w32/ecure

Imagen biografía
Categoría: Troyanos
Valora este manual:





 
Enviada por: Administrador

Manual de informática de w32/ecure

trojan.ecure, win32/harnig.e
tipo: troyano
tama?o: 5,120 bytes
origen: internet
destructivo: no en la calle (in the wild): si detección y eliminación: the hacker 5.6 al 29/06/2004
w32/ecure, es un troyano, que modifica el archivo hosts y la p?gina de inicio del internet explorer.
cuando el troyano se ejecuta se copia a si mismo en:
windows \secure.html
seguidamente modifica los siguientes valores en el registro:
hkey_current_user\software\microsoft\windows\internet explorer\main
local page= windows \secure.html
hkey_current_user\software\microsoft\windows\internet explorer\main
start page= windows \secure.html
hkey_current_user\software\microsoft\windows\internet explorer\main
default_page_url= windows \secure.html
hkey_local_machine\software\microsoft\internet explorer\main
local page= windows \secure.html
hkey_local_machine\software\microsoft\internet explorer\main
start page= windows \secure.html
hkey_local_machine\software\microsoft\internet explorer\main
default_page_url= windows \secure.html
seguidamente el troyano sobrescribe el archivo hosts para redireccionar direcciones urls al localhost (127.0.0.1)
127.0.0.1 ruworld.com 127.0.0.1 maxxxhosters.com 127.0.0.1 therealsearch.com 127.0.0.1 thumbest-traffic.com 127.0.0.1 600pics.com 127.0.0.1 tonser.4-counter.com 127.0.0.1 free.sinpussy.com 127.0.0.1 hightcalldialer.com 127.0.0.1 bestpornnews.com 127.0.0.1 thumberland.com 127.0.0.1 greg-search.com 127.0.0.1 connect.online-dialer.com 127.0.0.1 0190-dialer.com 127.0.0.1 approvedlinks.com 127.0.0.1 install.xxxtoolbar.com 127.0.0.1 download.buxomatic.com 127.0.0.1 dia.4-counter.com 127.0.0.1 vse-moe.biz 127.0.0.1 crue.global-counter.com 127.0.0.1 line-plus.com 127.0.0.1 porno-links.biz 127.0.0.1 download.tntdialer.com 127.0.0.1 freelivesex.org 127.0.0.1 free3xmatures.com 127.0.0.1 bestpics.net 127.0.0.1 dikai.com 127.0.0.1 world-search.biz 127.0.0.1 1-se.com 127.0.0.1 58q.com 127.0.0.1 aifind.cc 127.0.0.1 aifind.info 127.0.0.1 allneedsearch.com 127.0.0.1 auto.ie.searchforge.com 127.0.0.1 awebfind.biz 127.0.0.1 best.royalsearch.net 127.0.0.1 cracks.am 127.0.0.1 default-homepage-network.com 127.0.0.1 find.microgirls.com 127.0.0.1 find4u.net 127.0.0.1 freshvideogals.com 127.0.0.1 i-lookup.com 127.0.0.1 ie-search.com 127.0.0.1 in.webcounter.cc 127.0.0.1 itseasy.us 127.0.0.1 just.find-itnow.com 127.0.0.1 link.startmake.com 127.0.0.1 mysearchnow.com 127.0.0.1 nativehardcore.com 127.0.0.1 qwertysearch123.biz 127.0.0.1 search.ieplugin.com 127.0.0.1 search.psn.cn 127.0.0.1 searchbar.findthewebsiteyouneed.com 127.0.0.1 searchcentrix.com 127.0.0.1 searchmyrequest.com 127.0.0.1 super-spider.com 127.0.0.1 t.rack.cc 127.0.0.1 teen-biz.com 127.0.0.1 teenhqpics.com 127.0.0.1 tits.hardcore4ever.net 127.0.0.1 webcoolsearch.com 127.0.0.1 wmmse.com 127.0.0.1 008i.com 127.0.0.1 2fastsearch.net 127.0.0.1 8095.com 127.0.0.1 alfa-search.com 127.0.0.1 boredlife.com 127.0.0.1 couldnotfind.com 127.0.0.1 cracks.am 127.0.0.1 daum.net 127.0.0.1 dreamwiz.com 127.0.0.1 find-itnow.com 127.0.0.1 find4u.net 127.0.0.1 firstbookmark.com 127.0.0.1 gajai.com 127.0.0.1 hand-book.com 127.0.0.1 hao123.com 127.0.0.1 hotsearchbox.com 127.0.0.1 hotwebsearch.com 127.0.0.1 hugesearch.net 127.0.0.1 iquicksearch.com 127.0.0.1 lookfor.cc 127.0.0.1 naver.com 127.0.0.1 nkvd.us 127.0.0.1 novafuck.com 127.0.0.1 ohcorea.com 127.0.0.1 omega-search.com 127.0.0.1 onet.pl 127.0.0.1 power-search.info 127.0.0.1 rightfinder.net 127.0.0.1 search-1.net 127.0.0.1 search-and-go.com 127.0.0.1 search-dot.com 127.0.0.1 search-space.com 127.0.0.1 searchforge.com 127.0.0.1 searching-the-net.com 127.0.0.1 searchv.com 127.0.0.1 searchxl.com 127.0.0.1 seznam.cz 127.0.0.1 slotch.com 127.0.0.1 spidersearch.com 127.0.0.1 startium.com 127.0.0.1 ttjj.com 127.0.0.1 viewpornkey.com 127.0.0.1 wazzupnet.com 127.0.0.1 websearch.com 127.0.0.1 windowws.cc 127.0.0.1 xgmm.com 127.0.0.1 xwebsearch.biz 127.0.0.1 yourbookmarks.ws 127.0.0.1 collections.inhost.info 127.0.0.1 collections.inhost2.info 127.0.0.1 www.ruworld.com 127.0.0.1 www.maxxxhosters.com 127.0.0.1 www.therealsearch.com 127.0.0.1 www.thumbest-traffic.com 127.0.0.1 www.600pics.com 127.0.0.1 www.hightcalldialer.com 127.0.0.1 www.bestpornnews.com 127.0.0.1 www.thumberland.com 127.0.0.1 www.greg-search.com 127.0.0.1 www.0190-dialer.com 127.0.0.1 www.approvedlinks.com 127.0.0.1 www.vse-moe.biz 127.0.0.1 www.line-plus.com 127.0.0.1 www.porno-links.biz 127.0.0.1 www.freelivesex.org 127.0.0.1 www.free3xmatures.com 127.0.0.1 www.bestpics.net 127.0.0.1 www.dikai.com 127.0.0.1 www.world-search.biz 127.0.0.1 www.1-se.com 127.0.0.1 www.58q.com 127.0.0.1 www.aifind.cc 127.0.0.1 www.aifind.info 127.0.0.1 www.allneedsearch.com 127.0.0.1 www.awebfind.biz 127.0.0.1 www.cracks.am 127.0.0.1 www.default-homepage-network.com 127.0.0.1 www.find4u.net 127.0.0.1 www.freshvideogals.com 127.0.0.1 www.i-lookup.com 127.0.0.1 www.ie-search.com 127.0.0.1 www.itseasy.us 127.0.0.1 www.mysearchnow.com 127.0.0.1 www.nativehardcore.com 127.0.0.1 www.qwertysearch123.biz 127.0.0.1 www.searchcentrix.com 127.0.0.1 www.searchmyrequest.com 127.0.0.1 www.super-spider.com 127.0.0.1 www.teen-biz.com 127.0.0.1 www.teenhqpics.com 127.0.0.1 www.webcoolsearch.com 127.0.0.1 www.wmmse.com 127.0.0.1 www.008i.com 127.0.0.1 www.2fastsearch.net 127.0.0.1 www.8095.com 127.0.0.1 www.alfa-search.com 127.0.0.1 www.boredlife.com 127.0.0.1 www.couldnotfind.com 127.0.0.1 www.cracks.am 127.0.0.1 www.daum.net 127.0.0.1 www.dreamwiz.com 127.0.0.1 www.find-itnow.com 127.0.0.1 www.find4u.net 127.0.0.1 www.firstbookmark.com 127.0.0.1 www.gajai.com 127.0.0.1 www.hand-book.com 127.0.0.1 www.hao123.com 127.0.0.1 www.hotsearchbox.com 127.0.0.1 www.hotwebsearch.com 127.0.0.1 www.hugesearch.net 127.0.0.1 www.iquicksearch.com 127.0.0.1 www.lookfor.cc 127.0.0.1 www.naver.com 127.0.0.1 www.nkvd.us 127.0.0.1 www.novafuck.com 127.0.0.1 www.ohcorea.com 127.0.0.1 www.omega-search.com 127.0.0.1 www.onet.pl 127.0.0.1 www.power-search.info 127.0.0.1 www.rightfinder.net 127.0.0.1 www.search-1.net 127.0.0.1 www.search-and-go.com 127.0.0.1 www.search-dot.com 127.0.0.1 www.search-space.com 127.0.0.1 www.searchforge.com 127.0.0.1 www.searching-the-net.com 127.0.0.1 www.searchv.com 127.0.0.1 www.searchxl.com 127.0.0.1 www.seznam.cz 127.0.0.1 www.slotch.com 127.0.0.1 www.spidersearch.com 127.0.0.1 www.startium.com 127.0.0.1 www.ttjj.com 127.0.0.1 www.viewpornkey.com 127.0.0.1 www.wazzupnet.com 127.0.0.1 www.websearch.com 127.0.0.1 www.windowws.cc 127.0.0.1 www.xgmm.com 127.0.0.1 www.xwebsearch.biz 127.0.0.1 www.yourbookmarks.ws estas direcciones url son direccionadas para windows \secure.html
seguidamente elimina las siguientes entradas:
hkey_local_machine\software\microsoft\windows\currentversion\run\controlpanel
hkey_local_machine\software\microsoft\windows\currentversion\run\key2
finalmente detiene los siguientes procesos pertenecientes a antivirus y firewalls que encuentre en el computador atacado
atupdater.exe aupdate.exe autodown.exe autotrace.exe autoupdate.exe avpupd.exe avwupd32.exe avxquar.exe cfiaudit.exe drwebupw.exe icssuppnt.exe icsupp95.exe luall.exe mcupdate.exe nupgrade.exe update.exe


Comparte este manual:


Comparte este manual por email con un amigo/a:

Tu nombre
Tu email
El nombre de tu amigo
El email de tu amigo