W32.Hedong.A@mm нь єєрийн SMTP тохиргоог ашиглан имэйлээр тархдаг worm юм. Уг
worm нь системийн цагаас хамаарч Hello.exe эсвэл Hello.vbs гэсэн нэртэй уг worm-ыг
агуулах хавсралт файл бvхий захиаг илгээдэг. Мєн єєрийгєє %System%\Exporler.exe
гэсэн нэртэйгээр хуулдаг байна.

Ижил тєрлийн worm-ууд: WORM_DONGHE.A, W32/Hedong@MM

Тєрєл: worm
Илэрсэн он сар єдєр: 2002.5.16
Хор хохирол учруулах зэрэг: 2
Хэмжээ: 49152 эсвэл 2301 байт
Хор хохирол:
– Уг worm-ыг агуулах VBS файл нь ".exe", ".dll", ".dat",
".doc", ".mp3" єргєтгєлтэй бvх файлуудыг устгадаг бєгєєд ,
санамсаргvй сонгогдсон имэйл хаягууд руу захиа илгээдэг байна.
– Hello.vbs файл нь ".exe", ".dll", ".dat", ".doc",
".mp3" єргєтгєлтэй файлуудыг устгадаг.
Захианы subject: Янз бvр байна.
Хавсралт файлын нэр: hello.exe or hello.vbs

W32.Hedong.A@mm нь идэвхжиж эхлээд дараах vйлдлvvдийг хийнэ.
– Єєрийн SMTP тохиргоог ашиглан имэйлээр тархана.
– Доорх серверvvдтэй холбогдохыг оролдоно.
· smtp.citiz.net
· smtp.china.com
· smtp.sina.com
· smtp.263.net
· smtp.sohu.com
· smtp.163.net
· smtp.163.com
– Системын цаг 3-т хуваагдахаар байвал Hello.exe, 3-т хуваагдахааргvй байвал Hello.vbs
гэсэн нэртэй хавсралт файлуудыг имэйлээр илгээнэ.
– Єєрийгєє \%System%\Exporler.exe гэсэн нэртэйгээр хуулна.
shell\open\command регистрт %System%\Exporler.exe %1 %* гэсэн утга нэмж єгнє.

– Hello.vbs файл идэвхижсэн бол дараах нэмэлт функцуудыг гvйцэтгэнэ.
Єєрийгєє \%System%\MSKernel.vbs болон %Windows%\Win32Dll.vbs гэсэн
нэртэйгээр хуулж,
регистрт MSKernel32 %System%\MSKernel32.vbs Win32Dll
%Windows%\Win32Dll.vbs утгуудыг нэмж єгнє.
– Internet Explorer-ын home page-ыг http:/ /www.hziee.edu.cn болгон єєрчилнє.

– Хамгийн сvvлд Hello.vbs файл нь сvлжээний бvх драйверуудад байгаа .exe, .dll,
.dat, .doc, .mp3 єргєтгєлтэй файлуудыг устгана.

Хэрхэн арилгах вэ?
Уг worm-ыг арилгахын тулд эхлээд HKEY_LOCAL_MACHINE\Software\
CLASSES\exefile\shell\open\command регистрыг restore хийж, регистрт орсон єєрчлєлтvvдийг
арилган, халдварласан файлуудыг устгаж, Internet Explorer -ын home page-ыг дахин
Халдварласан файлуудыг устгахдаа :
1. Хамгийн сvvлийн vеийн update хийгдсэн вирусын эсрэг программтай эсэхээ шалгах
2. Norton Antivirus-аар системийг бvхэлд нь scan хийж шалгах шаардлагатай.
3. W32.Hedong.A@mm – аар халдварлагдсан бvх файлыг устгах хэрэгтэй.

Regestry-г хэрхэн засварлах вэ?
1. Start цэсний Run ийг эхлvvлнэ.
2. Regedit гэж бичихэд Regestry-г засварлах цонх гарч ирнэ.
3. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices рvv
орж баруун талын цонхонд байгаа
Win32Dll %Windows%\Win32Dll.vbs утгыг устгана.
4. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run регистрт байгаа
MSKernel32 %System%\MSKernel32.vbs утгыг устгана.
5. Regestry -г дарж Exit гээд дуусгана.

Internet Explorer-ын home page-ыг хэрхэн дахин суулгах вэ?
1. Microsoft Internet Explorer-ыг ажиллуулна.
2. Интернэт руу холболт хийж єєрийн хvссэн вэб хуудсаа Internet, home page-ээр
3. Tools цэсний Internet Options руу орж
Home page хэсгийн General tab-аас Use Current-ыг сонгон OK-ыг дарна.



Date: September 26th, 2007 | Categories: Вирус | By: | Comments: 3,183

3,183 Responses to W32.Hedong.A@mm

    I think other web-site proprietors should take this site as an model, very clean and great user friendly style and design, let alone the content. You’re an expert in this topic!

    I’m still learning from you, as I’m trying to reach my goals. I absolutely enjoy reading everything that is posted on your site.Keep the tips coming. I loved it!

    Well I definitely liked reading it. This tip provided by you is very practical for accurate planning.

    I’m just commenting to make you know what a wonderful discovery my friend’s child gained going through your blog. She came to understand numerous pieces, which include what it’s like to have a marvelous helping spirit to let many more easily completely grasp specified advanced issues. You actually did more than people’s expectations. Thank you for providing these effective, safe, explanatory and also fun tips on this topic to Jane.

    This website was… how do you say it? Relevant!! Finally I’ve found something which helped me. Thanks!

    My developer is trying to convince me to move to .net from PHP. I have always disliked the idea because of the costs. But he’s tryiong none the less. I’ve been using Movable-type on a number of websites for about a year and am anxious about switching to another platform. I have heard great things about blogengine.net. Is there a way I can import all my wordpress content into it? Any kind of help would be greatly appreciated!

    Thanks , I’ve recently been looking for info approximately this topic for ages and yours is the greatest I’ve discovered so far. However, what concerning the bottom line? Are you positive in regards to the source?

    Well I truly liked reading it. This tip procured by you is very constructive for good planning.

    Do you have a spam problem on this site; I also am a blogger, and I was wanting to know your situation; many of us have created some nice practices and we are looking to exchange strategies with others, why not shoot me an e-mail if interested.

    Amazing! This blog looks exactly like my old one! It’s on a completely different subject but it has pretty much the same layout and design. Wonderful choice of colors!

    I have to thank you for the efforts you’ve put in writing this website. I am hoping to see the same high-grade blog posts by you later on as well. In fact, your creative writing abilities has motivated me to get my own, personal blog now 😉

    Thanks for discussing your ideas in this article. The other thing is that each time a problem occurs with a personal computer motherboard, individuals should not consider the risk involving repairing that themselves for if it is not done correctly it can lead to permanent damage to the whole laptop. It is usually safe to approach any dealer of the laptop with the repair of motherboard. They have got technicians who definitely have an know-how in dealing with notebook motherboard difficulties and can make the right diagnosis and carry out repairs.

    Way cool! Some extremely valid points! I appreciate you writing this post and the rest of the website is really good.

    I really like your blog.. very nice colors & theme. Did you make this website yourself or did you hire someone to do it for you? Plz answer back as I’m looking to create my own blog and would like to find out where u got this from. thanks|

    Wonderful article! We will be linking to this particularly great article on our site. Keep up the great writing.

    Good info. Lucky me I came across your blog by chance (stumbleupon). I have book-marked it for later!

    A motivating discussion is worth comment. I believe that you should publish more on this topic, it may not be a taboo matter but typically folks don’t talk about such subjects. To the next! Cheers!!

    bookmarked!!, I love your web site!

    I seriously love your blog.. Pleasant colors & theme. Did you build this site yourself? Please reply back as Iím hoping to create my own personal website and want to know where you got this from or what the theme is called. Thanks!

    Great items from you, man. I have bear in mind your stuff prior to and you are just extremely great. I actually like what you have obtained right here, certainly like what you are saying and the best way through which you say it. You make it entertaining and you continue to take care of to stay it sensible. I can’t wait to read far more from you. This is actually a great site.|

    Hi there very nice site!! Man .. Beautiful .. Wonderful .. I’ll bookmark your website and take the feeds also? I am satisfied to seek out a lot of useful info here within the submit, we want develop more strategies in this regard, thanks for sharing. . . . . .|

    I love looking through an article that can make people think. Also, thanks for allowing me to comment!|

    I was recommended this blog by my cousin. I’m not sure whether this post is written by him as nobody else know such detailed about my problem. You are amazing! Thanks!|

    Thanks for sharing such a pleasant thought, paragraph is fastidious, thats why i have read it entirely

    Feel free to surf to my site – 신용카드현금화

    If you desire to take a great deal from this paragraph then you have to apply such techniques to your won webpage.|

    Nice post. I learn something totally new and challenging on blogs I stumbleupon every day. It will always be useful to read through articles from other authors and use something from other web sites.

    Thanks for the auspicious writeup. It if truth be told was once a enjoyment account it. Look complex to far delivered agreeable from you! However, how could we communicate?|

    Hi there everyone, it’s my first pay a visit at this site, and post is actually fruitful designed for me, keep up posting these articles.|

Leave a Reply