2024 정부지원사업 랜섬웨어 대응/예방 정부 지원 사업 - 도입 기회를 놓치지 마세요!!자세히 보기
  • 바이러스 정보
  • 터보백신에서 분석한 바이러스 위협 정보, 보안 통계를 확인할 수 있습니다.
이름
W32/Mytob.27480@mm
바이러스 종류
Worm
실행환경
Windows
증상요약
레지스트리 변경, 메일발송,파일생성, 프로세스 종료, hosts 파일 변경
위험등급
보통
확산방법
이메일
치료방법
<span class="style4">터보백신 제품군으로 진단/치료 가능합니다.</span><br> <br> 상세설명  진단/치료방법
※ 상세 설명
이 웜은 W32/Mytob.48640의 변종으로 이메일을 통하여 전파되며, 감염된 메일발송, hosts 파일 변경으로 특정 싸이트의 접속을 방해 한다. <br> [메일 제목] <br> <br> 다음 중에서 선택된다.<br> <br> *DETECTED* Online User Violation <br> Email Account Suspension <br> Important Notification <br> Members Support <br> Notice of account limitation <br> Security measures <br> Warning Message: Your services near to be closed. <br> You have successfully updated your password <br> Your Account is Suspended For Security Reasons <br> Your new account password is approved <br> Your password has been successfully updated <br> Your password has been updated <br> <br> [메일 내용] <br> <br> Dear user (메일 주소(@이하제외)), <br> It has come to our attention that your (도메인주소(www, com 제외)) User Profile ( x ) records are out of date. For further details see the attached document.<br> <br> Thank you for using (도메인주소(www, com 제외))! <br> The (도메인주소(www, com 제외)) Support Team <br> <br> <br> +++ Attachment: No Virus (Clean) <br> +++ (도메인주소(www, com 제외)) Antivirus - www.(도메인 이름).com <br> <br> ---------------------------------------------- <br> Dear user (메일 주소(@이하제외)), <br> <br> You have successfully updated the password of your (도메인주소(www, com 제외)) account.<br> <br> If you did not authorize this change or if you need assistance with your account, please contact (도메인주소(www, com 제외)) customer service at: (메일주소)<br> <br> Thank you for using (도메인주소(www, com 제외))! <br> The (도메인주소(www, com 제외)) Support Team <br> <br> <br> +++ Attachment: No Virus (Clean) <br> +++ (도메인주소(www, com 제외)) Antivirus - www.(도메인이름).com <br> <br> ---------------------------------------------- <br> Dear (도메인주소(www, com 제외)) Member, <br> <br> We have temporarily suspended your email account (메일 주소).<br> <br> This might be due to either of the following reasons: <br> <br> 1. A recent change in your personal information (i.e. change of address). <br> 2. Submiting invalid information during the initial sign up process. <br> 3. An innability to accurately verify your selected option of subscription due to an internal error within our processors. <br> See the details to reactivate your (도메인주소(www, com 제외)) account. <br> <br> Sincerely,The (도메인주소(www, com 제외)) Support Team <br> <br> <br> +++ Attachment: No Virus (Clean) <br> +++ (도메인주소(www, com 제외)) Antivirus - www.(도메인이름).com <br> <br> ---------------------------------------------- <br> Dear (도메인주소(www, com 제외)) Member, <br> <br> Your e-mail account was used to send a huge amount of unsolicited spam messages during the recent week. If you could please take 5-10 minutes out of your online experience and confirm the attached document so you will not run into any future problems with the online service.<br> <br> If you choose to ignore our request, you leave us no choice but to cancel your membership.<br> <br> Virtually yours, <br> The (도메인주소(www, com 제외)) Support Team <br> <br> <br> +++ Attachment: No Virus found <br> +++ (도메인주소(www, com 제외)) Antivirus - www.(도메인이름).com <br> <br> [웜이 발송한 메일의 예]<br> <br> <br><img src="http://www.everyzone.com/info/virus_db/images/W32_Mytob_27480@mm.jpg" border="0"> <br> <br> <br> [첨부파일]<br> <br> 이름 은 다음 리스트에서 선택 된다(첨부파일은 확장자가 zip).<br> <br> accepted-password <br> account-details <br> account-info <br> account-password <br> account-report <br> approved-password <br> document <br> email-details<br> email-password <br> important-details <br> new-password <br> password <br> readme <br> updated-password <br> <br> 압축파일을 풀면 긴 공백사이로 다음과 같은 확장자가 붙는다.<br> <br> (첫번째 확장자)<br> <br> doc, htm, tmp, txt <br> <br> (두번째 파일 확장자)<br> <br> bat, cmd, exe, pif, scr<br> <br> [특징] <br> <br> 웜이 실행되면 다음과 같이 윈도우 시스템 폴더(win 2000, NT : c:\Wint\system32, win XP : c:\windows\system32) 에 d.exe(27,480 Byte) 파일을 생성한다.<br> <br> 또한, 다음처럼 레지스트를 수정하여 다음 부팅시 실행되도록 조작한다. <br> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 항목에<br> <br> "SYSTEM" = "d.exe" <br> <br> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices 항목에<br> <br> "SYSTEM" = "d.exe" <br> <br> 보내는 사람 메일 주소는 기본적으로 받는 사람의 메일 주소를 사용하며, 사용자명은 admin, register, support, service 를 이용한다.<br> <br> 다음 문자열을 포함한 메일주소로는 감염된 메일을 보내지 않는다.<br> <br> .edu<br> .gov <br> .mil <br> abuse <br> accoun <br> acketst <br> admin <br> anyone <br> arin <br> avp <br> berkeley<br> borlan <br> bsd <br> bugs <br> ca <br> certific <br> contact <br> example <br> feste <br> fido <br> foo<br> fsf<br> gnu <br> gold-certs <br> google <br> gov <br> help <br> hotmail <br> iana <br> ibm.com <br> icrosof <br> icrosoft <br> ietf <br> info <br> inpris <br> isc.o <br> isi.e <br> kernel <br> linux <br> listserv <br> math <br> me <br> mil <br> mit.e <br> mozilla <br> msn<br> mydomai<br> no <br> nobody <br> nodomai <br> noone <br> not <br> nothing <br> ntivi <br> page <br> panda <br> pgp <br> postmaster <br> privacy <br> rating <br> rfc-ed <br> ripe <br> root <br> ruslis <br> samples <br> secur <br> sendmail <br> service <br> site <br> soft <br> somebody <br> someone <br> sopho <br> spam <br> spm <br> submit <br> support <br> syma <br> tanford.e<br> the.bat <br> unix <br> usenet <br> utgers.ed <br> webmaster <br> <br> 그리고 hosts 파일을 조작하여 특정 싸이트의 접속을 방해 한다.<br> <br> 127.0.0.1 avp.com <br> 127.0.0.1 ca.com <br> 127.0.0.1 customer.symantec.com <br> 127.0.0.1 dispatch.mcafee.com <br> 127.0.0.1 download.mcafee.com <br> 127.0.0.1 ebay.com <br> 127.0.0.1 f-secure.com <br> 127.0.0.1 kaspersky-labs.com <br> 127.0.0.1 kaspersky.com <br> 127.0.0.1 liveupdate.symantec.com <br> 127.0.0.1 liveupdate.symantecliveupdate.com <br> 127.0.0.1 mast.mcafee.com <br> 127.0.0.1 mcafee.com <br> 127.0.0.1 microsoft.com <br> 127.0.0.1 moneybookers.com <br> 127.0.0.1 my-etrust.com <br> 127.0.0.1 nai.com <br> 127.0.0.1 networkassociates.com <br> 127.0.0.1 pandasoftware.com <br> 127.0.0.1 paypal.com <br> 127.0.0.1 rads.mcafee.com<br> 127.0.0.1 secure.nai.com <br> 127.0.0.1 securityresponse.symantec.com <br> 127.0.0.1 sophos.com <br> 127.0.0.1 symantec.com <br> 127.0.0.1 trendmicro.com <br> 127.0.0.1 update.symantec.com<br> 127.0.0.1 updates.symantec.com <br> 127.0.0.1 us.mcafee.com <br> 127.0.0.1 viruslist.com <br> 127.0.0.1 virustotal.com <br> 127.0.0.1 www.amazon.ca <br> 127.0.0.1 www.amazon.co.uk <br> 127.0.0.1 www.amazon.com <br> 127.0.0.1 www.amazon.fr <br> 127.0.0.1 www.avp.com <br> 127.0.0.1 www.ca.com <br> 127.0.0.1 www.ebay.com <br> 127.0.0.1 www.f-secure.com <br> 127.0.0.1 www.grisoft.com <br> 127.0.0.1 www.kaspersky.com <br> 127.0.0.1 www.mcafee.com <br> 127.0.0.1 www.microsoft.com <br> 127.0.0.1 www.moneybookers.com <br> 127.0.0.1 www.my-etrust.com <br> 127.0.0.1 www.nai.com <br> 127.0.0.1 www.networkassociates.com <br> 127.0.0.1 www.pandasoftware.com <br> 127.0.0.1 www.paypal.com <br> 127.0.0.1 www.sophos.com <br> 127.0.0.1 www.symantec.com <br> 127.0.0.1 www.trendmicro.com <br> 127.0.0.1 www.viruslist.com <br> 127.0.0.1 www.virustotal.com <br> <br> 또한 다음 프로세스가 동작 하면 강제 종료 시킨다.<br> <br> _AVP32.EXE <br> _AVPCC.EXE <br> _AVPM.EXE <br> ACKWIN32.EXE <br> ADAWARE.EXE <br> ADVXDWIN.EXE <br> AGENTSVR.EXE <br> AGENTW.EXE <br> ALERTSVC.EXE <br> ALEVIR.EXE <br> ALOGSERV.EXE <br> AMON9X.EXE <br> ANTI-TROJAN.EXE<br> ANTIVIRUS.EXE <br> ANTS.EXE <br> APIMONITOR.EXE <br> APLICA32.EXE <br> APVXDWIN.EXE <br> ARR.EXE <br> ATCON.EXE <br> ATGUARD.EXE <br> ATRO55EN.EXE <br> ATUPDATER.EXE <br> ATWATCH.EXE <br> AU.EXE <br> AUPDATE.EXE<br> AUTODOWN.EXE <br> AUTO-PROTECT.NAV80TRY.EXE <br> AUTOTRACE.EXE <br> AUTOUPDATE.EXE <br> AVCONSOL.EXE <br> AVE32.EXE <br> AVGCC32.EXE <br> AVGCTRL.EXE <br> AVGNT.EXE <br> AVGSERV.EXE <br> AVGSERV9.EXE <br> AVGUARD.EXE <br> AVGW.EXE <br> AVKPOP.EXE <br> AVKSERV.EXE <br> AVKSERVICE.EXE <br> AVKWCTl9.EXE <br> AVLTMAIN.EXE <br> AVNT.EXE <br> AVP.EXE <br> AVP32.EXE <br> AVPCC.EXE <br> AVPDOS32.EXE <br> AVPM.EXE <br> AVPTC32.EXE <br> AVPUPD.EXE <br> AVSCHED32.EXE <br> AVSYNMGR.EXE <br> AVWINNT.EXE <br> AVWUPD.EXE <br> AVWUPD32.EXE <br> AVWUPSRV.EXE <br> AVXMONITOR9X.EXE <br> AVXMONITORNT.EXE <br> AVXQUAR.EXE <br> BACKWEB.EXE <br> BARGAINS.EXE <br> BD_PROFESSIONAL.EXE <br> BEAGLE.EXE <br> BELT.EXE <br> BIDEF.EXE <br> BIDSERVER.EXE <br> BIPCP.EXE <br> BIPCPEVALSETUP.EXE <br> BISP.EXE <br> BLACKD.EXE <br> BLACKICE.EXE <br> BLSS.EXE <br> BOOTCONF.EXE <br> BOOTWARN.EXE <br> BORG2.EXE <br> BPC.EXE <br> BRASIL.EXE <br> BS120.EXE <br> BUNDLE.EXE <br> BVT.EXE <br> CCAPP.EXE <br> CCEVTMGR.EXE <br> CCPXYSVC.EXE <br> CDP.EXE <br> CFD.EXE <br> CFGWIZ.EXE <br> CFIADMIN.EXE <br> CFIAUDIT.EXE <br> CFINET.EXE <br> CFINET32.EXE <br> CLAW95CF.EXE <br> CLEAN.EXE <br> CLEANER.EXE <br> CLEANER3.EXE <br> CLEANPC.EXE <br> CLICK.EXE <br> CMD.EXE <br> CMD32.EXE <br> CMESYS.EXE <br> CMGRDIAN.EXE <br> CMON016.EXE <br> CONNECTIONMONITOR.EXE <br> CPD.EXE <br> CPF9X206.EXE<br> CPFNT206.EXE <br> CTRL.EXE <br> CV.EXE <br> CWNB181.EXE<br> CWNTDWMO.EXE <br> DATEMANAGER.EXE <br> DCOMX.EXE <br> DEFALERT.EXE <br> DEFSCANGUI.EXE <br> DEFWATCH.EXE <br> DEPUTY.EXE <br> DIVX.EXE <br> DLLCACHE.EXE <br> DLLREG.EXE <br> DOORS.EXE <br> DPF.EXE <br> DPFSETUP.EXE<br> DPPS2.EXE <br> DRWATSON.EXE <br> DRWEB32.EXE <br> DRWEBUPW.EXE <br> DSSAGENT.EXE <br> DVP95.EXE <br> DVP95_0.EXE <br> ECENGINE.EXE <br> EFPEADM.EXE <br> EMSW.EXE <br> ENT.EXE <br> ESAFE.EXE <br> ESCANHNT.EXE <br> ESCANV95.EXE <br> ESPWATCH.EXE <br> ETHEREAL.EXE <br> ETRUSTCIPE.EXE <br> EVPN.EXE <br> EXANTIVIRUS-CNET.EXE <br> EXE.AVXW.EXE <br> EXPERT.EXE <br> EXPLORE.EXE <br> FAMEH32.EXE <br> FAST.EXE <br> FCH32.EXE <br> FIH32.EXE <br> FINDVIRU.EXE <br> FIREWALL.EXE <br> FNRB32.EXE <br> FPROT.EXE <br> F-PROT.EXE <br> F-PROT95.EXE <br> FP-WIN.EXE <br> FP-WIN_TRIAL.EXE <br> FRW.EXE <br> FSAA.EXE <br> FSAV.EXE <br> FSAV32.EXE <br> FSAV530STBYB.EXE <br> FSAV530WTBYB.EXE <br> FSAV95.EXE <br> FSGK32.EXE <br> FSM32.EXE <br> FSMA32.EXE <br> FSMB32.EXE <br> F-STOPW.EXE <br> GATOR.EXE <br> GBMENU.EXE <br> GBPOLL.EXE <br> GENERICS.EXE <br> GMT.EXE <br> GUARD.EXE <br> GUARDDOG.EXE <br> HACKTRACERSETUP.EXE <br> HBINST.EXE <br> HBSRV.EXE <br> HOTACTIO.EXE <br> HOTPATCH.EXE <br> HTLOG.EXE <br> HTPATCH.EXE <br> HWPE.EXE <br> HXDL.EXE <br> HXIUL.EXE <br> IAMAPP.EXE <br> IAMSERV.EXE <br> IAMSTATS.EXE <br> IBMASN.EXE <br> IBMAVSP.EXE <br> ICLOADNT.EXE <br> ICMON.EXE <br> ICSUPP95.EXE <br> ICSUPPNT.EXE <br> IDLE.EXE <br> IEDLL.EXE <br> IEDRIVER.EXE <br> IEXPLORER.EXE <br> IFACE.EXE <br> IFW2000.EXE <br> INETLNFO.EXE <br> INFUS.EXE <br> INFWIN.EXE <br> INIT.EXE <br> INTDEL.EXE <br> INTREN.EXE <br> IOMON98.EXE <br> ISTSVC.EXE <br> JAMMER.EXE <br> JDBGMRG.EXE <br> JEDI.EXE <br> KAVLITE40ENG.EXE <br> KAVPERS40ENG.EXE <br> KAVPF.EXE <br> KAZZA.EXE <br> KEENVALUE.EXE <br> KERIO-PF-213-EN-WIN.EXE <br> KERIO-WRL-421-EN-WIN.EXE <br> KERIO-WRP-421-EN-WIN.EXE <br> KERNEL32.EXE <br> KILLPROCESSSETUP161.EXE <br> LAUNCHER.EXE <br> LDNETMON.EXE <br> LDPRO.EXE <br> LDPROMENU.EXE <br> LDSCAN.EXE <br> LNETINFO.EXE <br> LOADER.EXE <br> LOCALNET.EXE <br> LOCKDOWN.EXE <br> LOCKDOWN2000.EXE <br> LOOKOUT.EXE <br> LORDPE.EXE <br> LSETUP.EXE <br> LUALL.EXE <br> LUAU.EXE <br> LUCOMSERVER.EXE <br> LUINIT.EXE <br> LUSPT.EXE <br> MAPISVC32.EXE <br> MCAGENT.EXE <br> MCMNHDLR.EXE <br> MCSHIELD.EXE <br> MCTOOL.EXE <br> MCUPDATE.EXE <br> MCVSRTE.EXE <br> MCVSSHLD.EXE <br> MD.EXE <br> MFIN32.EXE <br> MFW2EN.EXE <br> MFWENG3.02D30.EXE <br> MGAVRTCL.EXE <br> MGAVRTE.EXE <br> MGHTML.EXE <br> MGUI.EXE <br> MINILOG.EXE <br> MMOD.EXE <br> MONITOR.EXE <br> MOOLIVE.EXE <br> MOSTAT.EXE <br> MPFAGENT.EXE <br> MPFSERVICE.EXE <br> MPFTRAY.EXE <br> MRFLUX.EXE <br> MSAPP.EXE <br> MSBB.EXE <br> MSBLAST.EXE <br> MSCACHE.EXE <br> MSCCN32.EXE <br> MSCMAN.EXE <br> MSCONFIG.EXE <br> MSDM.EXE <br> MSDOS.EXE <br> MSIEXEC16.EXE <br> MSINFO32.EXE <br> MSLAUGH.EXE <br> MSMGT.EXE <br> MSMSGRI32.EXE <br> MSSMMC32.EXE <br> MSSYS.EXE <br> MSVXD.EXE <br> MU0311AD.EXE <br> MWATCH.EXE <br> N32SCANW.EXE <br> NAV.EXE <br> NAVAPSVC.EXE<br> NAVAPW32.EXE <br> NAVDX.EXE <br> NAVLU32.EXE <br> NAVNT.EXE <br> NAVSTUB.EXE <br> NAVW32.EXE <br> NAVWNT.EXE <br> NC2000.EXE <br> NCINST4.EXE <br> NDD32.EXE <br> NEC.EXE <br> NEOMONITOR.EXE <br> NEOWATCHLOG.EXE <br> NETARMOR.EXE <br> NETD32.EXE <br> NETINFO.EXE <br> NETMON.EXE <br> NETSCANPRO.EXE <br> NETSTAT.EXE <br> NETUTILS.EXE <br> NISSERV.EXE <br> NISUM.EXE <br> NMAIN.EXE <br> NOD32.EXE <br> NORMIST.EXE <br> NOTSTART.EXE <br> NPFMESSENGER.EXE <br> NPROTECT.EXE <br> NPSCHECK.EXE <br> NPSSVC.EXE <br> NSCHED32.EXE <br> NSSYS32.EXE <br> NSTASK32.EXE <br> NSUPDATE.EXE <br> NT.EXE <br> NTRTSCAN.EXE <br> NTVDM.EXE <br> NTXconfig.EXE <br> NUI.EXE <br> NUPGRADE.EXE<br> NVARCH16.EXE <br> NVC95.EXE <br> NVSVC32.EXE <br> NWINST4.EXE <br> NWSERVICE.EXE <br> NWTOOL16.EXE <br> OLLYDBG.EXE <br> ONSRVR.EXE <br> OPTIMIZE.EXE <br> OSTRONET.EXE <br> OTFIX.EXE <br> OUTPOST.EXE <br> OUTPOSTINSTALL.EXE <br> OUTPOSTPROINSTALL.EXE <br> PADMIN.EXE <br> PANIXK.EXE <br> PATCH.EXE <br> PAVCL.EXE <br> PAVPROXY.EXE <br> PAVSCHED.EXE <br> PAVW.EXE <br> PCFWALLICON.EXE <br> PCIP10117_0.EXE <br> PCSCAN.EXE <br> PDSETUP.EXE <br> PERISCOPE.EXE <br> PERSFW.EXE <br> PERSWF.EXE <br> PF2.EXE <br> PFWADMIN.EXE<br> PGMONITR.EXE <br> PINGSCAN.EXE <br> PLATIN.EXE <br> POP3TRAP.EXE <br> POPROXY.EXE <br> POPSCAN.EXE <br> PORTDETECTIVE.EXE <br> PORTMONITOR.EXE <br> POWERSCAN.EXE <br> PPINUPDT.EXE <br> PPTBC.EXE <br> PPVSTOP.EXE <br> PRIZESURFER.EXE <br> PRMT.EXE <br> PRMVR.EXE <br> PROCDUMP.EXE <br> PROCESSMONITOR.EXE <br> PROCEXPLORERV1.0.EXE <br> PROGRAMAUDITOR.EXE <br> PROPORT.EXE <br> PROTECTX.EXE <br> PSPF.EXE <br> PURGE.EXE <br> QCONSOLE.EXE <br> QSERVER.EXE <br> RAPAPP.EXE <br> RAV7.EXE <br> RAV7WIN.EXE <br> RAV8WIN32ENG.EXE<br> RAY.EXE <br> RB32.EXE <br> RCSYNC.EXE <br> REALMON.EXE <br> REGED.EXE <br> REGEDIT.EXE <br> REGEDT32.EXE <br> RESCUE.EXE <br> RESCUE32.EXE <br> RRGUARD.EXE <br> RSHELL.EXE <br> RTVSCAN.EXE <br> RTVSCN95.EXE <br> RULAUNCH.EXE <br> RUN32DLL.EXE <br> RUNDLL.EXE <br> RUNDLL16.EXE <br> RUXDLL32.EXE <br> SAFEWEB.EXE <br> SAHAGENT.EXE <br> SAVE.EXE <br> SAVENOW.EXE <br> SBSERV.EXE <br> SC.EXE <br> SCAM32.EXE <br> SCAN32.EXE <br> SCAN95.EXE <br> SCANPM.EXE <br> SCRSCAN.EXE <br> SETUP_FLOWPROTECTOR_US.EXE <br> SETUPVAMEEVAL.EXE <br> SFC.EXE <br> SGSSFW32.EXE<br> SH.EXE <br> SHELLSPYINSTALL.EXE <br> SHN.EXE<br> SHOWBEHIND.EXE <br> SMC.EXE <br> SMS.EXE <br> SMSS32.EXE <br> SOAP.EXE <br> SOFI.EXE <br> SPERM.EXE <br> SPF.EXE <br> SPHINX.EXE <br> SPOLER.EXE <br> SPOOLCV.EXE <br> SPOOLSV32.EXE <br> SPYXX.EXE <br> SREXE.EXE <br> SRNG.EXE <br> SS3EDIT.EXE <br> SSG_4104.EXE <br> SSGRATE.EXE <br> ST2.EXE <br> START.EXE <br> STCLOADER.EXE <br> SUPFTRL.EXE <br> SUPPORT.EXE <br> SUPPORTER5.EXE <br> SVC.EXE <br> SVCHOSTC.EXE<br> SVCHOSTS.EXE <br> SVSHOST.EXE <br> SWEEP95.EXE <br> SWEEPNET.SWEEPSRV.SYS.SWNETSUP.EXE <br> SYMPROXYSVC.EXE <br> SYMTRAY.EXE <br> SYSEDIT.EXE <br> SYSTEM.EXE <br> SYSTEM32.EXE <br> SYSUPD.EXE <br> TASKMG.EXE <br> TASKMGR.EXE <br> TASKMO.EXE <br> TASKMON.EXE <br> TAUMON.EXE <br> TBSCAN.EXE <br> TC.EXE <br> TCA.EXE <br> TCM.EXE <br> TDS2-NT.EXE <br> TDS-3.EXE <br> TEEKIDS.EXE <br> TFAK.EXE <br> TFAK5.EXE <br> TGBOB.EXE <br> TITANIN.EXE <br> TITANINXP.EXE <br> TRACERT.EXE <br> TRICKLER.EXE <br> TRJSCAN.EXE <br> TRJSETUP.EXE <br> TROJANTRAP3.EXE <br> TSADBOT.EXE <br> TVMD.EXE <br> TVTMD.EXE <br> UNDOBOOT.EXE <br> UPDAT.EXE <br> UPDATE.EXE <br> UPGRAD.EXE <br> UTPOST.EXE <br> VBCMSERV.EXE <br> VBCONS.EXE <br> VBUST.EXE <br> VBWIN9X.EXE <br> VBWINNTW.EXE <br> VCSETUP.EXE <br> VET32.EXE <br> VET95.EXE <br> VETTRAY.EXE <br> VFSETUP.EXE <br> VIR-HELP.EXE <br> VIRUSMDPERSONALFIREWALL.EXE <br> VNLAN300.EXE <br> VNPC3000.EXE <br> VPC32.EXE <br> VPC42.EXE <br> VPFW30S.EXE <br> VPTRAY.EXE <br> VSCAN40.EXE <br> VSCENU6.02D30.EXE <br> VSCHED.EXE <br> VSECOMR.EXE <br> VSHWIN32.EXE <br> VSISETUP.EXE <br> VSMAIN.EXE <br> VSMON.EXE <br> VSSTAT.EXE <br> VSWIN9XE.EXE <br> VSWINNTSE.EXE <br> VSWINPERSE.EXE <br> W32DSM89.EXE <br> W9X.EXE <br> WATCHDOG.EXE<br> WEBDAV.EXE <br> WEBSCANX.EXE <br> WEBTRAP.EXE <br> WFINDV32.EXE <br> WHOSWATCHINGME.EXE <br> WIMMUN32.EXE <br> WIN32.EXE <br> WIN32US.EXE <br> WINACTIVE.EXE <br> WIN-BUGSFIX.EXE <br> WINDOW.EXE <br> WINDOWS.EXE <br> WININETD.EXE <br> WININIT.EXE <br> WININITX.EXE <br> WINLOGIN.EXE <br> WINMAIN.EXE <br> WINNET.EXE <br> WINPPR32.EXE <br> WINRECON.EXE <br> WINSERVN.EXE <br> WINSSK32.EXE <br> WINSTART.EXE <br> WINSTART001.EXE <br> WINTSK32.EXE <br> WINUPDATE.EXE <br> WKUFIND.EXE <br> WNAD.EXE <br> WNT.EXE <br> WRADMIN.EXE <br> WRCTRL.EXE <br> WSBGATE.EXE <br> WUPDATER.EXE <br> WUPDT.EXE <br> WYVERNWORKSFIREWALL.EXE <br> XPF202EN.EXE <br> ZAPRO.EXE <br> ZAPSETUP3001.EXE <br> ZATUTOR.EXE <br> ZONALM2601.EXE <br> ZONEALARM.EXE <br> <br> 그리고 특정 irc 서버에 접속을 시도하여 다음과 같은 기능을 할수 있다.<br> <br> 1. 파일 실행및 삭제<br> 2. 파일 다운로드<br> 3. 시스템 정보 수집<br> <br>
※ 예방 및 수동 조치 방법
  • 본 컨텐츠에 대한 저작권은 '에브리존'에게 있으며 이에 무단 사용 및 재배포를 금지합니다.
  • 본 컨텐츠에 대한 이용 문의는 '에브리존'으로 문의하여 주십시요