del trojan kompe win32/VB.AQT (kaip atsikratyt)
Parašytas: Ant Sau 09, 2007 9:39 pm
Vienu zodziu isigijau drauga.(temos pavadinime matyti.)
Nod32 skanuoja randa isima .Bet sitaucija kompe nesikeicia,tas pats per ta pati.Gavau dovanu per usb rakta.
Scan performed at: 2007.01.05 19:52:09
Scanning Log
NOD32 version 1958 (20070105) NT
Command line: C:\Documents and Settings\d6\Start Menu\Programs\Startup\ctfmon.exe
Operating memory - Win32/VB.AQT trojan
Active boot sector of the 1. physical disk - Error reading disk sector
Date: 5.1.2007 Time: 19:53:44
Scanned disks, folders and files: C:\Documents and Settings\d6\Start Menu\Programs\Startup\ctfmon.exe
C:\Documents and Settings\d6\Start Menu\Programs\Startup\ctfmon.exe - Win32/VB.AQT trojan - deleted
Number of scanned files: 1
Number of threats found: 1
Number of files cleaned: 1
Time of completion: 19:53:49 Total scanning time: 5 sec (00:00:05)
spybot seek a&d neranda isvis nieko.(tiesa iseme is startup ctfmon.exe)
idomiausi logai yra sitie :
D:\System Volume Information\MountPointManagerRemoteDatabase - error opening (Access denied) [4]
E:\System Volume Information\MountPointManagerRemoteDatabase - error opening (Access denied) [4]
F:\System Volume Information\MountPointManagerRemoteDatabase - error opening (Access denied) [4]
Number of scanned files: 69996
trumpas aprasymas trojano:
his trojan purports to be a legitimate file ctfmon.exe by its name and icon. It copies itself in a fake Recycle Bin folder that it creates. It also tries to configure the system to execute the trojan when a remote machine tries to access a drive on infected machine via network share.
On execution this malware adds the following files and folders on each drive
o %Drive%:\autorun.inf
o %Drive%:\Recycled\desktop.ini
o %Drive%:\Recycled\INFO2
o %Drive%:\Recycled\Recycled\ctfmon.exe
Where %Drive% represents the Drive Letters.
The contents of desktop.ini file are:
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
This causes windows to think that this folder contains recycle bin data. Desktop.ini is created as a hidden system file.
The contents of the autorun.inf file are:
[autorun]
shellexecute=Recycled\Recycled\ctfmon.exe
shell\Open(&O)\command=Recycled\Recycled\ctfmon.exe
shell=Open(&0)
Now if the folder in which this autorun.inf resides is shared and set for autoplay, then any remote computer accessing this share will end up executing the trojan file and getting infected too in a similar manner. This autorun.inf file also overrides the "open" command of the context menu (displayed on right click) to run the trojan when a user right-clicks and selects open.
Prie savo particiju galiu prisikasti per total ir per explorer (open desiniu mygtuku).Kas nemalonu tai kad kazkas per remote ikales man sita trojana narso po mano kompa.Padekit zmones
Nod32 skanuoja randa isima .Bet sitaucija kompe nesikeicia,tas pats per ta pati.Gavau dovanu per usb rakta.
Scan performed at: 2007.01.05 19:52:09
Scanning Log
NOD32 version 1958 (20070105) NT
Command line: C:\Documents and Settings\d6\Start Menu\Programs\Startup\ctfmon.exe
Operating memory - Win32/VB.AQT trojan
Active boot sector of the 1. physical disk - Error reading disk sector
Date: 5.1.2007 Time: 19:53:44
Scanned disks, folders and files: C:\Documents and Settings\d6\Start Menu\Programs\Startup\ctfmon.exe
C:\Documents and Settings\d6\Start Menu\Programs\Startup\ctfmon.exe - Win32/VB.AQT trojan - deleted
Number of scanned files: 1
Number of threats found: 1
Number of files cleaned: 1
Time of completion: 19:53:49 Total scanning time: 5 sec (00:00:05)
spybot seek a&d neranda isvis nieko.(tiesa iseme is startup ctfmon.exe)
idomiausi logai yra sitie :
D:\System Volume Information\MountPointManagerRemoteDatabase - error opening (Access denied) [4]
E:\System Volume Information\MountPointManagerRemoteDatabase - error opening (Access denied) [4]
F:\System Volume Information\MountPointManagerRemoteDatabase - error opening (Access denied) [4]
Number of scanned files: 69996
trumpas aprasymas trojano:
his trojan purports to be a legitimate file ctfmon.exe by its name and icon. It copies itself in a fake Recycle Bin folder that it creates. It also tries to configure the system to execute the trojan when a remote machine tries to access a drive on infected machine via network share.
On execution this malware adds the following files and folders on each drive
o %Drive%:\autorun.inf
o %Drive%:\Recycled\desktop.ini
o %Drive%:\Recycled\INFO2
o %Drive%:\Recycled\Recycled\ctfmon.exe
Where %Drive% represents the Drive Letters.
The contents of desktop.ini file are:
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
This causes windows to think that this folder contains recycle bin data. Desktop.ini is created as a hidden system file.
The contents of the autorun.inf file are:
[autorun]
shellexecute=Recycled\Recycled\ctfmon.exe
shell\Open(&O)\command=Recycled\Recycled\ctfmon.exe
shell=Open(&0)
Now if the folder in which this autorun.inf resides is shared and set for autoplay, then any remote computer accessing this share will end up executing the trojan file and getting infected too in a similar manner. This autorun.inf file also overrides the "open" command of the context menu (displayed on right click) to run the trojan when a user right-clicks and selects open.
Prie savo particiju galiu prisikasti per total ir per explorer (open desiniu mygtuku).Kas nemalonu tai kad kazkas per remote ikales man sita trojana narso po mano kompa.Padekit zmones