµå? ¹ÙÀÌ·¯½º?
 - ¾Ç¼ºÄÚµå¶õ?
 - ¹ÙÀÌ·¯½º¶õ?
 - ºÒÇÊ¿äÇÑ Á¤º¸¶õ?
º¸¾ÈÁ¤º¸
 - º¸¾ÈÄ®·³
 - MSº¸¾È±Ç°í¹®
°í°´Áö¿ø
 - °øÁö»çÇ×
 - ÀǽɵǴ ÆÄÀϽŰí
 - ÀæÀº Áú¹®¤ý´äº¯
 - 1:1»ó´ã

¹ÙÀÌ·¯½º À̸§ Trojan-W32/Magania.200704.C ¹ÙÀÌ·¯½º Á¾·ù Trojan
½ÇÇà ȯ°æ Á¦ÀÛÁö Áß±¹
¹ß°ßÀÏ 01010101 ¹ÙÀÌ·¯½ºÅ©±â 200704
¸ÞÀÏ Á¦¸ñ ¾øÀ½
÷ºÎÆÄÀÏ
¹ÙÀÌ·¯½º Áõ»ó
¹é±×¶ó¿îµå·Î ½ÇÇàÇϸç, ¿ø°Ý Á¢¼ÓÀ» Çã¿ëÇÏ´Â Æ®·ÎÀÌ ¸ñ¸¶À̸ç,

USB µî À̵¿½Äµå¶óÀ̺ê Á¢¼Ó ½Ã À©µµ¿ì ¿À·ù ¸Þ¼¼Áö ¹ß»ý.

 

 

ÆÄÀÏ»ý¼º:

%Temp%\105703_fer.temp

%System%\CRESS.com

%System%\NWCWorkstationfd.d11

 

 

·¹Áö½ºÆ®¸® Å° »ý¼º:

[HKEY_LOCAL_MACHINE

 \SOFTWARE

  \Microsoft

   \Windows

    \CurrentVersion

     \policies

      \Explorer

       \Run]

 

[HKEY_LOCAL_MACHINE

 \SYSTEM

  \ControlSet001

   \Enum

    \Root

     \LEGACY_NWCWORKSTATION]

 

[HKEY_LOCAL_MACHINE

 \SYSTEM

  \ControlSet001

   \Services

    \NWCWorkstation]

 

[HKEY_LOCAL_MACHINE

 \SYSTEM

  \CurrentControlSet

   \Enum

    \Root

     \LEGACY_NWCWORKSTATION]

 

[HKEY_LOCAL_MACHINE

 \SYSTEM

  \CurrentControlSet

   \Services

    \NWCWorkstation\Enum]

 

 

·¹Áö½ºÆ®¸® »èÁ¦:

[HKEY_LOCAL_MACHINE

 \SOFTWARE

  \Microsoft

   \Windows

    \CurrentVersion

     \policies

      \system]

legalnoticecaption = ""

legalnoticetext = ""

 

 
Ä¡·á ¹æ¹ý

Åͺ¸¹é½Å Á¦Ç°±ºÀ¸·Î Áø´Ü/Ä¡·á °¡´ÉÇÕ´Ï´Ù.

´Ü,  À̵¿½Ä µå¶óÀ̺긦 Á¢¼Ó ÇØÁ¦ÇϽŠÈÄ ½ÇÇà ÇϽñ⠹ٶø´Ï´Ù .

 
Á÷Á¢Ä¡·á¹æ¹ý

À̵¿½Ä µå¶óÀÌºê »ç¿ë ½Ã ÀÚµ¿ ½ÇÇà ÇϽÃÁö ¸¶½Ã°í, Ž»ö±â¸¦ ÀÌ¿ëÇÏ¿© µå¶óÀ̺êÀÇ ³»¿ëÀ» È®ÀΠ¶Ç´Â ½ÇÇà ÇϽñ⠹ٶø´Ï´Ù.


¼öµ¿ È®ÀÎ


 


1.    [½ÃÀÛ]-[½ÇÇà]-[cmd] ½ÇÇà



 





 


2.    %System% ¿¡¼­ dir/ah



 



3.    ¼û°ÜÁø ¸ñ·Ïµé Áß CRESS.com ¹× NWCWorkstationfd.d11 (±âŸ NETSVCS_0x0fd.d11, NETSVCS_0x1fd.d11, NETSVCS_0x2fd.d11, NETSVCS_0x3fd.d11, NETSVCS_0x4fd.d11 µî ÆÄÀÏ)ÆÄÀÏ È®ÀÎ



 



4.    ÀÛ¾÷°ü¸®ÀÚ¿¡¼­ CRESS.com È®ÀÎ





¼öµ¿ Ä¡·á (Àӽà ¹æÆí)


 


1.    ÀÛ¾÷°ü¸®ÀÚ¿¡¼­ CRESS.com Á¾·á



 



2.    NWCWorkstation ¼­ºñ½º Á¾·á




 



3.    Cmd ºê¶ó¿ìÀú¿¡¼­ %system%ÀÇ ¼û±è ¼Ó¼ºÇØÁ¦


(Attrib –s –r –h  CRESS.com


Attrib –s –r –h  NWCWorkstationfd.d11


Attrib –s –r –h  NETSVCS_*.d11)



 



4.    Cmd ºê¶ó¿ìÀú¿¡¼­ %system% ÇØ´çÆÄÀÏ »èÁ¦


(del CRESS.com


del  NETSVCS_*.d11)




 


5.    [½ÃÀÛ]-[½ÇÇà]-[regedit] ½ÇÇà




 


6.    ÇØ´çÅ° °ª »èÁ¦(»¡°­»öÀÇ Run »èÁ¦)


([HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]


CRESS = "CRESS.COM") 



      



7.    ·¹Áö½ºÆ®¸®ÀÇ Å°°ªº¯°æ ÈÄ »èÁ¦ (Start = 0x00000002 -> Start = 0x00000004 º¯°æ ÈÄ NWCWorkstation »èÁ¦)


([HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NWCWorkstation]


Start = 0x00000004)         




 



8.    ·¹Áö½ºÆ®¸®ÀÇ Å°°ªº¯°æ ÈÄ »èÁ¦(NETSVCS_0x0°ü·Ã Å° °ª »èÁ¦)


 ([HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NETSVCS_0x0])




 



9.     Cmd ºê¶ó¿ìÀú¿¡¼­ %system% ÇØ´çÆÄÀÏ »èÁ¦ (del  NWCWorkstationfd.d11)




 



»èÁ¦ µÈ ·¹Áö °ª º¹¿ø


legalnoticecaption = ""


legalnoticetext = "")


1.    [½ÃÀÛ]-[½ÇÇà]-[regedit] ½ÇÇà




 


2.    »èÁ¦ µÈ ·¹Áö½ºÆ®¸® ÁöÁ¡ À̵¿


([HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system])




 



3.    ÇØ´ç ¹®ÀÚ¿­ °ª »ý¼º


("legalnoticecaption", "legalnoticetext")