- Windows ... |
***
: « !..».
-, sms- ( – ).
8 2009 . « » , Windows « » – Windows. ( ) sms- – ( ) .
: «Windows . 4128800256 3649. ».
.
***
, Windows
Dr.Web 08.04.2009 ., Trojan.Winlock.19. Origins TracingTM Trojan.Winlock.origin.
13.04.2009 ., Trojan-Dropper.Win32.Blocker.a Trojan-Ransom.Win32.Agent.af.
Panda Security 20.04.2009 . , Trj/SMSlock.A.
, , Windows.
Windows (PE EXE-). 88576 . C++.
***
Windows – %Temp%\<rnd>.tmp (<rnd> – ).
94208 .
, :
– [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] (REG_SZ) Userinit – %Temp%\<rnd>.tmp;
– http-: http://%3Crnd1%3E.com/regis***.php?guid={<rnd2>}&wid=<rnd3>&u=<rnd3>&number=<rnd4>install=1,
<rnd1> – url-, ;
<rnd2> – ;
<rnd3> – ;
<rnd4> – ;
– a.bat (, « »: 2 «», , 2- ).
***
Windows
• Windows, Trojan.Winlock, , « »:
– SMS sms ( ), OK;
– , .
|
– - « »;
– ( SMS) , ;
– :
***
Windows « », , - , Windows miniPE ERD Commander:
– Delete CMOS Setup Utility;
– Windows XP ERD Commander –> Enter;
– Starting Winternals ERD Commander;
– Skip Network Configuration;
– Welcome to ERD Commander –> OK;
– , My Computer;
– ERD Commander Explorer , ( , C:\);
– , , Windows – %Temp%\<rnd>.tmp ( , , );
– ERD Commander Explorer;
– Start –> Administrative Tools –> RegEdit;
– ERD Commander Registry Editor [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon];
– REG_SZ- Userinit C:\WINDOWS\system32\userinit.exe, ( C:\, , <_>:\Windows\system32\userinit.exe,). %Temp%\<rnd>.tmp;
– ( ) REG_SZ- Shell Explorer.exe;
– ERD Commander Registry Editor;
– Start –> Log Off –> Restart –> OK;
– Delete CMOS Setup Utility;
– Windows ;
– .
1. ! , – sms , , .
2. , -, , « », . : ? , - - , ( !), . !..
***
• « » ,
• Ransomware Reloaded – PandaLabs
• Trojan-Dropper.Win32.Blocker.a
: | |