種類 |
I-Worm
|
危険度/拡散度 |
/
|
発見日 |
[korea] 2010-03-17 [Foreign] 0000-00-00
|
Virobot対応 |
2010-03-17 [Able to detect & repair]
|
[Symptoms of Infection] 2) It adds registry for automatic execution on system boot. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper 3) By modifying registry, it hides below files. HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Floder\Hidden\SHOWALL 4) The created ahnfgss(number).dll file runs by injecting to all processes, and it is created for stealing user account. The target processes are like below. 5) The created ahnxsds(number).dll file runs by injecting to iexplore.exe process, and it is created for stealing user account. The target sites are like below. 6) It accesses to http://kxhxcx.nxt (2x2.x1x.x7x.x5x) and downloads certain files, but the website cannot be accessible now. |
|
[How to repair] 1. If you are WinXP/ME users, please be inactivate System Recovery Function. The reason why being inactivate of the system recovery is to clean the virus completely. - Use the trial version of ViRobot products (30days only) a. Run your ViRobot, and choose "all files" in scan option. - ViRobot Desktop 5.5 : [Tools] -> [Configuration] -> [Virus Scan] : Check all files - LiveCall (Free Scan) : [Advanced Scan] : Check |