프로그램분석

[Code : 0dofuBo2mdtXOGy3J6HbGg==] Install log : 50ms / 2013-01-25

프로세스 천국 2013. 1. 25. 06:14

이 악성 프로그램을 한동안 신경을 안썼더니 등록되지 않은 파일이 엄첨나게 많을거 같네요.

거의 일주일에 한번씩은 이름을 바꾸는 거 같던데.

파일명도 랜덤, 설치하는 폴더도 랜덤, 서비스이름도 랜덤수준.

 

----------------------------------------------------------------------
Created by Windowexe.com , Logfile of WindowexeAllkiller
----------------------------------------------------------------------
Windows 7 Ultimate Service Pack 1(6.1.7601.65536)
Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz / 1,023.55 MB
Intel64 Family 6 Model 42 Stepping 7
Date : 2013-01-25
----------------------------------------------------------------------
----------------------------------------------------------------------
SC000 authzrt -/- Application Authorization -/- - -/-  -/- C:\Windows\authz.exe
SC004 Sympathetic -/- Group Policy Sympathetic -/- - -/-  -/- C:\Program Files (x86)\Internet Explorer\sympathy.exe
SCADD authzrt -/- Application Authorization -/- Auto/Running -/-  -/- C:\Windows\authz.exe
SCADD NetTcpPortSharing -/- Net.Tcp Port Sharing Service -/- Disabled/Stopped -/-  -/- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
SCADD PerfHost -/- Performance Counter DLL Host -/- Manual/Stopped -/-  -/- C:\Windows\system32\perfhost.exe
SCADD Sympathetic -/- Group Policy Sympathetic -/- Auto/Running -/-  -/- C:\Program Files\Internet Explorer\sympathy.exe
SCADD TPAutoConnSvc -/- TP AutoConnect Service -/- Manual/Stopped -/-  -/- C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe
SCADD VMTools -/- VMware Tools Service -/- Auto/Running -/-  -/- C:\Program Files\VMware\VMware Tools\VMwareService.exe
SCADD vmvss -/- VMware Snapshot Provider -/- Manual/Running -/-  -/- C:\Windows\system32\dllhost.exe
----------------------------------------------------------------------
Deleted Files : 0
Remove Service : 5
Remove Uninstall Entry : 3
Remove Startup Entry : 1
Remove Browser Helper Object : 1
----------------------------------------------------------------------
Remove these Entry in a WindowexeAllkiller.txt file. Save and Run.
WindowexeAllkiller Remove Database 2013-01-25
[05-SERVICE]**authzrt
[05-SERVICE]**Sympathetic
----------------------------------------------------------------------
Total Processing Time : 50ms
----------------------------------------------------------------------

NA001 ======================================================================
NA002 echo Created by Windowexe.com / do not delete this label.
NA003 ======================================================================
NA004 echo Start
NA005 echo windowexe.com & tskill "sympathy" & echo windowdel.com
NA006 echo windowexe.com & tskill "authz" & echo windowdel.com
NA007 sc stop "authzrt"
NA008 echo Service Disable & sc config "authzrt" start= disabled & echo Windowexe.com
NA011 sc stop "Sympathetic"
NA012 echo Service Disable & sc config "Sympathetic" start= disabled & echo Windowexe.com
NA013 echo change dir for x64
NA014 cd %windir%
NA015 cd syswow64
NA016 echo windowexe.com & tskill "sympathy" & echo windowdel.com
NA017 echo windowexe.com & tskill "authz" & echo windowdel.com
NA018 sc stop "authzrt"
NA019 echo Service Disable & sc config "authzrt" start= disabled & echo Windowexe.com
NA022 sc stop "Sympathetic"
NA023 echo Service Disable & sc config "Sympathetic" start= disabled & echo Windowexe.com
NA024 echo End
NA025 ======================================================================
NA026 echo Created by Windowexe.com / do not delete this label.
NA027 ======================================================================