W32.Toal.A@mm

W32.Toal.A@mm

W32.Toal.A@mm нь mass-mailing буюу олон хvнд нэг захиаг зэрэг тараадаг
worm юм. Worm нь имэйлээр Binladen_brasil.exe нэртэй хавсаргасан файлтай
хамт ирдэг.


Subject буюу захианы гол утга нь Афганистанд болж буй тухайн
vеийн vйл явдлын тухай байх бєгєєд аль нэг улсын хэл дээр байдаг. Ихэвчлэн
вирустсэн компьютерийн vйлдлийн систем аль хэл дээр байна тэр хэл дээр
нь илгээгддэг. Харин захианы хэсэг нь хоосон байдаг. Microsoft Outlook
болон Outlook Express программаар имэйлээ шалгахаар нээх эсвэл ирсэн захиаг
унших команд єгєхєд энэ вирус идэвхиждэг. Энэ вирус нь мєн W32/AntiWar
нэрээр илэрдэг.

Worm нь Invictus.dll файлыг vvсгэдэг бєгєєд энэ нь системийн болон сvлжээн
дэхь компьютерvvдэд байгаа executable буюу ажлын файлд халддаг. Мєн C:\
дискийг дотоод сvлжээнд share хийж бусдад нээлттэй болгодог. Энэ файлыг
ашиглан вирус тархдаг бєгєєд Norton Antivirus программ W32.Invictus.dll
нэрээр илрvvлдэг.

Тєрєл: Worm, virus
Илэрсэн он сар єдєр: 2001 оны 10-р сарын 23
Хэмжээ: янз бvр байдаг
Хавсаргасан файлын нэр: Binladen_brasil.exe
Subject: ямар ч байж болдог

Вирус идэвхижсэний дараа ємнє нь яг энэ вирус идэвхижин ажиллаж буй
эсэхийг шалгадаг. Хэрвээ ажиллаж байвал сvvлд идэвхижсэн нь ажиллахаа
больдог. Хамгийн тvрvvнд идэвхижсэн нь дараах файлуудыг vvсгэдэг:
– %System%\ директорт Invictus.dll файлыг vvсгэдэг. %System% нь
C:\Windows\System эсвэл C:\Winnt\System32 байж болно.
– %Windows%\<ямар нэгэн 3 тэмдэгт>.exe файлыг нууцлалтайгаар хуулдаг.
%Windows%
нь C:\Windows эсвэл C:\Winnt байж болно.

Мєн System.ini файлд дараах єєрчлєлтийг хийнэ:
shell=Explorer.exe
гэснийг shell=Explorer.exe [ямар нэгэн 3 тэмдэгт].exe болгодог.

Компьютерийг унтраагаад асаасны дараа вирус идэвхиждэг. Вирус нь Windows
системийн hh.exe файлд халддаг. Мєн дотоод сvлжээгээр дамжин бусад компьютерт
мєн 3 тэмдэгт бvхий нэртэй .exe єргєтгєлтэй файлыг Windows директорт
нь, Invictus.dll файлыг System директорт нь хуулдаг. Сvлжээний компьютер
дээр уг вирус идэвхижин ажиллаж, System.ini файлд єєрчлєлт оруулдаг.

Вирус нь ICQ программийн White Pages -г ашиглан имэйл хаягуудыг цуглуулдаг.
Ихэнх имэйл серверvvд stmp юмуу mail гэж эхэлдгийг овжиноор
ашиглан тухайн цуглуулсан имэйл хаягууд руугаа захиаг илгээхдээ энэ нэрийг
ашигладаг. Жишээ нь joeuser@domain.tld гэсэн имэйл хаяг байвал smtp.domain.tld
эсвэл mail.domain.tld гэсэн имэйл серверийн нэрийг ашигладаг. Илгээж буй
захиандаа вирустсэн Hh.exe файл эсвэл Binladen_brasil.exe файлыг хавсаргадаг.

Уг вирус нь сvлжээний хадгалсан нууц vгнvvдийг Windows 95 систем дээр
файлд хадгалдаг. Бусад Windows системийн хувилбарууд дээр энэ vйлдлийг
хийж чаддаггvй. Registry файлд дараах єєрчлєлтийг оруулснаар C:\ дискийг
дотоод сvлжээнд share хийж, нээлттэй болгодог.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Network\LanMan
Санах ой дахь вирусын эсрэг программийг тvр хугацаанд ажиллуулахгvй болгодог.
Вирус идэвхижсэнээс хойшхи аль зэрэг хугацаа єнгєрснєєс шалтгаалан Афганистанд
одоо болж буй vйл явдлыг харуулсан зураг бvхий фон болон текстийн єнгийг
vргэлж єєрчилдєг. Ийнхvv идэвхижсэний дараа 5 минутын турш тvр азнаад
эргээд идэвхиждэг.
Norton AntiVirus программ уг вирусыг W32.Invictus.dll нэрээр илрvvлдэг.

Хэрхэн устгах вэ?

1. Norton Antivirus программийн LiveUpdate -г ажиллуулж хамгийн сvvлийн
vеийн вирусын эсрэг программийг авсан эсэхийг шалгах хэрэгтэй.
2. Start товчыг дарж Run командыг сонгоод дараах командыг бичиж OK товч
даран System.ini файлд єєрчлєлт хийнэ.
а. edit c:\windows\system.ini
b. shell= гэсэн бичилтийг хайж олно.
c. тэнцvvгийн тэмдгийн ард курсорыг байрлуулаад Shift болон End
товчлууруудыг зэрэг дарна.
d. Delete товчыг дар.
e. Ингээд explorer.exe гэж бичнэ.

shell=explorer.exe гэж харагдах ёстой.

f. File цэснээс Exit командыг сонгоод Yes товчыг дарж єєрчлєлтийг сануулаад
гарна.
3. Хэрвээ таны компьютер дотоод сvлжээнд холбогдсон бол нээлттэй байгаа
C:\ дискийн share-г авах хэрэгтэй.
4. Компьютерээ унтраагаад асаана. Компьютер асахдаа вирустсэн файлуудыг
олох бєгєєд эдгээр файлуудыг Repair хийх хэрэгтэй. Quarantine хийчихвэл
дараа нь Repair командаар засч болдоггvй.
5. Norton AntiVirus (NAV) программийг эхлvvлэн бvх файлыг шалгахаар тохируулагдсан
эсэхийг шалгах.
6. Scan virus командаар вирусийг шалгах.

 

{mos_fb_discuss:2} 

Date: September 27th, 2007 | Categories: Вирус | By: | Comments: 2,119

2,119 Responses to W32.Toal.A@mm

    Hi! I just wanted to ask if you ever have any problems with hackers? My last blog (wordpress) was hacked and I ended up losing months of hard work due to no back up. Do you have any methods to protect against hackers?

    This website was… how do you say it? Relevant!! Finally I have found something that helped me. Thanks a lot!

    Good site you’ve got here.. It’s difficult to find high-quality writing like yours these days. I seriously appreciate individuals like you! Take care!!

    Admiring the dedication you put into your site and in depth information you present. It’s great to come across a blog every once in a while that isn’t the same out of date rehashed material. Excellent read! I’ve saved your site and I’m adding your RSS feeds to my Google account.|

    This website certainly has all of the info I wanted concerning this subject and didn’t know who to ask. |

    Excellent site. Lots of useful information here. I am sending it to several pals ans also sharing in delicious. And of course, thanks in your sweat!|

    You are so cool! I don’t believe I’ve read through anything like that before. So nice to find somebody with unique thoughts on this subject. Really.. thanks for starting this up. This website is one thing that is required on the web, someone with a bit of originality.

    Hello there! This post couldn’t be written any better! Looking at this article reminds me of my previous roommate! He continually kept talking about this. I am going to send this post to him. Fairly certain he will have a very good read. Thank you for sharing!|

    Hello, I do think your website might be having browser compatibility issues. When I take a look at your blog in Safari, it looks fine but when opening in I.E., it’s got some overlapping issues. I simply wanted to give you a quick heads up! Aside from that, great site.

    Useful information. Fortunate me I discovered your website by chance, and I’m stunned why this accident didn’t happened earlier! I bookmarked it.|

    Control your S7 PLC with your iPhone or iPad. S7 Remote is the perfect App to control your home or view some machine data.

    I’m not positive the place you’re getting your information, but great topic. I needs to spend a while learning much more or figuring out more. Thank you for wonderful information I was looking for this info for my mission.|

    Hi, I do think this is a great website. I stumbledupon it 😉 I will return once again since i have book marked it. Money and freedom is the best way to change, may you be rich and continue to guide other people.

    Right here is the perfect blog for anybody who hopes to understand this topic. You realize a whole lot its almost hard to argue with you (not that I actually would want toÖHaHa). You certainly put a brand new spin on a topic which has been written about for ages. Wonderful stuff, just excellent!

    An interesting discussion is worth comment. I do think that you ought to publish more about this topic, it may not be a taboo subject but usually folks don’t speak about such subjects. To the next! All the best!

    Good day! Do you use Twitter? I’d like to follow you if that would be okay. I’m absolutely enjoying your blog and look forward to new updates.|

    Superb post however I was wondering if you could write a litte more on this topic? I’d be very grateful if you could elaborate a little bit further. Thanks!

    Stunning story there. What occurred after? Thanks!|

    Hello! I could have sworn I’ve been to this website before but after looking at a few of the posts I realized it’s new to me. Anyways, I’m certainly delighted I came across it and I’ll be book-marking it and checking back regularly!

    I was pretty pleased to uncover this great site. I need to to thank you for ones time just for this wonderful read!! I definitely loved every bit of it and I have you saved to fav to see new information on your website.

    Hello there! I could have sworn I’ve been to your blog before but after going through a few of the articles I realized it’s new to me. Nonetheless, I’m definitely pleased I discovered it and I’ll be bookmarking it and checking back frequently!

    Thanks for one’s marvelous posting! I quite enjoyed reading it, you happen to be a great author.I will ensure that I bookmark your blog and definitely will come back later in life. I want to encourage you continue your great writing, have a nice holiday weekend!|

    Awesome website you have here but I was curious if you knew of any community forums that cover the same topics discussed here? I’d really love to be a part of online community where I can get feedback from other experienced people that share the same interest. If you have any recommendations, please let me know. Appreciate it!|

    If some one desires expert view on the topic of blogging and site-building afterward i advise him/her to pay a quick visit this web site, Keep up the pleasant job.|

    I really love your blog.. Pleasant colors & theme. Did you make this site yourself? Please reply back as I’m trying to create my own personal website and want to find out where you got this from or exactly what the theme is named. Many thanks!

    I all the time emailed this weblog post page to all my associates, since if like to read it next my friends will too.|

    What i do not realize is if truth be told how you are not really a lot more well-preferred than you might be now. You are very intelligent. You already know therefore significantly when it comes to this topic, produced me individually consider it from so many varied angles. Its like men and women don’t seem to be interested except it’s one thing to do with Woman gaga! Your own stuffs outstanding. All the time care for it up!|

    Valuable information. Lucky me I found your web site by accident, and I am shocked why this accident did not happened earlier! I bookmarked it.

    great points altogether, you simply gained a new reader. What would you suggest in regards to your put up that you made some days ago? Any positive?|

    I was able to find good advice from your articles.|

    Hi friends, good paragraph and fastidious arguments commented at this place, I am actually enjoying by these.|

    Hello! This is kind of off topic but I need some help from an established blog. Is it difficult to set up your own blog? I’m not very techincal but I can figure things out pretty quick. I’m thinking about making my own but I’m not sure where to begin. Do you have any tips or suggestions? Appreciate it|

    Great information. Lucky me I recently found your website by chance (stumbleupon). I’ve saved it for later!

    I carry on listening to the newscast talk about getting free online grant applications so I have been looking around for the finest site to get one. Could you tell me please, where could i acquire some?

    Hello there! I know this is kind of off topic but I was wondering which blog platform are you using for this website? I’m getting tired of WordPress because I’ve had problems with hackers and I’m looking at options for another platform. I would be fantastic if you could point me in the direction of a good platform.|

    I’m not that much of a online reader to be honest but your sites really nice, keep it up! I’ll go ahead and bookmark your website to come back down the road. All the best|

    We are a gaggle of volunteers and starting a brand new scheme in our community. Your site provided us with helpful info to work on. You have performed an impressive job and our entire group will be thankful to you.|

    It is not my first time to pay a visit this web site, i am visiting this web site dailly and take nice information from here every day.|

    It’s difficult to find educated people for this subject, however, you sound like you know what you’re talking about! Thanks

    Hi, i think that i saw you visited my weblog so i came to “return the favor”.I’m trying to find things to improve my web site!I suppose its ok to use some of your ideas!!|

    This is the right web site for anyone who wants to understand this topic. You understand so much its almost tough to argue with you (not that I actually will need to…HaHa). You certainly put a new spin on a topic which has been discussed for years. Wonderful stuff, just great!|

    It’s perfect time to make a few plans for the long run and it’s time to be happy. I have learn this put up and if I may I want to counsel you few attention-grabbing issues or tips. Perhaps you could write subsequent articles relating to this article. I want to learn more issues about it!|

    Every weekend i used to go to see this site, because i wish for enjoyment, since this this web page conations in fact good funny data too.|

    We’re a bunch of volunteers and starting a new scheme in our community. Your site provided us with valuable information to work on. You have done an impressive process and our entire community can be grateful to you.|

    You’re so cool! I do not think I’ve read a single thing like that before. So great to find somebody with some original thoughts on this subject matter. Seriously.. thanks for starting this up. This web site https://casaazulhostel.com/ is something that’s needed on the internet, someone with a bit of originality!

    Pretty! This was an extremely wonderful post. Thank you for supplying this info.

    I blog quite often and I really appreciate your content. The article has really peaked my interest. I am going to book mark your site and keep checking for new information about once per week. I subscribed to your Feed too.|

    I have read so many articles about the blogger lovers but this article is actually a good paragraph, keep it up.|

    When someone writes an piece of writing he/she retains the plan of a user in his/her mind that how a user can understand it. So that’s why this article is outstdanding. Thanks!|

    I’m impressed, I must say. Rarely do I come across a blog that’s equally educative and entertaining, and let me tell you, you’ve hit the nail on the head. The issue is something too few people are speaking intelligently about. I’m very happy that I found this during my hunt for something regarding this.

Leave a Reply

Message:*

Name:

Email:

Website: