Worm Netsky-D virüsü nasıl temizlenir ?

Genel cenkut 351
sponsorlu reklam

Worm NetSky-D Network Virüsünü Temizlemek

Bulaştığı sistemlerde network iletişimini kesen NetSky-D temizlemek için birkaç adım…

  • [Paylaşıma Açık Dosyalar]\msinfo32.exe
  • %ProgramFiles%\NetMeeting\conf.exe
  • %ProgramFiles%\Outlook Express\msimn.exe
  • %ProgramFiles%\Windows NT\dialer.exe
  • %Windir%\pchealth\helpctr\binaries\HelpCtr.exe
  • %Windir%\pchealth\helpctr\binaries\msconfig.exe
  • %System%\usmt\migwiz.exe

Netsky-D Çalışan Servisler ve Hizmetler

mep1C.tmp.exe %Temp%\mep1c.tmp.exe 90.112 bytes
mep1D.tmp.exe %Temp%\mep1d.tmp.exe 90.112 bytes
[Örnek Virüslü dosya] [Örnek Virüslü dosya] 90.112 bytes
mep1.tmp.exe %Temp%\mep1.tmp.exe 90.112 bytes
[generic host process] [generic host process filename] 45.056 bytes
mep19.tmp.exe %Temp%\mep19.tmp.exe 90.112 bytes

 Netsky-D Sistem içinde oluşan dosyalar ve uygulamalar

  • fsdhqherwqi2001
  • .NET CLR Data_Perf_Library_Lock_PID_4ec
  • .NET CLR Networking_Perf_Library_Lock_PID_4ec
  • .NET Data Provider for Oracle_Perf_Library_Lock_PID_4ec
  • .NET CLR Data_Perf_Library_Lock_PID_c8
  • .NET CLR Networking_Perf_Library_Lock_PID_c8
  • .NET Data Provider for Oracle_Perf_Library_Lock_PID_c8
  • .NET Data Provider for SqlServer_Perf_Library_Lock_PID_c8
  • .NETFramework_Perf_Library_Lock_PID_c8
  • ASP.NET_Perf_Library_Lock_PID_c8
  • ASP.NET_2.0.50727_Perf_Library_Lock_PID_c8
  • aspnet_state_Perf_Library_Lock_PID_c8
  • ContentFilter_Perf_Library_Lock_PID_c8
  • ContentIndex_Perf_Library_Lock_PID_c8
  • ISAPISearch_Perf_Library_Lock_PID_c8
  • PerfDisk_Perf_Library_Lock_PID_c8
  • PerfNet_Perf_Library_Lock_PID_c8
  • PerfOS_Perf_Library_Lock_PID_c8
  • PerfProc_Perf_Library_Lock_PID_c8
  • PSched_Perf_Library_Lock_PID_c8
  • RemoteAccess_Perf_Library_Lock_PID_c8
  • RSVP_Perf_Library_Lock_PID_c8
  • Spooler_Perf_Library_Lock_PID_c8
  • TapiSrv_Perf_Library_Lock_PID_c8
  • Tcpip_Perf_Library_Lock_PID_c8
  • TermService_Perf_Library_Lock_PID_c8
  • WmiApRpl_Perf_Library_Lock_PID_c8
  • .NET CLR Data_Perf_Library_Lock_PID_ef4
  • .NET CLR Networking_Perf_Library_Lock_PID_ef4
  • .NET Data Provider for Oracle_Perf_Library_Lock_PID_ef4
  • .NET Data Provider for SqlServer_Perf_Library_Lock_PID_ef4
  • .NETFramework_Perf_Library_Lock_PID_ef4
  • ASP.NET_Perf_Library_Lock_PID_ef4
  • ASP.NET_2.0.50727_Perf_Library_Lock_PID_ef4
  • aspnet_state_Perf_Library_Lock_PID_ef4
  • ContentFilter_Perf_Library_Lock_PID_ef4
  • ContentIndex_Perf_Library_Lock_PID_ef4
  • ISAPISearch_Perf_Library_Lock_PID_ef4
  • PerfDisk_Perf_Library_Lock_PID_ef4
  • PerfNet_Perf_Library_Lock_PID_ef4
  • PerfOS_Perf_Library_Lock_PID_ef4
  • PerfProc_Perf_Library_Lock_PID_ef4
  • PSched_Perf_Library_Lock_PID_ef4
  • RemoteAccess_Perf_Library_Lock_PID_ef4
  • RSVP_Perf_Library_Lock_PID_ef4
  • Spooler_Perf_Library_Lock_PID_ef4
  • TapiSrv_Perf_Library_Lock_PID_ef4
  • Tcpip_Perf_Library_Lock_PID_ef4
  • TermService_Perf_Library_Lock_PID_ef4
  • WmiApRpl_Perf_Library_Lock_PID_ef4

Kullandığı Port Numaları ve IP adresleri

127.0.207.95 80
127.0.7.46 80
127.0.146.233 80
127.0.30.165 80
127.0.169.98 80
127.0.53.30 80
127.0.192.217 80
127.0.76.149 80
127.0.215.82 80
127.0.99.14 80

 

 

Sosyal Ağlarda Paylaş

{cenkut}

Bir Cevap Yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir