W32.Ecup - Descrizione virus
Pagina 1 di 1
W32.Ecup - Descrizione virus
Admin Mer Dic 02, 2009 11:51 pm
CARTA D'IDENTITA'
Tipo di minaccia: worm
Colpisce i sistemi operativi: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
* Distribuzione geografica: Bassa
* Contenimento della minaccia: Facile
* Rimozione: Facile
Si diffonde attraverso programmi di condivisione file
COSA FA
Una volta eseguito, W32.Ecup effettua le seguenti azioni:
1. Si copia con il nome:
%Temp%\svchost.exe
2. Si copia con il nome:
* updated-fixed [MESE]-[GIORNO].zip
* updated-fixed [MESE]-[GIORNO].rar
* Setup.exe
* Install.exe
* _Run_Me_First.exe
nelle cartelle seguenti:
* D:\Program files\emule\incoming
* C:\Program files\emule\incoming
* E:\Program files\emule\incoming
* C:\Download
* D:\Download
* E:\Download
* C:\T chargement
* D:\T chargement
* E:\T chargement
* C:\Incoming
* D:\Incoming
* E:\Incoming
* F:\Incoming
* G:\Incoming
* C:\Archivos de programa\emule\incoming
* D:\Archivos de programa\emule\incoming
* E:\Archivos de programa\emule\incoming
* C:\Program Files\Kazaa Lite K++\My Shared Folder
* D:\Program Files\Kazaa Lite K++\My Shared Folder
* E:\Program Files\Kazaa Lite K++\My Shared Folder
* C:\Program files\KMD\My Shared Folder
* KD:\Program files\KMD\My Shared Folder
* E:\Program files\KMD\My Shared Folder
* C:\Program files\KaZaA Lite\My Shared Folder
* D:\Program files\KaZaA Lite\My Shared Folder
* E:\Program files\KaZaA Lite\My Shared Folder
* C:\Program files\Morpheus\My Shared Folder
* D:\Program files\Morpheus\My Shared Folder
* E:\Program files\Morpheus\My Shared Folder
* C:\Program files\BearShare\Shared
* D:\Program files\BearShare\Shared
* E:\Program files\BearShare\Shared
* C:\Program files\Edonkey2000\Incoming
* D:\Program files\Edonkey2000\Incoming
* E:\Program files\Edonkey2000\Incoming
* C:\My Downloads
* D:\My Downloads
* E:\My Downloads
* C:\My Shared Folder
* D:\My Shared Folder
* E:\My Shared Folder
* C:\Program files\appleJuice\incoming
* D:\Program files\appleJuice\incoming
* E:\Program files\appleJuice\incoming
* C:\Program files\Gnucleus\Downloads
* D:\Program files\Gnucleus\Downloads
* E:\Program files\Gnucleus\Downloads
* C:\Program files\Grokster\My Grokster
* D:\Program files\Grokster\My Grokster
* E:\Program files\Grokster\My Grokster
* C:\Program files\ICQ\shared files
* D:\Program files\ICQ\shared files
* E:\Program files\ICQ\shared files
* C:\Program files\KaZaA\My Shared Folder
* D:\Program files\KaZaA\My Shared Folder
* E:\Program files\KaZaA\My Shared Folder
* C:\Program files\LimeWire\Shared
* D:\Program files\LimeWire\Shared
* E:\Program files\LimeWire\Shared
* C:\Program files\Overnet\incoming
* D:\Program files\Overnet\incoming
* E:\Program files\Overnet\incoming
* C:\Program files\Shareaza\Downloads
* D:\Program files\Shareaza\Downloads
* E:\Program files\Shareaza\Downloads
* C:\Program files\Swaptor\Download
* D:\Program files\Swaptor\Download
* E:\Program files\Swaptor\Download
* C:\Program files\WinMX\My Shared Folder
* D:\Program files\WinMX\My Shared Folder
* E:\Program files\WinMX\My Shared Folder
* C:\Program files\Tesla\Files
* D:\Program files\Tesla\Files
* E:\Program files\Tesla\Files
* C:\Program files\XoloX\Downloads
* D:\Program files\XoloX\Downloads
* E:\Program files\XoloX\Downloads
* C:\Program files\Rapigator\Share
* D:\Program files\Rapigator\Share
* E:\Program files\Rapigator\Share
3. Aggiunge il valore:
"WindowsServicesStartup" = "%Temp%\svchost.exe 1"
alla sottochiave del registro: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run in modo da essere eseguito ogni volta all'avvio di Windows.
4. Crea il file %CurrentFolder%\log.txt e lo apre, mostrando il seguente testo:
PRE-INSTALL v1.07
(C) pUcE Software 2006
Pre-install has checked your config.
Everything is ok, you can now run the setup program
Enjoy!
COME RIMUOVERLO
1. Disattivare il Ripristino configurazione di sistema.
2. Aggiornare il proprio antivirus.
3. Eseguire una scansione completa del sistema in modalità provvisoria.
Tipo di minaccia: worm
Colpisce i sistemi operativi: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
* Distribuzione geografica: Bassa
* Contenimento della minaccia: Facile
* Rimozione: Facile
Si diffonde attraverso programmi di condivisione file
COSA FA
Una volta eseguito, W32.Ecup effettua le seguenti azioni:
1. Si copia con il nome:
%Temp%\svchost.exe
2. Si copia con il nome:
* updated-fixed [MESE]-[GIORNO].zip
* updated-fixed [MESE]-[GIORNO].rar
* Setup.exe
* Install.exe
* _Run_Me_First.exe
nelle cartelle seguenti:
* D:\Program files\emule\incoming
* C:\Program files\emule\incoming
* E:\Program files\emule\incoming
* C:\Download
* D:\Download
* E:\Download
* C:\T chargement
* D:\T chargement
* E:\T chargement
* C:\Incoming
* D:\Incoming
* E:\Incoming
* F:\Incoming
* G:\Incoming
* C:\Archivos de programa\emule\incoming
* D:\Archivos de programa\emule\incoming
* E:\Archivos de programa\emule\incoming
* C:\Program Files\Kazaa Lite K++\My Shared Folder
* D:\Program Files\Kazaa Lite K++\My Shared Folder
* E:\Program Files\Kazaa Lite K++\My Shared Folder
* C:\Program files\KMD\My Shared Folder
* KD:\Program files\KMD\My Shared Folder
* E:\Program files\KMD\My Shared Folder
* C:\Program files\KaZaA Lite\My Shared Folder
* D:\Program files\KaZaA Lite\My Shared Folder
* E:\Program files\KaZaA Lite\My Shared Folder
* C:\Program files\Morpheus\My Shared Folder
* D:\Program files\Morpheus\My Shared Folder
* E:\Program files\Morpheus\My Shared Folder
* C:\Program files\BearShare\Shared
* D:\Program files\BearShare\Shared
* E:\Program files\BearShare\Shared
* C:\Program files\Edonkey2000\Incoming
* D:\Program files\Edonkey2000\Incoming
* E:\Program files\Edonkey2000\Incoming
* C:\My Downloads
* D:\My Downloads
* E:\My Downloads
* C:\My Shared Folder
* D:\My Shared Folder
* E:\My Shared Folder
* C:\Program files\appleJuice\incoming
* D:\Program files\appleJuice\incoming
* E:\Program files\appleJuice\incoming
* C:\Program files\Gnucleus\Downloads
* D:\Program files\Gnucleus\Downloads
* E:\Program files\Gnucleus\Downloads
* C:\Program files\Grokster\My Grokster
* D:\Program files\Grokster\My Grokster
* E:\Program files\Grokster\My Grokster
* C:\Program files\ICQ\shared files
* D:\Program files\ICQ\shared files
* E:\Program files\ICQ\shared files
* C:\Program files\KaZaA\My Shared Folder
* D:\Program files\KaZaA\My Shared Folder
* E:\Program files\KaZaA\My Shared Folder
* C:\Program files\LimeWire\Shared
* D:\Program files\LimeWire\Shared
* E:\Program files\LimeWire\Shared
* C:\Program files\Overnet\incoming
* D:\Program files\Overnet\incoming
* E:\Program files\Overnet\incoming
* C:\Program files\Shareaza\Downloads
* D:\Program files\Shareaza\Downloads
* E:\Program files\Shareaza\Downloads
* C:\Program files\Swaptor\Download
* D:\Program files\Swaptor\Download
* E:\Program files\Swaptor\Download
* C:\Program files\WinMX\My Shared Folder
* D:\Program files\WinMX\My Shared Folder
* E:\Program files\WinMX\My Shared Folder
* C:\Program files\Tesla\Files
* D:\Program files\Tesla\Files
* E:\Program files\Tesla\Files
* C:\Program files\XoloX\Downloads
* D:\Program files\XoloX\Downloads
* E:\Program files\XoloX\Downloads
* C:\Program files\Rapigator\Share
* D:\Program files\Rapigator\Share
* E:\Program files\Rapigator\Share
3. Aggiunge il valore:
"WindowsServicesStartup" = "%Temp%\svchost.exe 1"
alla sottochiave del registro: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run in modo da essere eseguito ogni volta all'avvio di Windows.
4. Crea il file %CurrentFolder%\log.txt e lo apre, mostrando il seguente testo:
PRE-INSTALL v1.07
(C) pUcE Software 2006
Pre-install has checked your config.
Everything is ok, you can now run the setup program
Enjoy!
COME RIMUOVERLO
1. Disattivare il Ripristino configurazione di sistema.
2. Aggiornare il proprio antivirus.
3. Eseguire una scansione completa del sistema in modalità provvisoria.
Admin- Admin
- Messaggi : 156
Data di iscrizione : 01.12.09 -
Pagina 1 di 1
Permessi in questa sezione del forum:
Non puoi rispondere agli argomenti in questo forum.