Voronezh 1600, FraudLoad Virüsü

cenkut 252
sponsorlu reklam

Voronezh 1600, FakeAV, FraudLoad.ecz, Downloader-BOI, FRAUDLO.QC, FakeRean, Fraudload.106499 virüsü internet explorer yardımcı bir toolbar olarak eklenir.  BITS servisini kullanarak ağınızdaki firewall atlatabilir. Birçok sistem özelliğini pasif ederek ayarları değiştirmenizi önler. Kayıt Defterine DLL ekleyerek çalışmaya devam eder.

İnternet üzerinden bilgisayarınıza kendini download ettirerek Ağınızdaki diğer bilgisayarlara da bulaşmaya çalışır.

Bulaştığı Dosyalar ; (SİLİNİZ)
%CommonAppData%\Microsoft\Network\Downloader\qmgr0.dat

%CommonAppData%\Microsoft\Network\Downloader\qmgr1.dat
%AppData%\BIT3.tmp
%Windir%\ieocx.dll

%CommonAppData%\Microsoft\Network\Downloader\qmgr0.dat%CommonAppData%\Microsoft\Network\Downloader\qmgr1.dat%AppData%\BIT3.tmp%Windir%\ieocx.dll

Görev Yöneticisindeki Çalışan Dosyaları ; (DURDURUNUZ)

ieocx.dll “IEXPLORE.EXE

BITS “Background Intelligent Transfer Service

wscsvc ” Microsoft Security Center”

Kayıt Defterine Eklediği Kayıtlar ; (SİLİNİZ)

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06ec6572-7280-485a-a712-c380526bc048}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06ec6572-7280-485a-a712-c380526bc048}\InprocServer32

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06ec6572-7280-485a-a712-c380526bc048}\ProgID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06ec6572-7280-485a-a712-c380526bc048}\Programmable

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06ec6572-7280-485a-a712-c380526bc048}\TypeLib

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06ec6572-7280-485a-a712-c380526bc048}\VersionIndependentProgID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}\ProxyStubClsid

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}\ProxyStubClsid32

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}\TypeLib

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid32

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B360243E-09E8-402F-8721-00B6798089AD}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B360243E-09E8-402F-8721-00B6798089AD}\1.0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B360243E-09E8-402F-8721-00B6798089AD}\1.0\0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B360243E-09E8-402F-8721-00B6798089AD}\1.0\0\win32

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B360243E-09E8-402F-8721-00B6798089AD}\1.0\FLAGS

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B360243E-09E8-402F-8721-00B6798089AD}\1.0\HELPDIR

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEocxApp.IEocx

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEocxApp.IEocx\CLSID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEocxApp.IEocx\CurVer

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEocxApp.IEocx.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEocxApp.IEocx.1\CLSID

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06ec6572-7280-485a-a712-c380526bc048}

HKEY_CURRENT_USER\Software\WinPC Defender

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06ec6572-7280-485a-a712-c380526bc048}\VersionIndependentProgID]

(Default) = “IEocxApp.IEocx”

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06ec6572-7280-485a-a712-c380526bc048}\TypeLib]

(Default) = “{b360243e-09e8-402f-8721-00b6798089ad}”

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06ec6572-7280-485a-a712-c380526bc048}\ProgID]

(Default) = “IEocxApp.IEocx.1”

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06ec6572-7280-485a-a712-c380526bc048}\InprocServer32]

(Default) = “%Windir%\ieocx.dll”

ThreadingModel = “Apartment”

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06ec6572-7280-485a-a712-c380526bc048}]

(Default) = “IEocx Class”

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}\TypeLib]

(Default) = “{B360243E-09E8-402F-8721-00B6798089AD}”

Version = “1.0”

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}\ProxyStubClsid32]

(Default) = “{00020420-0000-0000-C000-000000000046}”

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}\ProxyStubClsid]

(Default) = “{00020420-0000-0000-C000-000000000046}”

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}]

(Default) = “_IBhoAppEvents”

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib]

(Default) = “{B360243E-09E8-402F-8721-00B6798089AD}”

Version = “1.0”

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid32]

(Default) = “{00020424-0000-0000-C000-000000000046}”

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid]

(Default) = “{00020424-0000-0000-C000-000000000046}”

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}]

(Default) = “IBhoApp”

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B360243E-09E8-402F-8721-00B6798089AD}\1.0\0\win32]

(Default) = “%Windir%\ieocx.dll”

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B360243E-09E8-402F-8721-00B6798089AD}\1.0\HELPDIR]

(Default) = “%Windir%\”

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B360243E-09E8-402F-8721-00B6798089AD}\1.0\FLAGS]

(Default) = “0”

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B360243E-09E8-402F-8721-00B6798089AD}\1.0]

(Default) = “DHCP 1.0 Type Library”

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEocxApp.IEocx\CurVer]

(Default) = “IEocxApp.IEocx.1”

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEocxApp.IEocx\CLSID]

(Default) = “{06ec6572-7280-485a-a712-c380526bc048}”

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEocxApp.IEocx]

(Default) = “IEocx Class”

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEocxApp.IEocx.1\CLSID]

(Default) = “{06ec6572-7280-485a-a712-c380526bc048}”

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEocxApp.IEocx.1]

(Default) = “IEocx Class”

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

AntiVirusDisableNotify = “1”

FirewallDisableNotify = “1”

UpdatesDisableNotify = “1”

to disable notification of firewall, antivirus and/or update status through the Windows Security Center

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06ec6572-7280-485a-a712-c380526bc048}]

NoExplorer = 0x00000001

[HKEY_CURRENT_USER\Control Panel\dont load]

scui.cpl = “No”

wscui.cpl = “No”

[HKEY_CURRENT_USER\Software\WinPC Defender]

Minimize = “0”

Start = “1”

Scan = “1”

id = “719”

UpdateDate = “31-03-2014”

fstart = “1”

site = “http://billingpayment.net/pp/?id=

Sosyal Ağlarda Paylaş

BENZER KONULARIM

{cenkut}

Bir Cevap Yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir