w32/ecure.c

Imagen biografía
Categoría: Troyanos
Valora este manual:





 
Enviada por: Administrador

Manual de informática de w32/ecure.c

trojan.ecure.c
tipo: troyano
tama?o: 5,632 bytes
origen: internet
destructivo: no en la calle (in the wild): si detección y eliminación: the hacker 5.6 al 07/07/2004
w32/ecure.c, es un troyano que modifica el archivo hosts y la p?gina de inicio del internet explorer.
cuando el troyano se ejecuta se copia a si mismo en:
windows \secure.html
seguidamente modifica los siguientes valores en el registro:
hkey_current_user\software\microsoft\windows\internet explorer\main
local page= windows \secure.html
hkey_current_user\software\microsoft\windows\internet explorer\main
start page= windows \secure.html
hkey_current_user\software\microsoft\windows\internet explorer\main
default_page_url= windows \secure.html
hkey_local_machine\software\microsoft\internet explorer\main
local page= windows \secure.html
hkey_local_machine\software\microsoft\internet explorer\main
start page= windows \secure.html
hkey_local_machine\software\microsoft\internet explorer\main
default_page_url= windows \secure.html
seguidamente el troyano sobrescribe el archivo hosts para redireccionar direcciones urls al localhost (127.0.0.1)
127.0.0.1 ruworld.com 127.0.0.1 maxxxhosters.com 127.0.0.1 therealsearch.com 127.0.0.1 thumbest-traffic.com 127.0.0.1 600pics.com 127.0.0.1 tonser.4-counter.com 127.0.0.1 free.sinpussy.com 127.0.0.1 hightcalldialer.com 127.0.0.1 bestpornnews.com 127.0.0.1 thumberland.com 127.0.0.1 greg-search.com 127.0.0.1 connect.online-dialer.com 127.0.0.1 0190-dialer.com 127.0.0.1 approvedlinks.com 127.0.0.1 download.buxomatic.com 127.0.0.1 dia.4-counter.com 127.0.0.1 vse-moe.biz 127.0.0.1 crue.global-counter.com 127.0.0.1 line-plus.com 127.0.0.1 porno-links.biz 127.0.0.1 download.tntdialer.com 127.0.0.1 freelivesex.org 127.0.0.1 free3xmatures.com 127.0.0.1 bestpics.net 127.0.0.1 dikai.com 127.0.0.1 world-search.biz 127.0.0.1 1-se.com 127.0.0.1 58q.com 127.0.0.1 aifind.cc 127.0.0.1 aifind.info 127.0.0.1 allneedsearch.com 127.0.0.1 auto.ie.searchforge.com 127.0.0.1 awebfind.biz 127.0.0.1 best.royalsearch.net 127.0.0.1 cracks.am 127.0.0.1 default-homepage-network.com 127.0.0.1 find.microgirls.com 127.0.0.1 find4u.net 127.0.0.1 freshvideogals.com 127.0.0.1 i-lookup.com 127.0.0.1 ie-search.com 127.0.0.1 in.webcounter.cc 127.0.0.1 itseasy.us 127.0.0.1 just.find-itnow.com 127.0.0.1 link.startmake.com 127.0.0.1 mysearchnow.com 127.0.0.1 nativehardcore.com 127.0.0.1 qwertysearch123.biz 127.0.0.1 search.ieplugin.com 127.0.0.1 search.psn.cn 127.0.0.1 searchbar.findthewebsiteyouneed.com 127.0.0.1 searchcentrix.com 127.0.0.1 searchmyrequest.com 127.0.0.1 super-spider.com 127.0.0.1 t.rack.cc 127.0.0.1 teen-biz.com 127.0.0.1 teenhqpics.com 127.0.0.1 tits.hardcore4ever.net 127.0.0.1 webcoolsearch.com 127.0.0.1 wmmse.com 127.0.0.1 008i.com 127.0.0.1 2fastsearch.net 127.0.0.1 8095.com 127.0.0.1 alfa-search.com 127.0.0.1 boredlife.com 127.0.0.1 couldnotfind.com 127.0.0.1 cracks.am 127.0.0.1 daum.net 127.0.0.1 dreamwiz.com 127.0.0.1 find-itnow.com 127.0.0.1 find4u.net 127.0.0.1 firstbookmark.com 127.0.0.1 gajai.com 127.0.0.1 hand-book.com 127.0.0.1 hao123.com 127.0.0.1 hotsearchbox.com 127.0.0.1 hotwebsearch.com 127.0.0.1 hugesearch.net 127.0.0.1 iquicksearch.com 127.0.0.1 lookfor.cc 127.0.0.1 naver.com 127.0.0.1 nkvd.us 127.0.0.1 novafuck.com 127.0.0.1 ohcorea.com 127.0.0.1 omega-search.com 127.0.0.1 onet.pl 127.0.0.1 power-search.info 127.0.0.1 rightfinder.net 127.0.0.1 search-1.net 127.0.0.1 search-and-go.com 127.0.0.1 search-dot.com 127.0.0.1 search-space.com 127.0.0.1 searchforge.com 127.0.0.1 searching-the-net.com 127.0.0.1 searchv.com 127.0.0.1 searchxl.com 127.0.0.1 seznam.cz 127.0.0.1 slotch.com 127.0.0.1 spidersearch.com 127.0.0.1 startium.com 127.0.0.1 ttjj.com 127.0.0.1 viewpornkey.com 127.0.0.1 wazzupnet.com 127.0.0.1 websearch.com 127.0.0.1 windowws.cc 127.0.0.1 xgmm.com 127.0.0.1 xwebsearch.biz 127.0.0.1 yourbookmarks.ws 127.0.0.1 collections.inhost.info 127.0.0.1 collections.inhost2.info 127.0.0.1 www.ruworld.com 127.0.0.1 www.maxxxhosters.com 127.0.0.1 www.therealsearch.com 127.0.0.1 www.thumbest-traffic.com 127.0.0.1 www.600pics.com 127.0.0.1 www.hightcalldialer.com 127.0.0.1 www.bestpornnews.com 127.0.0.1 www.thumberland.com 127.0.0.1 www.greg-search.com 127.0.0.1 www.0190-dialer.com 127.0.0.1 www.approvedlinks.com 127.0.0.1 www.vse-moe.biz 127.0.0.1 www.line-plus.com 127.0.0.1 www.porno-links.biz 127.0.0.1 www.freelivesex.org 127.0.0.1 www.free3xmatures.com 127.0.0.1 www.bestpics.net 127.0.0.1 www.dikai.com 127.0.0.1 www.world-search.biz 127.0.0.1 www.1-se.com 127.0.0.1 www.58q.com 127.0.0.1 www.aifind.cc 127.0.0.1 www.aifind.info 127.0.0.1 www.allneedsearch.com 127.0.0.1 www.awebfind.biz 127.0.0.1 www.cracks.am 127.0.0.1 www.default-homepage-network.com 127.0.0.1 www.find4u.net 127.0.0.1 www.freshvideogals.com 127.0.0.1 www.i-lookup.com 127.0.0.1 www.ie-search.com 127.0.0.1 www.itseasy.us 127.0.0.1 www.mysearchnow.com 127.0.0.1 www.nativehardcore.com 127.0.0.1 www.qwertysearch123.biz 127.0.0.1 www.searchcentrix.com 127.0.0.1 www.searchmyrequest.com 127.0.0.1 www.super-spider.com 127.0.0.1 www.teen-biz.com 127.0.0.1 www.teenhqpics.com 127.0.0.1 www.webcoolsearch.com 127.0.0.1 www.wmmse.com 127.0.0.1 www.008i.com 127.0.0.1 www.2fastsearch.net 127.0.0.1 www.8095.com 127.0.0.1 www.alfa-search.com 127.0.0.1 www.boredlife.com 127.0.0.1 www.couldnotfind.com 127.0.0.1 www.cracks.am 127.0.0.1 www.daum.net 127.0.0.1 www.dreamwiz.com 127.0.0.1 www.find-itnow.com 127.0.0.1 www.find4u.net 127.0.0.1 www.firstbookmark.com 127.0.0.1 www.gajai.com 127.0.0.1 www.hand-book.com 127.0.0.1 www.hao123.com 127.0.0.1 www.hotsearchbox.com 127.0.0.1 www.hotwebsearch.com 127.0.0.1 www.hugesearch.net 127.0.0.1 www.iquicksearch.com 127.0.0.1 www.lookfor.cc 127.0.0.1 www.naver.com 127.0.0.1 www.nkvd.us 127.0.0.1 www.novafuck.com 127.0.0.1 www.ohcorea.com 127.0.0.1 www.omega-search.com 127.0.0.1 www.onet.pl 127.0.0.1 www.power-search.info 127.0.0.1 www.rightfinder.net 127.0.0.1 www.search-1.net 127.0.0.1 www.search-and-go.com 127.0.0.1 www.search-dot.com 127.0.0.1 www.search-space.com 127.0.0.1 www.searchforge.com 127.0.0.1 www.searching-the-net.com 127.0.0.1 www.searchv.com 127.0.0.1 www.searchxl.com 127.0.0.1 www.seznam.cz 127.0.0.1 www.slotch.com 127.0.0.1 www.spidersearch.com 127.0.0.1 www.startium.com 127.0.0.1 www.ttjj.com 127.0.0.1 www.viewpornkey.com 127.0.0.1 www.wazzupnet.com 127.0.0.1 www.websearch.com 127.0.0.1 www.windowws.cc 127.0.0.1 www.xgmm.com 127.0.0.1 www.xwebsearch.biz 127.0.0.1 www.yourbookmarks.ws 127.0.0.1 thehun.com 127.0.0.1 www.thehun.com 127.0.0.1 thehun.net 127.0.0.1 www.thehun.net 127.0.0.1 www.yahoo.com 127.0.0.1 yahoo.com 127.0.0.1 www.google.com 127.0.0.1 google.com 127.0.0.1 www.altavista.com 127.0.0.1 altavista.com 127.0.0.1 search.microsoft.com 127.0.0.1 search.msn.com 127.0.0.1 www.msn.com 127.0.0.1 msn.com 127.0.0.1 www.search.com 127.0.0.1 search.com 127.0.0.1 www.teoma.com 127.0.0.1 teoma.com 127.0.0.1 www.alltheweb.com 127.0.0.1 alltheweb.com 127.0.0.1 www.wisenut.com 127.0.0.1 wisenut.com 127.0.0.1 www.dmoz.org 127.0.0.1 dmoz.org 127.0.0.1 www.excite.com 127.0.0.1 excite.com 127.0.0.1 www.lycos.com 127.0.0.1 lycos.com 127.0.0.1 www.hotbot.com 127.0.0.1 hotbot.com 127.0.0.1 www.casino.com 127.0.0.1 casino.com estas direcciones url son direccionadas para windows \secure.html
seguidamente elimina las siguientes entradas:
hkey_local_machine\software\microsoft\windows\currentversion\run\controlpanel
hkey_local_machine\software\microsoft\windows\currentversion\run\key2
finalmente detiene los siguientes procesos pertenecientes a antivirus y firewalls que encuentre en el computador atacado
serve.exe loadclean.exe loader.exe runddl.exe mcupdate.exe cfiaudit.exe avxquar.exe autoupdate.exe autotrace.exe autodown.exe aupdate.exe nupgrade.exe update.exe icsupp95.exe icssuppnt.exe drwebupw.exe luall.exe avpupd.exe avwupd32.exe atupdater.exe


Comparte este manual:


Comparte este manual por email con un amigo/a:

Tu nombre
Tu email
El nombre de tu amigo
El email de tu amigo