HomeHome  SDManija portalSDManija portal  CalendarCalendar  GalleryGallery  FAQ/УпутствоFAQ/Упутство  ТражиТражи  Листа члановаЛиста чланова  Корисничке групеКорисничке групе  Региструј сеРегиструј се  Приступи  
web counter
Тражи
 
 

Display results as :
 
Rechercher Advanced Search
Navigation
 Portal
 Индекс
 Листа чланова
 Профил
 FAQ/Упутство
 Тражи
Affiliates
free forum

December 2016
MonTueWedThuFriSatSun
   1234
567891011
12131415161718
19202122232425
262728293031 
CalendarCalendar
Oglasi

adhitz

 

I-Worm.Lentin

Погледај предходну тему Погледај следећу тему Go down 
Аутор Порука
Admin
Admin
Admin


Број порука : 903
Points : 4638
Reputation : 94
Join date : 07.06.2009
Age : 26
Локација : Smederevo

ПорукаНаслов: I-Worm.Lentin   3/7/2009, 17:45

VIRUS INFO
Naziv virusa: I-Worm.Lentin
Alias: I-Worm.Lentif.f, W32/Lentin.E, Lentin.F, W32.Yaha.F@mm, W32/Yaha.E, I-Worm.Yaha.A
Tip: worm
Način širenja: e-mailom
Veličina: 29,839 bajtova
Destruktivan:
ne
Datum aktiviranja: startovanjem pristiglog attachmenta
Otkriven: 17.06.2002.

OBJAŠNJENJE
Stiže kao e-mail od nekoga ko ima Vašu e-mail adresu na svom računaru.
Ovaj virus, napisan u programskom jeziku C++ kompresovan sa UPX-om, stiže u 2 varijante.

Subject: Melt the Heart of your Valentine with this beautiful Screen saver
Telo poruke:

<<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>>
This e-mail is never sent unsolicited. If you need to unsubscribe,
follow the instructions at the bottom of the message.
***********************************************************
Melt the Heart of your loved ones with these beautiful Screen saver from www.screensaverin.com
* To remove yourself from this mailing list, point your browser to:
http://screensaverin.com/remove?freescreensaver
* Enter your email address (%EmailAddress%) in the field provided and click "Unsubscribe".
OR...
* Reply to this message with the word "remove" in the subjt line.
This message was sent to address %EmailAddress%
X-PMG-Recipient:
<<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>>

ili,

Subject: Fw: Melt the Heart of your Valentine with this beautiful Screen saver
Telo poruke:

Hi
Check this screen saver
Happy Valentines day
See u

----- Original Message -----
From: "Screen Saver" <screensaver@screensaverin.com>
To: <%EmailAddress%>
Sent: Friday, February 11, 2002 8:38 PM
Subject: Melt the Heart of your Valentine with this beautiful Screen saver
<<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>>
This e-mail is never sent unsolicited. If you need to unsubscribe,
follow the instructions at the bottom of the message.
***********************************************************
Melt the Heart of your loved ones with these beautiful Screen saver from www.screensaverin.com
* To remove yourself from this mailing list, point your browser to:
http://screensaverin.com/remove?freescreensaver
* Enter your email address (%EmailAddress%) in the field provided and click "Unsubscribe".
OR...
* Reply to this message with the word "remove" in the subjt line.
This message was sent to address %EmailAddress%
X-PMG-Recipient:
<<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>>

gde je %EmailAddress% e-mail adresa od koga je stigao e-mail.

Kao attachment, korisnik može da dobije i fajl sa nekim od sledećih naziva:
SCREENSAVER, SCREENSAVER4U, SCREENSAVER4U, SCREENSAVERFORU, FREESCREENSAVER, LOVE, LOVERS, LOVESCR, LOVERSCREENSAVER, LOVERSGANG, LOVESHORE, LOVE4U, LOVERS, ENJOYLOVE, SHARELOVE, i, CHECKFRIENDS, URFRIEND, FRIENDSCIRCLE, FRIENDSHIP, FRIENDS, FRIENDSCR, FRIENDS, FRIENDS4U, FRIENDSHIP4U, FRIENDSHIPBIRD, FRIENDSHIPFORU, FRIENDSWORLD, WERFRIENDS, PASSION, BULLSHITSCR, SHAKEIT, SHAKESCR, SHAKINGLOVE, SHAKINGFRIENDSHIP, PASSIONUP, RISHTHA, GREETINGS, LOVEGREETINGS, FRIENDSGREETINGS, FRIENDSEARCH, LOVEFINDER, TRUEFRIENDS, TRUELOVERS ili FUCKER mada je primećeno da koristi i attachmente sa dvostrukom ekstenzijom u sledećim nazivima fajlova: LOVELETTER, RESUME, BIODATA, DAILYREPORT, MOUNTAN, GOLDFISH, WEEKLYREPORT, REPORT ili LOVE.
Kao prva ekstenzija se koristi: DOC, MP3, XLS, WAV, TXT, JPG, GIF, DAT, BMP, HTM, MPG, MDB ili ZIP a kao druga: PIF, BAT ili SCR.

Kada korisnik startuje pristigli fajl, crv se iskopira u direktorijum C:\RECYCLED kao fajl MSMDM.EXE i MSSCRA.EXE i promeni sadržaj Registry baze:
HKEY_CLASSES_ROOT \exefile\shell\open\command (Default) = c:\recycled\naziv_fajla%1 %*.
gde je naziv_fajla, fajl koji se startuje svaki put kada korisnik startuje neki EXE fajl, startovaće i samog virusa.
Virus će promeniti i sadržaj WIN.INI fajla, gde će postaviti da se svaki put startuje i MSTASKMON.EXE.
Da bi sakrio svoje aktivnosti, crv ponekad napravi malu šalu sa korisnikovom radnom površinom. (+)

Virus kreira dva tekstualna fajla sa sledećim sadržininama:

<<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>>
W32.YAHA-III
Author :H^H,h2h@achayans.com
Origin :India,Kerala
I like Klez,Sircam,But i hate the bullshit payloads
Is i am a good coder?? still i have dout huhh!!!
Beware Indian Hackers..Tomarrow is ours!!!
<<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>>

i,

<<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>>
iNDian sNakes pResents yAha.E
iNDian hACkers,Vxers c0me & w0Rk wITh uS & fuCk tHE GFORCE-pAK shites
bY
sNAkeeYes,c0Bra
<<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>>

Virus kreira i jedan DLL fajl, nasumičnim odabirom slova i znakova, u koji smešta sve e-mail adrese koje pronađe u:
Windows Address Book, MSN /.NET Messenger, Yahoo Pager List, ICQ List (*.UIN fajlovi), *.HT* fajlovi u Temporary Internet Files folderu, *Hotmail*.*ht*, *.DOC i *.TXT fajlovima.

Kada zarazi korisnikov računar, virus koristi SMTP protokol i šalje se na sve e-mail adrese koje je zebeležio u svoj DLL fajl.
E-mailove koje virus šalje, HTML formatirani, izgledaju ovako:

Subject: Melt the Heart of your Valentine with this beautiful Screen saver
Telo poruke:
<<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>>
This e-mail is never sent unsolicited. If you need to unsubscribe, follow the instructions at the bottom of the message.
**************************************************
Melt the Heart of your loved ones with these beautiful Screen saver from www.screensaverin.com
* To remove yourself from this mailing list, point your browser to:
http://screensaverin.com/remove?freescreensaver
* Enter your email address (%EmailAddress%) in the field provided and click "Unsubscribe".
OR...
* Reply to this message with the word "remove" in the subjt line.
This message was sent to address %EmailAddress%
X-PMG-Recipient:
<<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>>
Attachment: VALENTIN.SCR

ili,

Subject: Fw: Melt the Heart of your Valentine with this beautiful Screen saver
Telo poruke:

Hi
Check this screen saver
Happy Valentines day
See u

----- Original Message -----
From: "Screen Saver"
To:
Sent: Friday, February 11, 2002 8:38 PM
Subject: Melt the Heart of your Valentine with this beautiful Screen saver
<<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>>
This e-mail is never sent unsolicited. If you need to unsubscribe, follow the instructions at the bottom of the message.
**************************************************
Melt the Heart of your loved ones with these beautiful Screen saver from www.screensaverin.com
* To remove yourself from this mailing list, point your browser to:
http://screensaverin.com/remove?freescreensaver
* Enter your email address (%EmailAddress%) in the field provided and click "Unsubscribe".
OR...
* Reply to this message with the word "remove" in the subjt line.
This message was sent to address %EmailAddress%
X-PMG-Recipient: <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>> <<<>>>
Attachment: VALENTIN.SCR

gde je %EmailAddress% e-mail adresa od koga je stigao e-mail.

Virus skenira sve procese koji su startovani na korisnikovom računaru i ako neki odgovara listi, jednostavno ga zatvori. Lista je sledeća:
ANTIVIR, MCAFEE, NORTON, NVC95, FP-WIN, IOMON98, PCCWIN98, F-PROT95, F-STOPW, PVIEW95, NAVWNT, NAVRUNR, NAVLU32, NAVAPSVC, NISUM, SYMPROXYSVC, RESCUE32, NISSERV, ATRACK, IAMAPP, LUCOMSERVER, LUALL, NMAIN, NAVW32, NAVAPW32, WEBTRAP, POP3TRAP, PCCMAIN, PCCIOMON, SCAM32, WEBSCANX, SAFEWEB, ICMON, CFINET, CFINET32, AVP.EXE, LOCKDOWN2000, AVP32, ZONEALARM, WINK i SIRC32.



REŠENJE
Preuzmite cleaner za ovaj virus. Zbog varijacija virusa, ako prethodni cleaner ne radi posao, preporučujem da preuzmete onda ovaj cleaner
Назад на врх Go down
Погледај профил корисника http://sdmanija.forumotion.com

I-Worm.Lentin

Погледај предходну тему Погледај следећу тему Назад на врх 
Страна 1 of 1

Permissions in this forum: Не можете одговорити на теме у овом форуму
 :: PC svet :: PC klinika, software :: Šta su to virusi, trojanci i crvi, i kako ih prepoznati... -
Free forum | © phpBB | Free forum support | Контакт | Report an abuse | www.sosblogs.com