Viermele Pitin se raspandeste foarte repede

14th April 2007 In categoria Virus!
1 Star2 Stars3 Stars4 Stars5 Stars6 Stars7 Stars8 Stars9 Stars10 Stars (Fii tu primul care voteaza!)
Loading ... Loading ...

virus.gifViermele W32/Pitin-A cauzeaza cele mai mari batai de cap prin faptul ca se copiaza in fiecare director pe care il poate accesa. Viermele se raspandeste cel mai des prin discuri accesate prin retea.  Viermele creaza o multime de insemnari in registry, care asigura incarcarea sa in memorie la fiecare pornire a sistemului de operare.

La activare, viermele W32/Pitin-A face urmatoarele operatiuni:

1. Copiaza in fiecare director si subdirector fisierul Nitip.exe

2. In fiecare subdirector creaza un fisier [subdirector].exe

3. Creaza fisierul C:\Windows\System32\3077\Wk86.exe

4. Creaza urmatoarea insemnare in registry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”Wkyo86″ = “C:\Windows\System32\3077\Wk86.exe”

5. Modifica urmatoarele insemnari in regisrty:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\”DisableRegistryTools” = “01000000″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\”DisableTaskMgr” = “01000000″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\”NoRun” = “01000000″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\”NoSaveSettings” = “00000000″

(HardwareOC)

Articole similare

Articol creat Saturday, 14th April 2007 la ora 8:57 am in categoria Virus!. Te poti abona la raspunsuri prin RSS 2.0. Poti raspunde daca vrei.

RSS feed | Trackback URI

Comments »

No comments yet.

Name (required)
E-mail (required - never shown publicly)
URI
Your Comment (smaller size | larger size)
You may use <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> in your comment.

Trackback responses to this post