W32.Myparty@mm

W32.Myparty@mm

W32.Myparty@mm нь том хэмжээний имэйл хэлбэрээр илгээгддэг worm юм.


Имэйлийн Subject: new photos from my party!

Vндсэн текст: Hello!
My party… It was absolutely amazing!
I have attached my web page with new photos!
If you can please make color prints of my photos. Thanks!
Хавсралт: www.myparty.yahoo.com

Уг worm нь таны Windows-ын address book болон Outlook Express-ын Inbox , бусад
фолдерууд дахь хаягууд руу захиа илгээдэг. NT/2000/XP vйлдлийн системийн хувьд
энэ worm нь хаккеруудад системийг хянах боломж олгодог backdoor Trojan-ыг халдаадаг.
Ингэсэн тохиолдолд NAV программ уг worm-ыг Backdoor.Myparty байна гэж илрvvлдэг
байна. Мєн wоrm-ыг агуулах файлын нэр Access.***/ ямарч хамаагvй єргєтгєлтэй
/ байвал http:/ /www.disney.com хаяг руу хандах таны Web browser-т халддаг.

Тєрєл: Worm болон Trojan
Horse

Илэрсэн он сар єдєр: 2002.1.28
Ижил тєрлийн worm-ууд: W32/Myparty@MM, WORM_MYPARTY.A, W32/MyParty-A
Хэмжээ: 29.696 байт
Хор хохирол учруулах зэрэг: 3

Идэвхжиж эхлээд worm дараах vйлдлvvдйиг хийнэ.

1. Системийн он сар єдрийг шалгана. Єєрєєр хэлбэл компьютерт байгаа он сар
єдєр 1.25-1.29 ны хооронд, гарын драйвер орос скрипт дээр байвал worm єєрийгєє
C:\Recycled-F фолдерт санамсаргvй сонгогдсон нэртэйгээр хуулна.
2. Уг worm -ыг агуулах файлын нэр, єргєтгєлєєс хамааран єєр єєр vйлдлvvдийг
хийдэг. Файлын нэр Access.***/ ямарч хамаагvй єргєтгєлтэй / байвал http:/ /www.disney.com
хаяг руу хандах таны Web browser-т халддаг. Харин файлын нэр .com єргєтгєлтэй
байвал уг worm єєрийгєє доорх фолдеруудад хуулдаг.

– C:\Regctrl.exe (Windows NT/2000/XP)
– C:\Recycled\Regctrl.exe (Windows 95/98/Me). Ингэснээр уг worm Regctrl.exe
файлыг идэвхжvvлдэг байна.

Хэрэв файл .exe єргєтгєлтэй байвал дараах vйлдлvvдийг хийнэ.
1. Worm нь Windows-ын address book болон Microsoft Outlook, Outlook Express-ын
Inbox дахь .dbx єргєтгєлтэй файлуудыг хайдаг.
2. Олдсон хаягууд руу захиа илгээхдээ, тухайн имэйлийн программын SMTP серверын
тохиргоонд єєрчлєлт оруулдаг.
3. Windows NT/2000/XP vйлдлийн системтэй компьютеруудын хувьд backdoor Trojan-
ыг %Windows%\StartMenu\Programs\Startup\msstask.exe нэртэйгээр vvсгэж , Windows
эхлэх тоолонд энэ Trojan идэвхжиж эхэлдэг. Энэ trojan нь 209.151.250.170 гэсэн
IP хаягтай Web хуудас руу хандаж уг worm-ыг зохиогчыг тухайн компьютер руу хандах
боломжтой болгодог.
4. Хамгийн сvvлд уг worm нь napster@gala.net гэсэн хаяг руу worm -ын тархалтын
байдал ямар байгаа талаар имэйл илгээдэг.

Хэрхэн арилгах вэ?
1. Хамгийн сvvлийн vеийн update хийгдсэн вирусын эсрэг программтай эсэхээ шалгах.
1. www.viruscenter.mn web site-aac NAV-ын хамгийн сvvлийн vеийн update-ыг татаж
авах.
2. Їvний дараа Norton Antivirus -аар системийг бvхэлд нь scan хийж шалгах шаардлагатай.
3. NAV-ын илрvvлсэн W32.Myparty@mm , Backdoor.Myparty.- аар халдварлагдсан бvх
файлуудыг устгах хэрэгтэй.

 

{mos_fb_discuss:2} 

Date: September 26th, 2007 | Categories: Вирус | By: | Comments: 4,116

4,116 Responses to W32.Myparty@mm

    Spot on with this write-up, I absolutely think this web site needs a great deal more attention. Iíll probably be back again to read through more, thanks for the info!

    Wonderful, what a blog it is! This website provides valuable data to us,
    keep it up. http://hydroxychloroquined.online/

    I could not refrain from commenting. Exceptionally well written!

    Thanks for ones marvelous posting! I actually enjoyed reading it,
    you could be a great author. I will be sure to bookmark your
    blog and will eventually come back later in life. I want to encourage you to definitely continue your
    great posts, have a nice day! http://herreramedical.org/ivermectin

    Hey would you mind letting me know which web host you’re working with? I’ve loaded your blog in 3 different internet browsers and I must say this blog loads a lot quicker then most. Can you suggest a good hosting provider at a fair price? Thanks, I appreciate it!|

    Very good information. Lucky me I found your site by accident (stumbleupon). I have book-marked it for later!

    Hello there! This blog post couldnít be written much better! Going through this post reminds me of my previous roommate! He always kept talking about this. I’ll forward this post to him. Pretty sure he will have a good read. Thanks for sharing!

    Howdy! This article could not be written much better! Reading through this article reminds me of my previous roommate! He continually kept talking about this. I am going to forward this post to him. Pretty sure he’ll have a very good read. Thanks for sharing!

    Hello, i think that i saw you visited my site so i came to “return the favor”.I am trying to find things to enhance my website!I suppose its ok to use some of your ideas!!|

    Hey would you mind letting me know which webhost you’re utilizing? I’ve loaded your blog in 3 different internet browsers and I must say this blog loads a lot faster then most. Can you recommend a good web hosting provider at a fair price? Thanks, I appreciate it!|

    Good post. I learn something new and challenging on blogs I stumbleupon everyday. It’s always interesting to read content from other authors and practice something from other sites. |

    I know this web page offers quality depending posts and other data, is there any other website which offers these kinds of data in quality?|

    Greetings! I know this is kinda off topic however , I’d figured I’d ask. Would you be interested in exchanging links or maybe guest authoring a blog post or vice-versa? My blog goes over a lot of the same topics as yours and I feel we could greatly benefit from each other. If you’re interested feel free to shoot me an e-mail. I look forward to hearing from you! Great blog by the way!|

    I have been exploring for a bit for any high-quality articles or blog posts in this sort of area . Exploring in Yahoo I eventually stumbled upon this website. Studying this info So i am satisfied to show that I’ve an incredibly good uncanny feeling I came upon exactly what I needed. I most surely will make certain to don?t omit this website and give it a look on a continuing basis.|

    I must thank you for the efforts you have put in writing this website. I really hope to check out the same high-grade blog posts by you later on as well. In truth, your creative writing abilities has encouraged me to get my own, personal site now 😉

Leave a Reply

Message:*

Name:

Email:

Website: