2024 정부지원사업 랜섬웨어 대응/예방 정부 지원 사업 -
도입 기회를 놓치지 마세요!!
자세히 보기
- 바이러스 정보
- 터보백신에서 분석한 바이러스 위협 정보, 보안 통계를 확인할 수 있습니다.
- 이름
- W32/Mytob.27480@mm
- 바이러스 종류
- Worm
- 실행환경
- Windows
- 증상요약
- 레지스트리 변경, 메일발송,파일생성, 프로세스 종료, hosts 파일 변경
- 위험등급
- 보통
- 확산방법
- 이메일
- 치료방법
- <span class="style4">터보백신 제품군으로 진단/치료 가능합니다.</span><br>
<br>
- ※ 상세 설명
- 이 웜은 W32/Mytob.48640의 변종으로 이메일을 통하여 전파되며,
감염된 메일발송, hosts 파일 변경으로 특정 싸이트의 접속을 방해 한다.
<br>
[메일 제목] <br>
<br>
다음 중에서 선택된다.<br>
<br>
*DETECTED* Online User Violation <br>
Email Account Suspension <br>
Important Notification <br>
Members Support <br>
Notice of account limitation <br>
Security measures <br>
Warning Message: Your services near to be closed. <br>
You have successfully updated your password <br>
Your Account is Suspended For Security Reasons <br>
Your new account password is approved <br>
Your password has been successfully updated <br>
Your password has been updated <br>
<br>
[메일 내용] <br>
<br>
Dear user (메일 주소(@이하제외)), <br>
It has come to our attention that your (도메인주소(www, com 제외)) User Profile ( x ) records are out of date. For further details see the attached document.<br>
<br>
Thank you for using (도메인주소(www, com 제외))! <br>
The (도메인주소(www, com 제외)) Support Team <br>
<br>
<br>
+++ Attachment: No Virus (Clean) <br>
+++ (도메인주소(www, com 제외)) Antivirus - www.(도메인 이름).com <br>
<br>
----------------------------------------------
<br>
Dear user (메일 주소(@이하제외)), <br>
<br>
You have successfully updated the password of your (도메인주소(www, com 제외)) account.<br>
<br>
If you did not authorize this change or if you need assistance with your account, please contact (도메인주소(www, com 제외)) customer service at: (메일주소)<br>
<br>
Thank you for using (도메인주소(www, com 제외))! <br>
The (도메인주소(www, com 제외)) Support Team <br>
<br>
<br>
+++ Attachment: No Virus (Clean) <br>
+++ (도메인주소(www, com 제외)) Antivirus - www.(도메인이름).com <br>
<br>
----------------------------------------------
<br>
Dear (도메인주소(www, com 제외)) Member, <br>
<br>
We have temporarily suspended your email account (메일 주소).<br>
<br>
This might be due to either of the following reasons: <br>
<br>
1. A recent change in your personal information (i.e. change of address). <br>
2. Submiting invalid information during the initial sign up process. <br>
3. An innability to accurately verify your selected option of subscription due to an internal error within our processors. <br>
See the details to reactivate your (도메인주소(www, com 제외)) account. <br>
<br>
Sincerely,The (도메인주소(www, com 제외)) Support Team <br>
<br>
<br>
+++ Attachment: No Virus (Clean) <br>
+++ (도메인주소(www, com 제외)) Antivirus - www.(도메인이름).com <br>
<br>
----------------------------------------------
<br>
Dear (도메인주소(www, com 제외)) Member, <br>
<br>
Your e-mail account was used to send a huge amount of unsolicited spam messages during the recent week. If you could please take 5-10 minutes out of your online experience and confirm the attached document so you will not run into any future problems with the online service.<br>
<br>
If you choose to ignore our request, you leave us no choice but to cancel your membership.<br>
<br>
Virtually yours, <br>
The (도메인주소(www, com 제외)) Support Team <br>
<br>
<br>
+++ Attachment: No Virus found <br>
+++ (도메인주소(www, com 제외)) Antivirus - www.(도메인이름).com <br>
<br>
[웜이 발송한 메일의 예]<br>
<br>
<br><img src="http://www.everyzone.com/info/virus_db/images/W32_Mytob_27480@mm.jpg" border="0">
<br>
<br>
<br>
[첨부파일]<br>
<br>
이름 은 다음 리스트에서 선택 된다(첨부파일은 확장자가 zip).<br>
<br>
accepted-password <br>
account-details <br>
account-info <br>
account-password <br>
account-report <br>
approved-password <br>
document <br>
email-details<br>
email-password <br>
important-details <br>
new-password <br>
password <br>
readme <br>
updated-password <br>
<br>
압축파일을 풀면 긴 공백사이로 다음과 같은 확장자가 붙는다.<br>
<br>
(첫번째 확장자)<br>
<br>
doc, htm, tmp, txt <br>
<br>
(두번째 파일 확장자)<br>
<br>
bat, cmd, exe, pif, scr<br>
<br>
[특징] <br>
<br>
웜이 실행되면 다음과 같이 윈도우 시스템 폴더(win 2000, NT : c:\Wint\system32, win XP : c:\windows\system32)
에 d.exe(27,480 Byte) 파일을 생성한다.<br>
<br>
또한, 다음처럼 레지스트를 수정하여 다음 부팅시 실행되도록 조작한다. <br>
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
항목에<br>
<br>
"SYSTEM" = "d.exe" <br>
<br>
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
항목에<br>
<br>
"SYSTEM" = "d.exe" <br>
<br>
보내는 사람 메일 주소는 기본적으로 받는 사람의 메일 주소를 사용하며,
사용자명은 admin, register, support, service 를 이용한다.<br>
<br>
다음 문자열을 포함한 메일주소로는 감염된 메일을 보내지 않는다.<br>
<br>
.edu<br>
.gov <br>
.mil <br>
abuse <br>
accoun <br>
acketst <br>
admin <br>
anyone <br>
arin <br>
avp <br>
berkeley<br>
borlan <br>
bsd <br>
bugs <br>
ca <br>
certific <br>
contact <br>
example <br>
feste <br>
fido <br>
foo<br>
fsf<br>
gnu <br>
gold-certs <br>
google <br>
gov <br>
help <br>
hotmail <br>
iana <br>
ibm.com <br>
icrosof <br>
icrosoft <br>
ietf <br>
info <br>
inpris <br>
isc.o <br>
isi.e <br>
kernel <br>
linux <br>
listserv <br>
math <br>
me <br>
mil <br>
mit.e <br>
mozilla <br>
msn<br>
mydomai<br>
no <br>
nobody <br>
nodomai <br>
noone <br>
not <br>
nothing <br>
ntivi <br>
page <br>
panda <br>
pgp <br>
postmaster <br>
privacy <br>
rating <br>
rfc-ed <br>
ripe <br>
root <br>
ruslis <br>
samples <br>
secur <br>
sendmail <br>
service <br>
site <br>
soft <br>
somebody <br>
someone <br>
sopho <br>
spam <br>
spm <br>
submit <br>
support <br>
syma <br>
tanford.e<br>
the.bat <br>
unix <br>
usenet <br>
utgers.ed <br>
webmaster <br>
<br>
그리고 hosts 파일을 조작하여 특정 싸이트의 접속을 방해 한다.<br>
<br>
127.0.0.1 avp.com <br>
127.0.0.1 ca.com <br>
127.0.0.1 customer.symantec.com <br>
127.0.0.1 dispatch.mcafee.com <br>
127.0.0.1 download.mcafee.com <br>
127.0.0.1 ebay.com <br>
127.0.0.1 f-secure.com <br>
127.0.0.1 kaspersky-labs.com <br>
127.0.0.1 kaspersky.com <br>
127.0.0.1 liveupdate.symantec.com <br>
127.0.0.1 liveupdate.symantecliveupdate.com <br>
127.0.0.1 mast.mcafee.com <br>
127.0.0.1 mcafee.com <br>
127.0.0.1 microsoft.com <br>
127.0.0.1 moneybookers.com <br>
127.0.0.1 my-etrust.com <br>
127.0.0.1 nai.com <br>
127.0.0.1 networkassociates.com <br>
127.0.0.1 pandasoftware.com <br>
127.0.0.1 paypal.com <br>
127.0.0.1 rads.mcafee.com<br>
127.0.0.1 secure.nai.com <br>
127.0.0.1 securityresponse.symantec.com <br>
127.0.0.1 sophos.com <br>
127.0.0.1 symantec.com <br>
127.0.0.1 trendmicro.com <br>
127.0.0.1 update.symantec.com<br>
127.0.0.1 updates.symantec.com <br>
127.0.0.1 us.mcafee.com <br>
127.0.0.1 viruslist.com <br>
127.0.0.1 virustotal.com <br>
127.0.0.1 www.amazon.ca <br>
127.0.0.1 www.amazon.co.uk <br>
127.0.0.1 www.amazon.com <br>
127.0.0.1 www.amazon.fr <br>
127.0.0.1 www.avp.com <br>
127.0.0.1 www.ca.com <br>
127.0.0.1 www.ebay.com <br>
127.0.0.1 www.f-secure.com <br>
127.0.0.1 www.grisoft.com <br>
127.0.0.1 www.kaspersky.com <br>
127.0.0.1 www.mcafee.com <br>
127.0.0.1 www.microsoft.com <br>
127.0.0.1 www.moneybookers.com <br>
127.0.0.1 www.my-etrust.com <br>
127.0.0.1 www.nai.com <br>
127.0.0.1 www.networkassociates.com <br>
127.0.0.1 www.pandasoftware.com <br>
127.0.0.1 www.paypal.com <br>
127.0.0.1 www.sophos.com <br>
127.0.0.1 www.symantec.com <br>
127.0.0.1 www.trendmicro.com <br>
127.0.0.1 www.viruslist.com <br>
127.0.0.1 www.virustotal.com <br>
<br>
또한 다음 프로세스가 동작 하면 강제 종료 시킨다.<br>
<br>
_AVP32.EXE <br>
_AVPCC.EXE <br>
_AVPM.EXE <br>
ACKWIN32.EXE <br>
ADAWARE.EXE <br>
ADVXDWIN.EXE <br>
AGENTSVR.EXE <br>
AGENTW.EXE <br>
ALERTSVC.EXE <br>
ALEVIR.EXE <br>
ALOGSERV.EXE <br>
AMON9X.EXE <br>
ANTI-TROJAN.EXE<br>
ANTIVIRUS.EXE <br>
ANTS.EXE <br>
APIMONITOR.EXE <br>
APLICA32.EXE <br>
APVXDWIN.EXE <br>
ARR.EXE <br>
ATCON.EXE <br>
ATGUARD.EXE <br>
ATRO55EN.EXE <br>
ATUPDATER.EXE <br>
ATWATCH.EXE <br>
AU.EXE <br>
AUPDATE.EXE<br>
AUTODOWN.EXE <br>
AUTO-PROTECT.NAV80TRY.EXE <br>
AUTOTRACE.EXE <br>
AUTOUPDATE.EXE <br>
AVCONSOL.EXE <br>
AVE32.EXE <br>
AVGCC32.EXE <br>
AVGCTRL.EXE <br>
AVGNT.EXE <br>
AVGSERV.EXE <br>
AVGSERV9.EXE <br>
AVGUARD.EXE <br>
AVGW.EXE <br>
AVKPOP.EXE <br>
AVKSERV.EXE <br>
AVKSERVICE.EXE <br>
AVKWCTl9.EXE <br>
AVLTMAIN.EXE <br>
AVNT.EXE <br>
AVP.EXE <br>
AVP32.EXE <br>
AVPCC.EXE <br>
AVPDOS32.EXE <br>
AVPM.EXE <br>
AVPTC32.EXE <br>
AVPUPD.EXE <br>
AVSCHED32.EXE <br>
AVSYNMGR.EXE <br>
AVWINNT.EXE <br>
AVWUPD.EXE <br>
AVWUPD32.EXE <br>
AVWUPSRV.EXE <br>
AVXMONITOR9X.EXE <br>
AVXMONITORNT.EXE <br>
AVXQUAR.EXE <br>
BACKWEB.EXE <br>
BARGAINS.EXE <br>
BD_PROFESSIONAL.EXE <br>
BEAGLE.EXE <br>
BELT.EXE <br>
BIDEF.EXE <br>
BIDSERVER.EXE <br>
BIPCP.EXE <br>
BIPCPEVALSETUP.EXE <br>
BISP.EXE <br>
BLACKD.EXE <br>
BLACKICE.EXE <br>
BLSS.EXE <br>
BOOTCONF.EXE <br>
BOOTWARN.EXE <br>
BORG2.EXE <br>
BPC.EXE <br>
BRASIL.EXE <br>
BS120.EXE <br>
BUNDLE.EXE <br>
BVT.EXE <br>
CCAPP.EXE <br>
CCEVTMGR.EXE <br>
CCPXYSVC.EXE <br>
CDP.EXE <br>
CFD.EXE <br>
CFGWIZ.EXE <br>
CFIADMIN.EXE <br>
CFIAUDIT.EXE <br>
CFINET.EXE <br>
CFINET32.EXE <br>
CLAW95CF.EXE <br>
CLEAN.EXE <br>
CLEANER.EXE <br>
CLEANER3.EXE <br>
CLEANPC.EXE <br>
CLICK.EXE <br>
CMD.EXE <br>
CMD32.EXE <br>
CMESYS.EXE <br>
CMGRDIAN.EXE <br>
CMON016.EXE <br>
CONNECTIONMONITOR.EXE <br>
CPD.EXE <br>
CPF9X206.EXE<br>
CPFNT206.EXE <br>
CTRL.EXE <br>
CV.EXE <br>
CWNB181.EXE<br>
CWNTDWMO.EXE <br>
DATEMANAGER.EXE <br>
DCOMX.EXE <br>
DEFALERT.EXE <br>
DEFSCANGUI.EXE <br>
DEFWATCH.EXE <br>
DEPUTY.EXE <br>
DIVX.EXE <br>
DLLCACHE.EXE <br>
DLLREG.EXE <br>
DOORS.EXE <br>
DPF.EXE <br>
DPFSETUP.EXE<br>
DPPS2.EXE <br>
DRWATSON.EXE <br>
DRWEB32.EXE <br>
DRWEBUPW.EXE <br>
DSSAGENT.EXE <br>
DVP95.EXE <br>
DVP95_0.EXE <br>
ECENGINE.EXE <br>
EFPEADM.EXE <br>
EMSW.EXE <br>
ENT.EXE <br>
ESAFE.EXE <br>
ESCANHNT.EXE <br>
ESCANV95.EXE <br>
ESPWATCH.EXE <br>
ETHEREAL.EXE <br>
ETRUSTCIPE.EXE <br>
EVPN.EXE <br>
EXANTIVIRUS-CNET.EXE <br>
EXE.AVXW.EXE <br>
EXPERT.EXE <br>
EXPLORE.EXE <br>
FAMEH32.EXE <br>
FAST.EXE <br>
FCH32.EXE <br>
FIH32.EXE <br>
FINDVIRU.EXE <br>
FIREWALL.EXE <br>
FNRB32.EXE <br>
FPROT.EXE <br>
F-PROT.EXE <br>
F-PROT95.EXE <br>
FP-WIN.EXE <br>
FP-WIN_TRIAL.EXE <br>
FRW.EXE <br>
FSAA.EXE <br>
FSAV.EXE <br>
FSAV32.EXE <br>
FSAV530STBYB.EXE <br>
FSAV530WTBYB.EXE <br>
FSAV95.EXE <br>
FSGK32.EXE <br>
FSM32.EXE <br>
FSMA32.EXE <br>
FSMB32.EXE <br>
F-STOPW.EXE <br>
GATOR.EXE <br>
GBMENU.EXE <br>
GBPOLL.EXE <br>
GENERICS.EXE <br>
GMT.EXE <br>
GUARD.EXE <br>
GUARDDOG.EXE <br>
HACKTRACERSETUP.EXE <br>
HBINST.EXE <br>
HBSRV.EXE <br>
HOTACTIO.EXE <br>
HOTPATCH.EXE <br>
HTLOG.EXE <br>
HTPATCH.EXE <br>
HWPE.EXE <br>
HXDL.EXE <br>
HXIUL.EXE <br>
IAMAPP.EXE <br>
IAMSERV.EXE <br>
IAMSTATS.EXE <br>
IBMASN.EXE <br>
IBMAVSP.EXE <br>
ICLOADNT.EXE <br>
ICMON.EXE <br>
ICSUPP95.EXE <br>
ICSUPPNT.EXE <br>
IDLE.EXE <br>
IEDLL.EXE <br>
IEDRIVER.EXE <br>
IEXPLORER.EXE <br>
IFACE.EXE <br>
IFW2000.EXE <br>
INETLNFO.EXE <br>
INFUS.EXE <br>
INFWIN.EXE <br>
INIT.EXE <br>
INTDEL.EXE <br>
INTREN.EXE <br>
IOMON98.EXE <br>
ISTSVC.EXE <br>
JAMMER.EXE <br>
JDBGMRG.EXE <br>
JEDI.EXE <br>
KAVLITE40ENG.EXE <br>
KAVPERS40ENG.EXE <br>
KAVPF.EXE <br>
KAZZA.EXE <br>
KEENVALUE.EXE <br>
KERIO-PF-213-EN-WIN.EXE <br>
KERIO-WRL-421-EN-WIN.EXE <br>
KERIO-WRP-421-EN-WIN.EXE <br>
KERNEL32.EXE <br>
KILLPROCESSSETUP161.EXE <br>
LAUNCHER.EXE <br>
LDNETMON.EXE <br>
LDPRO.EXE <br>
LDPROMENU.EXE <br>
LDSCAN.EXE <br>
LNETINFO.EXE <br>
LOADER.EXE <br>
LOCALNET.EXE <br>
LOCKDOWN.EXE <br>
LOCKDOWN2000.EXE <br>
LOOKOUT.EXE <br>
LORDPE.EXE <br>
LSETUP.EXE <br>
LUALL.EXE <br>
LUAU.EXE <br>
LUCOMSERVER.EXE <br>
LUINIT.EXE <br>
LUSPT.EXE <br>
MAPISVC32.EXE <br>
MCAGENT.EXE <br>
MCMNHDLR.EXE <br>
MCSHIELD.EXE <br>
MCTOOL.EXE <br>
MCUPDATE.EXE <br>
MCVSRTE.EXE <br>
MCVSSHLD.EXE <br>
MD.EXE <br>
MFIN32.EXE <br>
MFW2EN.EXE <br>
MFWENG3.02D30.EXE <br>
MGAVRTCL.EXE <br>
MGAVRTE.EXE <br>
MGHTML.EXE <br>
MGUI.EXE <br>
MINILOG.EXE <br>
MMOD.EXE <br>
MONITOR.EXE <br>
MOOLIVE.EXE <br>
MOSTAT.EXE <br>
MPFAGENT.EXE <br>
MPFSERVICE.EXE <br>
MPFTRAY.EXE <br>
MRFLUX.EXE <br>
MSAPP.EXE <br>
MSBB.EXE <br>
MSBLAST.EXE <br>
MSCACHE.EXE <br>
MSCCN32.EXE <br>
MSCMAN.EXE <br>
MSCONFIG.EXE <br>
MSDM.EXE <br>
MSDOS.EXE <br>
MSIEXEC16.EXE <br>
MSINFO32.EXE <br>
MSLAUGH.EXE <br>
MSMGT.EXE <br>
MSMSGRI32.EXE <br>
MSSMMC32.EXE <br>
MSSYS.EXE <br>
MSVXD.EXE <br>
MU0311AD.EXE <br>
MWATCH.EXE <br>
N32SCANW.EXE <br>
NAV.EXE <br>
NAVAPSVC.EXE<br>
NAVAPW32.EXE <br>
NAVDX.EXE <br>
NAVLU32.EXE <br>
NAVNT.EXE <br>
NAVSTUB.EXE <br>
NAVW32.EXE <br>
NAVWNT.EXE <br>
NC2000.EXE <br>
NCINST4.EXE <br>
NDD32.EXE <br>
NEC.EXE <br>
NEOMONITOR.EXE <br>
NEOWATCHLOG.EXE <br>
NETARMOR.EXE <br>
NETD32.EXE <br>
NETINFO.EXE <br>
NETMON.EXE <br>
NETSCANPRO.EXE <br>
NETSTAT.EXE <br>
NETUTILS.EXE <br>
NISSERV.EXE <br>
NISUM.EXE <br>
NMAIN.EXE <br>
NOD32.EXE <br>
NORMIST.EXE <br>
NOTSTART.EXE <br>
NPFMESSENGER.EXE <br>
NPROTECT.EXE <br>
NPSCHECK.EXE <br>
NPSSVC.EXE <br>
NSCHED32.EXE <br>
NSSYS32.EXE <br>
NSTASK32.EXE <br>
NSUPDATE.EXE <br>
NT.EXE <br>
NTRTSCAN.EXE <br>
NTVDM.EXE <br>
NTXconfig.EXE <br>
NUI.EXE <br>
NUPGRADE.EXE<br>
NVARCH16.EXE <br>
NVC95.EXE <br>
NVSVC32.EXE <br>
NWINST4.EXE <br>
NWSERVICE.EXE <br>
NWTOOL16.EXE <br>
OLLYDBG.EXE <br>
ONSRVR.EXE <br>
OPTIMIZE.EXE <br>
OSTRONET.EXE <br>
OTFIX.EXE <br>
OUTPOST.EXE <br>
OUTPOSTINSTALL.EXE <br>
OUTPOSTPROINSTALL.EXE <br>
PADMIN.EXE <br>
PANIXK.EXE <br>
PATCH.EXE <br>
PAVCL.EXE <br>
PAVPROXY.EXE <br>
PAVSCHED.EXE <br>
PAVW.EXE <br>
PCFWALLICON.EXE <br>
PCIP10117_0.EXE <br>
PCSCAN.EXE <br>
PDSETUP.EXE <br>
PERISCOPE.EXE <br>
PERSFW.EXE <br>
PERSWF.EXE <br>
PF2.EXE <br>
PFWADMIN.EXE<br>
PGMONITR.EXE <br>
PINGSCAN.EXE <br>
PLATIN.EXE <br>
POP3TRAP.EXE <br>
POPROXY.EXE <br>
POPSCAN.EXE <br>
PORTDETECTIVE.EXE <br>
PORTMONITOR.EXE <br>
POWERSCAN.EXE <br>
PPINUPDT.EXE <br>
PPTBC.EXE <br>
PPVSTOP.EXE <br>
PRIZESURFER.EXE <br>
PRMT.EXE <br>
PRMVR.EXE <br>
PROCDUMP.EXE <br>
PROCESSMONITOR.EXE <br>
PROCEXPLORERV1.0.EXE <br>
PROGRAMAUDITOR.EXE <br>
PROPORT.EXE <br>
PROTECTX.EXE <br>
PSPF.EXE <br>
PURGE.EXE <br>
QCONSOLE.EXE <br>
QSERVER.EXE <br>
RAPAPP.EXE <br>
RAV7.EXE <br>
RAV7WIN.EXE <br>
RAV8WIN32ENG.EXE<br>
RAY.EXE <br>
RB32.EXE <br>
RCSYNC.EXE <br>
REALMON.EXE <br>
REGED.EXE <br>
REGEDIT.EXE <br>
REGEDT32.EXE <br>
RESCUE.EXE <br>
RESCUE32.EXE <br>
RRGUARD.EXE <br>
RSHELL.EXE <br>
RTVSCAN.EXE <br>
RTVSCN95.EXE <br>
RULAUNCH.EXE <br>
RUN32DLL.EXE <br>
RUNDLL.EXE <br>
RUNDLL16.EXE <br>
RUXDLL32.EXE <br>
SAFEWEB.EXE <br>
SAHAGENT.EXE <br>
SAVE.EXE <br>
SAVENOW.EXE <br>
SBSERV.EXE <br>
SC.EXE <br>
SCAM32.EXE <br>
SCAN32.EXE <br>
SCAN95.EXE <br>
SCANPM.EXE <br>
SCRSCAN.EXE <br>
SETUP_FLOWPROTECTOR_US.EXE <br>
SETUPVAMEEVAL.EXE <br>
SFC.EXE <br>
SGSSFW32.EXE<br>
SH.EXE <br>
SHELLSPYINSTALL.EXE <br>
SHN.EXE<br>
SHOWBEHIND.EXE <br>
SMC.EXE <br>
SMS.EXE <br>
SMSS32.EXE <br>
SOAP.EXE <br>
SOFI.EXE <br>
SPERM.EXE <br>
SPF.EXE <br>
SPHINX.EXE <br>
SPOLER.EXE <br>
SPOOLCV.EXE <br>
SPOOLSV32.EXE <br>
SPYXX.EXE <br>
SREXE.EXE <br>
SRNG.EXE <br>
SS3EDIT.EXE <br>
SSG_4104.EXE <br>
SSGRATE.EXE <br>
ST2.EXE <br>
START.EXE <br>
STCLOADER.EXE <br>
SUPFTRL.EXE <br>
SUPPORT.EXE <br>
SUPPORTER5.EXE <br>
SVC.EXE <br>
SVCHOSTC.EXE<br>
SVCHOSTS.EXE <br>
SVSHOST.EXE <br>
SWEEP95.EXE <br>
SWEEPNET.SWEEPSRV.SYS.SWNETSUP.EXE <br>
SYMPROXYSVC.EXE <br>
SYMTRAY.EXE <br>
SYSEDIT.EXE <br>
SYSTEM.EXE <br>
SYSTEM32.EXE <br>
SYSUPD.EXE <br>
TASKMG.EXE <br>
TASKMGR.EXE <br>
TASKMO.EXE <br>
TASKMON.EXE <br>
TAUMON.EXE <br>
TBSCAN.EXE <br>
TC.EXE <br>
TCA.EXE <br>
TCM.EXE <br>
TDS2-NT.EXE <br>
TDS-3.EXE <br>
TEEKIDS.EXE <br>
TFAK.EXE <br>
TFAK5.EXE <br>
TGBOB.EXE <br>
TITANIN.EXE <br>
TITANINXP.EXE <br>
TRACERT.EXE <br>
TRICKLER.EXE <br>
TRJSCAN.EXE <br>
TRJSETUP.EXE <br>
TROJANTRAP3.EXE <br>
TSADBOT.EXE <br>
TVMD.EXE <br>
TVTMD.EXE <br>
UNDOBOOT.EXE <br>
UPDAT.EXE <br>
UPDATE.EXE <br>
UPGRAD.EXE <br>
UTPOST.EXE <br>
VBCMSERV.EXE <br>
VBCONS.EXE <br>
VBUST.EXE <br>
VBWIN9X.EXE <br>
VBWINNTW.EXE <br>
VCSETUP.EXE <br>
VET32.EXE <br>
VET95.EXE <br>
VETTRAY.EXE <br>
VFSETUP.EXE <br>
VIR-HELP.EXE <br>
VIRUSMDPERSONALFIREWALL.EXE <br>
VNLAN300.EXE <br>
VNPC3000.EXE <br>
VPC32.EXE <br>
VPC42.EXE <br>
VPFW30S.EXE <br>
VPTRAY.EXE <br>
VSCAN40.EXE <br>
VSCENU6.02D30.EXE <br>
VSCHED.EXE <br>
VSECOMR.EXE <br>
VSHWIN32.EXE <br>
VSISETUP.EXE <br>
VSMAIN.EXE <br>
VSMON.EXE <br>
VSSTAT.EXE <br>
VSWIN9XE.EXE <br>
VSWINNTSE.EXE <br>
VSWINPERSE.EXE <br>
W32DSM89.EXE <br>
W9X.EXE <br>
WATCHDOG.EXE<br>
WEBDAV.EXE <br>
WEBSCANX.EXE <br>
WEBTRAP.EXE <br>
WFINDV32.EXE <br>
WHOSWATCHINGME.EXE <br>
WIMMUN32.EXE <br>
WIN32.EXE <br>
WIN32US.EXE <br>
WINACTIVE.EXE <br>
WIN-BUGSFIX.EXE <br>
WINDOW.EXE <br>
WINDOWS.EXE <br>
WININETD.EXE <br>
WININIT.EXE <br>
WININITX.EXE <br>
WINLOGIN.EXE <br>
WINMAIN.EXE <br>
WINNET.EXE <br>
WINPPR32.EXE <br>
WINRECON.EXE <br>
WINSERVN.EXE <br>
WINSSK32.EXE <br>
WINSTART.EXE <br>
WINSTART001.EXE <br>
WINTSK32.EXE <br>
WINUPDATE.EXE <br>
WKUFIND.EXE <br>
WNAD.EXE <br>
WNT.EXE <br>
WRADMIN.EXE <br>
WRCTRL.EXE <br>
WSBGATE.EXE <br>
WUPDATER.EXE <br>
WUPDT.EXE <br>
WYVERNWORKSFIREWALL.EXE <br>
XPF202EN.EXE <br>
ZAPRO.EXE <br>
ZAPSETUP3001.EXE <br>
ZATUTOR.EXE <br>
ZONALM2601.EXE <br>
ZONEALARM.EXE <br>
<br>
그리고 특정 irc 서버에 접속을 시도하여 다음과 같은 기능을 할수 있다.<br>
<br>
1. 파일 실행및 삭제<br>
2. 파일 다운로드<br>
3. 시스템 정보 수집<br>
<br>
- ※ 예방 및 수동 조치 방법
-
- 본 컨텐츠에 대한 저작권은 '에브리존'에게 있으며 이에 무단 사용 및 재배포를 금지합니다.
- 본 컨텐츠에 대한 이용 문의는 '에브리존'으로 문의하여 주십시요