Giúp tôi với. Tên của nó là copy.exe

English | Vietnamese

Rules

Main Forum

Portal

Member Listing

Statistics

Search

Reading Room
[Register]

Login [ | https ]

Forum Index

Thảo luận virus, trojan, spyware, worm...

Giúp tôi với. Tên của nó là copy.exe

[Question] Giúp tôi với. Tên của nó là copy.exe	02/03/2007 04:45:53 (+0700) \| #1 \| 43980

CMOS
Member

Joined: 20/09/2006 14:11:07
Messages: 52
Offline

Máy của tôi dính con copy.exe, nó khóa Folder option. Cả văn phòng đang nhốn nháo, máy die hàng loạt. Giúp tôi với.

[Question] Giúp tôi với. Tên của nó là copy.exe	02/03/2007 05:38:32 (+0700) \| #2 \| 43991

delua
Locked

Joined: 28/12/2006 00:48:39
Messages: 102
Offline

CMOS wrote:

Máy của tôi dính con copy.exe, nó khóa Folder option. Cả văn phòng đang nhốn nháo, máy die hàng loạt. Giúp tôi với.

Đây là con W32.Salga.B@mm,được viết bằng Visual Basic.

Kích thướng khoảng : 34,479 bytes
Lây nhiểm trên các OS : Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Nó sử dụng Microsoft Outlook để send các thông tin mà nó thu nhặt được từ Microsoft Address Book.Có thể bị lây nhiễm qua mIRC hay các file chia sẻ trên net.

Hoạt động :

- Hiện thông báo : dạng ( MsgBox )

Title: system error
Body: error in winzip due to PARPAROSA tsunami

- Tạo các thư mục :

%Windir%\All Users\Desktop\magic
C:\magic_cam
C:\hard core hook from web
D:\hook all sex movies from webs
D:\secrets
E:\real sex telephones

- Copy bản sao của nó vào những folder mà nó đã được thực thi trên đó với phần mở rộng là *.exe

- Copy bản sao vào các nơi :

%Windir%\acdsee demo.exe
%Windir%\system\system copy.exe
%Windir%\system32\egywormo[gen2].exe
%Windir%\All Users\Desktop\magic\sex photoes of monika.zip.exe
%Windir%\All Users\Start Menu\Programs\StartUp\salga.b.exe
%Windir%\Start Menu\mob xp10 net speeder.zip.exe
%Windir%\start menu\mob xp10 net speeder.zip.exe
%Windir%\start menu\programs\DR.BLACK PERSON.zip.exe
%Windir%\start menu\programs\DR.BLACK PERSON chat prog.zip.exe
C:\BEST 10 SEX MOVIES IN 2004.zip
C:\hard core hook from web\setup.zip.exe
C:\magic_cam\magic_cam.ZIP.EXE
C:\Program Files\Accessories\attachment.zip...............exe
C:\Program Files\Accessories\Nicole kidman.zip...............exe
C:\Program Files\mirc\Britny spears marriage with Bnladen son.zip.exe
C:\Program Files\mirc32\Britny spears marriage with Bnladen son.zip.exe
C:\Documents and Settings\All Users\DESKTOP\holywood stuff film.zip.exe
C:\Documents and Settings\All Users\Start Menu\white fang sex.zip.exe
C:\Documents and Settings\All Users\Start Menu\Programs\sisqoo^^007 progs.zip.exe
C:\Documents and Settings\All Users\Start Menu\Programs\sisqoo^^007 progs.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\a7meedye graphices maker.zip.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\salga.b.exe
D:\FUN.ZIP.EXE
D:\girlfriends emails.zip.exe
D:\hook all sex movies from webs\setup.zip.exe
E:\blood of fetch sex.zip.exe
E:\Messenger 9.00.ZIP.EXE
E:\real sex telephones\call from me.zip.exe

- Đăng ký tự chạy trong registry :

"windows" = "%Windir%\system\system copy.exe"
"system xp" = "%Windir%\acdsee demo.exe"

( HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ )

- Tạo file autorun ở ổ D với nội dung :

[autorun]
open=FUN.ZIP.EXE

- Tạo file autorun ở ổ E với nội dung :

[autorun]
open=Messenger 9.00.ZIP.EXE

- Ghi các giá trị vào reg :

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore

"DisableConfig" = "1"
"DisableSR" = "1".

- Ghi đè các files :

C:\program files\mIRC\script.ini
C:\program files\mIRC32\script.ini

- Tạo thư mục \Program Files\Kazaa\My Shared Folder\Shared và copy bản sao của nó :

learn 3dstoudio in 3 days.zip.........exe
new sex .zip.........exe
anti hackers.zip.........exe
antibiotics side effects.zip.........exe
aol2005 frexe and new.zip.........exe
best and strong firewall in 2004.zip.........exe
best anti virus in 2004 (new&frexe).zip........exe
best xxl movies in 2004 .zip.........exe
big one in the world.zip.........exe
Britny spears and Madona sex viedio in 24 minnly.zip.................exe
Britny Spears sex pics.zip.........exe
bundes lega.zip.........exe
Cat attacks child.zip.........exe
cocacola new chat prog.zip.........exe
Comedy video.zip.........exe
computer programs in 2020.zip.........exe
Dracola realy appears in japan.zip.........exe
FBI secrets ( how can them catch hekers.zip........exe
fear FACTOR FLASH MOVEIS.zip.........exe
FlashMovie.zip.........exe
Game_Crack_Genie_v0.5.zip.........exe
hard core new films.zip.........exe
i robot 2nd part .zip.........exe
Iraq war.zip.................exe
last messengers versions.zip.................exe
learn allvisual basic projects.zip.........exe
LEARN autocade IN 3 days.zip.........exe
learn photo shop in 3 days only.zip................exe
lesbien chat frexe.zip.........exe
MacroMedia Flash 6.0.zip.........exe
MAGIC_ programs.zip.........exe
mirc_antworms.zip.........exe
ms games.zip.........exe
MsDos_PortScanner.zip.........exe
msn 9.00+its plus frexe and new.zip...............exe
NEW abu gharib secrets movies and photos.zip........exe
new cupied photos.zip.................exe
new film_alond shwanzinger 2004.zip.........ex
new girls emails with there phone numbers.zip................exe
news paper(clot).zip.........exe
norton 2005+its crack (frexe&new).zip.........exe
office 2005 frexe &new.zip.........exe
pebsi with mice heheheheh.zip.........exe
photoshop LAST VER 2005.zip.........exe
sex animal photos.zip.........exe
Shockwave Flash.zip.........exe
Simpsons Episode (#10)..zip.........exe
songs of sexy films.zip.........exe
ssPamela_Anderson_(Naked Screxen Saver).scr........exe
ssParis_Hilton_(Nude Screxen Saver).scr............exe
striper brests program v 1.7.00.zip.exe
strong fire wall allover the world with thelasupdate of norton.zip.................exe
SWF.zip.........exe
SWF_Movie.zip.........exe
tourism IN TURKY FRexe.zip.........exe
TOY 2010 new film of me.zip.........exe
Tutorial Video on Hacking.........exe
UK DENGEROUS SECRETS secrets.zip.........exe
USA discvered water in mars yesterday.doc.zip................exe
viagra frexe only gift 4 u in 2004.zip.........xe
Virtual_3D_Pinball.zip.........exe
virus cleaner 2005 (frexe).zip.........exe
water in mars exclusion.zip.........exe
Win32System_Tweaks_v1.0.zip.........exe
Wmplayer_Celebrity_Skins.zip.........exe
wwf_TRIBLE H.zip.........exe
XXX video.zip.........exe
yahoo2005 frexe & new.zip.........exe
yaser arafat death secrets.zip.........exe
[SWF] - Harry Potter and the philosophers ston.zip.........exe
[SWF] - Swordfish.........exe
[SWF] - The Fast and the Furious.zip.........exe

- Ghi giá trị reg :

HKEY_CURRENT_USER\Software\Kazaa\Transfer

"StartKazaa -SilentRun" = "C:\Program Files\Kazaa\My Shared Folder\Shared"

- Copy bản sao vào các folders có từ "shar" trong tên với các tên files :

Britny spears and Madona sex viedio in 24 minnly.zip.................exe
Iraq war.zip.................exe
last messengers versions.zip.................exe
learn photo shop in 3 days only.zip................exe
new cupied photos.zip.................exe
new girls emails with there phone numbers.zip................exe
strong fire wall allover the world with thelas update of norton.zip.................exe
USA discvered water in mars yesterday.doc.zip................exe

- Copy bản sao vào các folders ẩn :

C$\windows\system32\pass word of all users stored here.zip................................exe
C$\documment and settings\all users\documents\secret documents with secret photos packed.zip......................exe
C$\my favourite sex movies.zip.........................................................exe
C$\shared\secret credits.zip..........................................................exe
C$\winnt\systemm32\best programs in 2004 with its crack.zip.............................exe
D$\dengerous secret movies.zip.........................................................exe
admin$\system32\best intersting films in our network.zip...................................exe
ipc$\sexy photoes from my chat.zip...............................exe
admin$\system32\best intersting films in our network.zip...................................exe

- Tạo network share "magic_cam" (C:\magic_cam.)

- Gửi các ký tự đến người sử dụng :

Message from [name of infected computer] to [workgroup] on [time]:
hi welcome in our network you can see the new film of Brityny spears from the computer which shown it is very interesting film or see it also from shared folder <<habby interesting time in our net cafe bi>>

- Hiện MsgBox :

Title: www.hotmail.com
Body:
hi: your machine need for more new updates contact us <azurgi@hotmail.com>, and you can catch new email in www.hotmail.com with huge
advantages see next and attend

- Hiện msgBox :

Title: www.hotmmail.com
Body:
Microsoft with hotmail give you new email
FREE
You can catch new email with 2 GIGA bytes and special anitivrus service alsi you can receive free and new programs in it ...not only but you an know who block delete you from his list
Write your email
Write password
NOT AGREE AGREE

- Tạo file D:\new computer worm alert\virus alert.txt :

your computer have been infected by:-
Egywormo[gen2]=w32.salga.b@mm
this is modefication version of salga.a worm
profile
aim of this just modification of salga.a
creation by XP10 VIRUS MASTER MR(PARPAROSA)+ MYDOOM WORM DESIGNER MR(HUSS)
thanx 4 DAWOUD,A7MEEDYE,WHITE FANG,SISQOO^^007 AND DR.BLACK PERSON AND MORE THX 4 MOB
contact us in <azurgi@hotmail.com>

- Sử dụng Microsoft Outlook để gửi email.Các emails thường như sau :

To: azurgi@hotmail.com
Subject: mr smilie

ARPAROSA new victem
Message Body:
Hi smilie

ARPA i'm your server Egywormo[gen2](salga.b_worm) this is new victem who has own outlook machine i caputred his contacts and go there to
infect them.... ok i'll go now and see you soon when i infect more ......bibi PARPAROSA

To: azurgi@hotmail.com
Subject: www.hotmail.com
Message Body:
You must write your email in yahoo or hotmail and write your password acuratly to convert your email with previous advantages

To: Azurgi@hotmail.com
Subject:Salga give her sir email of victem
Message Body:
Password of victem email

- Sử dụng Microsoft Outlook để gửi email send các thông tin mà nó tìm thấy trong Outlook Address Book với nội dung thường thấy :

Subject: Yaser Arafat secrets
Message Body:
all secrets about Yaser Arafat in attachment

Subject: Happy new year
Message Body:
this is my great gift 4 u,in 2005 see it in attachment

Subject: All Abu gharib jail secrets in iraq
Message Body:
this all secrets about Abu gharib secrets movies & photos see it in attachment

Subject: best 10 sex movies
Message Body:
in attachment u can see the best 10 movies in 2004

Subject: Best 3 games in 2004
Message Body:
wat?? is the best 3 games in 2004 in attachment file you 'll find its with its crack and secret serial no (new&free)

Subject: PARPAROSA party (free)
Message Body:
hi,happy new year... in attachment u can see movies of the best party in 2004 all over the world

Subject: SHABAB NET presents
Message Body:
hi... welcome 4 u in shabab net world due to new year we present new magic cam which enables u to see all cam in all chat types whith out any
request!!(Dawoud MAGIC CAM)!!its free with its crack in attachment

Attachment:
Britny spears marriage with Bnladen son.zip.exe

Cách diệt :

- Tắt System Restore (Windows Me/XP)
- Xóa các giá trị ghi trong reg :

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

"system xp" = "%Windir%\acdsee demo.exe"
"windows" = "%Windir%\system\system copy.exe"

HKEY_CURRENT_USER\Software\Kazaa\Transfer

"StartKazaa -SilentRun" = "%ProgramFiles%\Kazaa\My Shared Folder\Shared"

( và các giá trị khác - xem trên phần hoạt động )

- Xóa các thư mục :

%Windir%\All Users\Desktop\magic
C:\magic_cam
C:\hard core hook from web
D:\hook all sex movies from webs
D:\secrets
E:\real sex telephones

- Xóa các files :

Windir%\system\system copy.exe
"%Windir%\acdsee demo.exe

Tìm và xoá tất cả các files do nó tạo ra trên máy.

[Question] Giúp tôi với. Tên của nó là copy.exe	02/03/2007 06:54:59 (+0700) \| #3 \| 43996

dragon9999
Member

Joined: 03/09/2006 00:28:01
Messages: 40
Offline

Con vius này hình như BKAV Home diệt rất hiệu quả đó!

Go to:

Users currently in here
1 Anonymous