W32.Toal.A@mm

W32.Toal.A@mm

W32.Toal.A@mm нь mass-mailing буюу олон хvнд нэг захиаг зэрэг тараадаг
worm юм. Worm нь имэйлээр Binladen_brasil.exe нэртэй хавсаргасан файлтай
хамт ирдэг.


Subject буюу захианы гол утга нь Афганистанд болж буй тухайн
vеийн vйл явдлын тухай байх бєгєєд аль нэг улсын хэл дээр байдаг. Ихэвчлэн
вирустсэн компьютерийн vйлдлийн систем аль хэл дээр байна тэр хэл дээр
нь илгээгддэг. Харин захианы хэсэг нь хоосон байдаг. Microsoft Outlook
болон Outlook Express программаар имэйлээ шалгахаар нээх эсвэл ирсэн захиаг
унших команд єгєхєд энэ вирус идэвхиждэг. Энэ вирус нь мєн W32/AntiWar
нэрээр илэрдэг.

Worm нь Invictus.dll файлыг vvсгэдэг бєгєєд энэ нь системийн болон сvлжээн
дэхь компьютерvvдэд байгаа executable буюу ажлын файлд халддаг. Мєн C:\
дискийг дотоод сvлжээнд share хийж бусдад нээлттэй болгодог. Энэ файлыг
ашиглан вирус тархдаг бєгєєд Norton Antivirus программ W32.Invictus.dll
нэрээр илрvvлдэг.

Тєрєл: Worm, virus
Илэрсэн он сар єдєр: 2001 оны 10-р сарын 23
Хэмжээ: янз бvр байдаг
Хавсаргасан файлын нэр: Binladen_brasil.exe
Subject: ямар ч байж болдог

Вирус идэвхижсэний дараа ємнє нь яг энэ вирус идэвхижин ажиллаж буй
эсэхийг шалгадаг. Хэрвээ ажиллаж байвал сvvлд идэвхижсэн нь ажиллахаа
больдог. Хамгийн тvрvvнд идэвхижсэн нь дараах файлуудыг vvсгэдэг:
– %System%\ директорт Invictus.dll файлыг vvсгэдэг. %System% нь
C:\Windows\System эсвэл C:\Winnt\System32 байж болно.
– %Windows%\<ямар нэгэн 3 тэмдэгт>.exe файлыг нууцлалтайгаар хуулдаг.
%Windows%
нь C:\Windows эсвэл C:\Winnt байж болно.

Мєн System.ini файлд дараах єєрчлєлтийг хийнэ:
shell=Explorer.exe
гэснийг shell=Explorer.exe [ямар нэгэн 3 тэмдэгт].exe болгодог.

Компьютерийг унтраагаад асаасны дараа вирус идэвхиждэг. Вирус нь Windows
системийн hh.exe файлд халддаг. Мєн дотоод сvлжээгээр дамжин бусад компьютерт
мєн 3 тэмдэгт бvхий нэртэй .exe єргєтгєлтэй файлыг Windows директорт
нь, Invictus.dll файлыг System директорт нь хуулдаг. Сvлжээний компьютер
дээр уг вирус идэвхижин ажиллаж, System.ini файлд єєрчлєлт оруулдаг.

Вирус нь ICQ программийн White Pages -г ашиглан имэйл хаягуудыг цуглуулдаг.
Ихэнх имэйл серверvvд stmp юмуу mail гэж эхэлдгийг овжиноор
ашиглан тухайн цуглуулсан имэйл хаягууд руугаа захиаг илгээхдээ энэ нэрийг
ашигладаг. Жишээ нь joeuser@domain.tld гэсэн имэйл хаяг байвал smtp.domain.tld
эсвэл mail.domain.tld гэсэн имэйл серверийн нэрийг ашигладаг. Илгээж буй
захиандаа вирустсэн Hh.exe файл эсвэл Binladen_brasil.exe файлыг хавсаргадаг.

Уг вирус нь сvлжээний хадгалсан нууц vгнvvдийг Windows 95 систем дээр
файлд хадгалдаг. Бусад Windows системийн хувилбарууд дээр энэ vйлдлийг
хийж чаддаггvй. Registry файлд дараах єєрчлєлтийг оруулснаар C:\ дискийг
дотоод сvлжээнд share хийж, нээлттэй болгодог.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Network\LanMan
Санах ой дахь вирусын эсрэг программийг тvр хугацаанд ажиллуулахгvй болгодог.
Вирус идэвхижсэнээс хойшхи аль зэрэг хугацаа єнгєрснєєс шалтгаалан Афганистанд
одоо болж буй vйл явдлыг харуулсан зураг бvхий фон болон текстийн єнгийг
vргэлж єєрчилдєг. Ийнхvv идэвхижсэний дараа 5 минутын турш тvр азнаад
эргээд идэвхиждэг.
Norton AntiVirus программ уг вирусыг W32.Invictus.dll нэрээр илрvvлдэг.

Хэрхэн устгах вэ?

1. Norton Antivirus программийн LiveUpdate -г ажиллуулж хамгийн сvvлийн
vеийн вирусын эсрэг программийг авсан эсэхийг шалгах хэрэгтэй.
2. Start товчыг дарж Run командыг сонгоод дараах командыг бичиж OK товч
даран System.ini файлд єєрчлєлт хийнэ.
а. edit c:\windows\system.ini
b. shell= гэсэн бичилтийг хайж олно.
c. тэнцvvгийн тэмдгийн ард курсорыг байрлуулаад Shift болон End
товчлууруудыг зэрэг дарна.
d. Delete товчыг дар.
e. Ингээд explorer.exe гэж бичнэ.

shell=explorer.exe гэж харагдах ёстой.

f. File цэснээс Exit командыг сонгоод Yes товчыг дарж єєрчлєлтийг сануулаад
гарна.
3. Хэрвээ таны компьютер дотоод сvлжээнд холбогдсон бол нээлттэй байгаа
C:\ дискийн share-г авах хэрэгтэй.
4. Компьютерээ унтраагаад асаана. Компьютер асахдаа вирустсэн файлуудыг
олох бєгєєд эдгээр файлуудыг Repair хийх хэрэгтэй. Quarantine хийчихвэл
дараа нь Repair командаар засч болдоггvй.
5. Norton AntiVirus (NAV) программийг эхлvvлэн бvх файлыг шалгахаар тохируулагдсан
эсэхийг шалгах.
6. Scan virus командаар вирусийг шалгах.

 

{mos_fb_discuss:2} 

Date: September 27th, 2007 | Categories: Вирус | By: | Comments: 2,779

2,779 Responses to W32.Toal.A@mm

    Your style is really unique compared to other people I’ve read stuff from. Thanks for posting when you’ve got the opportunity, Guess I’ll just book mark this page.

    What a stuff of un-ambiguity and preserveness of precious familiarity about unpredicted emotions.|

    Aw, this was a very nice post. In concept I would like to put in writing like this moreover – taking time and actual effort to make a very good article… but what can I say… I procrastinate alot and by no means seem to get one thing done.

    The only thing I cry over is not having actually found your blog before.

    Just bookmarked this post as I have actually found it fairly valuable.

    Hi there this is somewhat of off topic but I was wanting to know if blogs use WYSIWYG editors or if you have to manually code with HTML. I’m starting a blog soon but have no coding know-how so I wanted to get advice from someone with experience. Any help would be enormously appreciated!|

    I’m really loving the theme/design of your blog. Do you ever run into any browser compatibility issues? A small number of my blog visitors have complained about my blog not operating correctly in Explorer but looks great in Chrome. Do you have any tips to help fix this problem?|

    I loved as much as you’ll receive carried out right here. The sketch is attractive, your authored material stylish. nonetheless, you command get bought an shakiness over that you wish be delivering the following. unwell unquestionably come more formerly again since exactly the same nearly very often inside case you shield this hike.|

    I used to be able to find good advice from your blog posts.

    hello!,I like your writing very much! share we communicate more about your post on AOL? I require a specialist on this area to solve my problem. Maybe that’s you! Looking forward to see you.

    Would you be enthusiastic about exchanging links?

    A person essentially lend a hand to make seriously articles I would state. That is the first time I frequented your web page and so far? I surprised with the analysis you made to create this actual publish incredible. Magnificent activity!

    I am really loving the theme/design of your weblog. Do you ever run into any internet browser compatibility problems? A few of my blog visitors have complained about my website not working correctly in Explorer but looks great in Opera. Do you have any ideas to help fix this issue?|

    Excellent pieces. Keep posting such kind of info on your blog. Im really impressed by your blog.

    whoah this blog is great i really like reading your posts. Stay up the great work! You know, a lot of persons are hunting round for this info, you can help them greatly.

    Hello! I just want to offer you a big thumbs up for your great info you’ve got here on this post. I’ll be returning to your web site for more soon.|

    Your mode of explaining all in this post is really fastidious, every one be capable of easily understand it, Thanks a lot.|

    I am really loving the theme/design of your website. Do you ever run into any browser compatibility issues? A small number of my blog visitors have complained about my site not working correctly in Explorer but looks great in Chrome. Do you have any tips to help fix this problem?|

    Undeniably believe that which you said. Your favorite reason appeared to be on the net the simplest thing to be aware of. I say to you, I definitely get annoyed while people consider worries that they plainly don’t know about. You managed to hit the nail upon the top as well as defined out the whole thing without having side effect , people can take a signal. Will likely be back to get more. Thanks|

    Magnificent website. Lots of helpful information here. I’m sending it to some buddies ans also sharing in delicious. And obviously, thank you to your effort!

    It’s not my first time to pay a visit this site, i am browsing this website dailly and obtain good information from here daily.|

    I’m really impressed with your writing abilities and also with the format in your weblog. Is that this a paid theme or did you customize it yourself? Either way stay up the excellent quality writing, it’s uncommon to peer a nice weblog like this one these days..|

    Pretty nice post. I just stumbled upon your weblog and wished to say that I have truly enjoyed surfing around your blog posts. After all I will be subscribing to your rss feed and I hope you write again very soon!|

    Having read this I believed it was really informative. I appreciate you finding the time and energy to put this article together. I once again find myself spending a lot of time both reading and leaving comments. But so what, it was still worth it!

    You really make it seem really easy with your presentation however I find this matter to be actually something that I feel I’d by no means understand. It sort of feels too complicated and extremely broad for me. I am looking forward to your subsequent submit, I’ll attempt to get the hold of it!|

    This design is spectacular! You obviously know how to keep a reader entertained. Between your wit and your videos, I was almost moved to start my own blog (well, almost…HaHa!) Wonderful job. I really loved what you had to say, and more than that, how you presented it. Too cool!|

    Hello, i read your blog occasionally and i own a similar one and i was just wondering if you get a lot of spam responses? If so how do you prevent it, any plugin or anything you can recommend? I get so much lately it’s driving me mad so any help is very much appreciated.|

    Hi! I could have sworn I’ve been to this site before but after going through some of the posts I realized it’s new to me. Regardless, I’m certainly pleased I stumbled upon it and I’ll be bookmarking it and checking back regularly!

    Please let me know if you’re looking for a author for your site. You have some really good posts and I believe I would be a good asset. If you ever want to take some of the load off, I’d love to write some material for your blog in exchange for a link back to mine. Please send me an e-mail if interested. Regards!|

    Hello, its pleasant paragraph concerning media print, we all understand media is a impressive source of facts.|

    This blog was… how do I say it? Relevant!! Finally I have found something that helped me. Cheers!|

    I do not know if it’s just me or if everyone else encountering issues with your website. It appears like some of the text on your posts are running off the screen. Can somebody else please comment and let me know if this is happening to them too? This may be a issue with my internet browser because I’ve had this happen previously. Thanks|

    It’s very easy to find out any topic on net as compared to textbooks, as I found this piece of writing at this site.|

    If you wish for to grow your familiarity just keep visiting this web site and be updated with the most recent news update posted here.|

    I have learn some excellent stuff here. Definitely worth bookmarking for revisiting. I wonder how much attempt you put to create this kind of excellent informative website.|

    Hey there! Do you know if they make any plugins to protect against hackers? I’m kinda paranoid about losing everything I’ve worked hard on. Any suggestions?|

    It’s going to be end of mine day, however before finish I am reading this impressive post to improve my knowledge.|

    Hello there, just became aware of your blog through Google, and found that it’s truly informative. I am going to watch out for brussels. I’ll appreciate if you continue this in future. Many people will be benefited from your writing. Cheers!

    Just desire to say your article is as amazing. The clarity on your post is just spectacular and that i could suppose you are an expert in this subject. Well together with your permission let me to snatch your feed to stay updated with coming near near post. Thanks one million and please continue the enjoyable work.|

    What’s up, I want to subscribe for this webpage to take most recent updates, thus where can i do it please help.|

    Its like you read my mind! You seem to know so much about this, like you wrote the book in it or something. I think that you can do with a few pics to drive the message home a little bit, but instead of that, this is fantastic blog. A great read. I’ll certainly be back.|

    Hi there, just wanted to say, I enjoyed this post. It was funny. Keep on posting!|

    Excellent way of describing, and fastidious article to obtain facts concerning my presentation focus, which i am going to convey in academy.|

    You’ve made some decent points there. I checked on the net for more information about the issue and found most people will go along with your views on this site.|

    It’s in point of fact a great and useful piece of information. I am satisfied that you simply shared this helpful information with us. Please stay us up to date like this. Thanks for sharing.

    Hurrah! Finally I got a website from where I know how to really get valuable data concerning my study and knowledge.|

    Great weblog here! Additionally your web site a lot up fast! What web host are you the usage of? Can I get your associate link to your host? I wish my web site loaded up as fast as yours lol

Leave a Reply

Message:*

Name:

Email:

Website: