바이러스 DB - 터보백신

바이러스 정보
터보백신에서 분석한 바이러스 위협 정보, 보안 통계를 확인할 수 있습니다.

이름: Worm-W32/Kelvir.69632

바이러스 종류: Worm

실행환경: Windows

증상요약: 비주얼 베이직으로 제작되었으며, 시스템 수행 속도를 떨어뜨리고 MSN 메신저로 전파되는 웜이다.

위험등급: 높음

확산방법: MSN 메신저

치료방법: 터보백신 제품군으로 진단/치료 가능합니다.

※ 상세 설명: 메신저에 나타난 링크를 클릭 하면 screensaver.scr 파일을 다운로드 받는 웹싸이트로 연결된다. 감염된 시스템은 Msn 메신저 대화 상대 리스트를 수집하여 웜을 내려 받을수 있는 주소를 무작위로 보내게 된다. <img src="http://www.everyzone.com/info/virus_db/images/Worm_W32_Kelvir_69632_MSN.jpg" border="0"> Msn 메신저로 보내지는 내용은 다음 과 같다. > Why should u do this, this is very strange. I just checked, i cant believe it. :| > http://checkthis.ubb.cc/ > This is some kind of new movie, it must come out in 2 weeks, Preview! : > http://check.100mbitde.info/ > Why should u do this, this is very strange. I just checked, i cant believe it. :| > http://OMG.100mbitde.info/ > This is some kind of new movie, it must come out in 2 weeks, Preview! : > http://checkthis.100mbitde.info/ > This link, got it from someone in my list. I checked it out, very weird movie lol. > http://checkthis.100mbitde.info/ > Why should u do this, this is very strange. I just checked, i cant believe it. :| > http://checkthis.ubb.cc/ > :D This is so cool! > http://checkthis.100mbitde.info/ > :D This is so cool! > http://OMG.100mbitde.info/ > :D This is so cool! > http://checkthis.ubb.cc/ > This link, got it from someone in my list. I checked it out, very weird movie lol. > http://checkthis.dd.vg/ > :D This is so cool! > http://checkthis.100mbitde.info/ > :D This is so cool! > http://check.100mbitde.info/ > This is some kind of new movie, it must come out in 2 weeks, Preview! : > http://OMG.100mbitde.info/ > This is some kind of new movie, it must come out in 2 weeks, Preview! : > http://check.100mbitde.info/ > This is some kind of new movie, it must come out in 2 weeks, Preview! : > http://checkthis.dd.vg/ > This is some kind of new movie, it must come out in 2 weeks, Preview! : > http://checkthis.dd.vg/ 웜이 실행 되면 윈도우폴더(win 2000, NT : c:\Winnt, win XP : c:\windows, win 95/98/me : c:\windows)에 hosts.exe 파일을 생성한다. 또한 다음처럼 레지스트를 수정, 다음 부팅시 실행되도록 조작한다. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run 항목에 (win9x의 경우) Windows Hosts = c:\windows\hosts.exe (win2000, NT의 경우) Windows Hosts = c:\winnt\hosts.exe (WinXP의 경우) Windows Hosts = c:\windows\hosts.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices 항목에 (win9x의 경우) Windows Hosts = c:\windows\hosts.exe (win2000, NT의 경우) Windows Hosts = c:\winnt\hosts.exe (WinXP의 경우) Windows Hosts = c:\windows\hosts.exe 또한 다음처름 바이러스 백신과 보안제품의 서비스가 실행되면 강제 종료 시키게 된다. Ahnlab Task Scheduler altiris client service ANTIVIR ATRACK avast! antivirus avast! iavs4 control service AVCONSOL AVG6 Service AVG7 Alert Manager Server AVG7 Update Service AVP control center service AVP.EXE AVP32 AVSync Manager AVSYNMGR Background Intelligent Transfer Service BlackICE CFINET CFINET32 DefWatch Detector de OfficeScanNT dllhost eTrust Antivirus Job Server etrust antivirus job server eTrust Antivirus Realtime Server etrust antivirus realtime server eTrust Antivirus RPC Server etrust antivirus rpc server fix-it task manager F-PROT95 FP-WIN F-STOPW fxsvc IAMAPP ICMON intel file transfer intel pds internet pr0tocol IOMON98 IPSEC Policy Agent Kaspersky Kaspersky Antivirus Kaspersky Anti-Virus kaspersky auto protect service Kaspersky Client KAV Moniter Service kerio personal firewall Kingsoft AntiVirus Service LOCKDOWN2000 LUALL LUCOMSERVER MCAFEE McAfee Agent mcafee framework service McAfee.com McShield McAfee.com VirusScan Online Realtime Engine McShield MonSvcNT msclol2 msclol8 NAV Alert NAV Auto-Protect NAVAPSVC NAVAPW32 NAVRUNR NAVW32 NAVWNT NISSERV NISUM NMAIN NORTON Norton AntiVirus Auto Protect Service Norton Antivirus Auto Protect Service Norton AntiVirus Client Norton AntiVirus Corporate Edition Norton AntiVirus Server Norton Internet Security Accounts Manager Norton Internet Security Proxy Service Norton Internet Security Proxy Srvice Norton Internet Security Service Norton Internet Security service Norton Unerase Protection NVC95 nvscv officescannt listener OfficeScanNT Monitor officescannt realtime scan outpost firewall service Panda Antivirus pcanywhere host service PC-cillin Personal Firewall PCCIOMON PCCMAIN PCCWIN98 POP3TRAP PVIEW95 Quick Heal Online Protection RemoteAgent RESCUE32 Rising Process Communication Center rising process communication center Rising Realtime Monitor Service rising realtime monitor service rundll SAFEWEB savroam ScriptBlocking Service scvhost secur2 Security Center Serv-U FTP Server snake sockproxy service Sophos Anti-Virus Sophos Anti-Virus Network Sygate Personal Firewall Sygate Personal Firewall Pro SyGateService symantec antivirus Symantec AntiVirus Client symantec central quarantine Symantec Event Manager Symantec Proxy Service symantec quarantine agent symantec quarantine scanner SYMPROXYSVC syslock System Event Notification systemsecuritydll Trend Micro Proxy Service Trend NT Realtime Service TrueVector Internet Monitor V3MonNT V3MonSvc ViRobot Expert Monitoring ViRobot Lite Monitoring ViRobot Professional Monitoring vnc server VSHWIN32 VSSTAT WEBSCANX WEBTRAP Windows Firewall Windows Internet Connection Sharing(ICS) WMDM PMSP Service ZoneAlarm

※ 예방 및 수동 조치 방법

본 컨텐츠에 대한 이용 문의는 '에브리존'으로 문의하여 주십시요

다음글: W32/Bagle.37888@mm

터보백신 개인용 TurboVaccine Introduce

터보백신 개인용
TurboVaccine Introduce