|
|
 |
|
|
| ¹ÙÀÌ·¯½º
À̸§ |
Trojan-W32/Bagle.9216.H |
¹ÙÀÌ·¯½º
Á¾·ù |
Worm |
| ½ÇÇà
ȯ°æ |
Windows |
Á¦ÀÛÁö |
ºÒºÐ¸í |
| ¹ß°ßÀÏ |
20050811 |
¹ÙÀÌ·¯½ºÅ©±â |
9,216 byte |
| ¸ÞÀÏ
Á¦¸ñ |
|
| ÷ºÎÆÄÀÏ |
|
| ¹ÙÀÌ·¯½º Áõ»ó |
¿úÀÌ ½ÇÇàµÇ¸é ´ÙÀ½°ú °°ÀÌ À©µµ¿ì ½Ã½ºÅÛ Æú´õ(win 2000, NT : c:\Wint\system32, win XP : c:\windows\system32)
¿¡ wiwshost.exe ÆÄÀÏÀ» »ý¼ºÇÑ´Ù.
¶ÇÇÑ, ´ÙÀ½Ã³·³ ·¹Áö½ºÆ®¸¦ ¼öÁ¤ÇÏ¿© ´ÙÀ½ ºÎÆýà ½ÇÇàµÇµµ·Ï Á¶ÀÛÇÑ´Ù.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Ç׸ñ¿¡
(win9xÀÇ °æ¿ì)
wiwshost.exe = c:\windows\system\wiwshost.exe
(win2000, NTÀÇ °æ¿ì)
wiwshost.exe = c:\winnt\system32\wiwshost.exe
(WinXPÀÇ °æ¿ì)
wiwshost.exe = c:\windows\system32\wiwshost.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Ç׸ñ¿¡
(win9xÀÇ °æ¿ì)
wiwshost.exe = c:\windows\system\wiwshost.exe
(win2000, NTÀÇ °æ¿ì)
wiwshost.exe = c:\winnt\system32\wiwshost.exe
(WinXPÀÇ °æ¿ì)
wiwshost.exe = c:\windows\system32\wiwshost.exe
¸¦ ±â·ÏÇÑ´Ù.
¶ÇÇÑ W32/Bagle.37888@mm ¿Í µ¿ÀÏ ÇÏ°Ô ´ÙÀ½°ú °°Àº ÆÄÀÏÀÌ ½ÇÇàµÇ¸é °Á¦ Á¾·á ½ÃÅ°°Ô µÈ´Ù.
ATUPDATER.EXE
ATUPDATER.EXE
AUPDATE.EXE
AUTODOWN.EXE
AUTOTRACE.EXE
AUTOUPDATE.EXE
AVPUPD.EXE
AVWUPD32.EXE
AVXQUAR.EXE
AVXQUAR.EXE
CFIAUDIT.EXE
DRWEBUPW.EXE
ESCANH95.EXE
ESCANHNT.EXE
FIREWALL.EXE
ICSSUPPNT.EXE
ICSUPP95.EXE
LUALL.EXE
MCUPDATE.EXE
NUPGRADE.EXE
NUPGRADE.EXE
OUTPOST.EXE
UPDATE.EXE
UPGRADER.EXE
±×¸®°í V3 ÀÇ ¹é½Å ¾÷µ¥ÀÌÆ® ¹æÇØ Çϰųª ÀϺΠ¾ÈƼ ¹ÙÀÌ·¯½º ÇÁ·Î±×·¥°ú
º¸¾È ÇÁ·Î±×·¥ÀÇ °ü·Ã ¼³Á¤À» º¯°æ Çϱ⵵ ÇÑ´Ù.
NAV1APSVC.EXE
NAVAPSVC.EXE
KAV.exe
kav12mm.exe
kavmm.exe
zonealarm.exe
c:\windows ¶Ç´Â c:\winnt Æú´õ¿¡
ÆÄÀÏÀ» ƯÁ¤ ½ÎÀÌÆ®·ÎºÎÅÍ ´Ù¿î·Îµå ¹Þ±âµµ ÇÏÁö¸¸ È®ÀεÇÁö´Â ¾Ê¾Ò´Ù. |
|
Ä¡·á ¹æ¹ý |
Åͺ¸¹é½Å Á¦Ç°±ºÀ¸·Î Áø´Ü/Ä¡·á °¡´ÉÇÕ´Ï´Ù.
|
|
Á÷Á¢Ä¡·á¹æ¹ý |
|
|
|
|
|
