[Monitor.007SpySoft.1246154] Àº ¼³Ä¡µÈ ½Ã½ºÅÛÀÇ »ç¿ë Á¤º¸ÀÇ ´ëºÎºÐÀ» ¸ð´ÏÅ͸µ ÇÏ´Â ÇÁ·Î±×·¥ÀÌ´Ù.
´©°¡ ¾î¶»°Ô »ç¿ëÇÏ´À³Ä¿¡ µû¶ó ½É°¢ÇÑ °³ÀÎÁ¤º¸ À¯Ãâ¿¡ ÀÌ¿ë µÉ ¼ö ÀÖ¾î À¯ÇØ°¡´É ÇÁ·Î±×·¥À¸·Î ºÐ·ù/Áø´Ü ÇÑ´Ù.
ÀÌ À¯ÇØ°¡´É ÇÁ·Î±×·¥¿¡ ÀÇÇØ ¸ð´ÏÅ͸µ µÇ´Â ³»¿ªÀº ¾Æ·¡ 5°¡Áö Ç׸ñÀ¸·Î ºÐ·ùµÇ¸ç ƯÁ¤Æú´õ¿¡ °¢°¢ ÆÄÀÏ ¹× »çÁø ÆÄÀÏ·Î ÀúÀåµÈ´Ù.
- Keystrokes Log (Å°º¸µå ÀÔ·Â)
- WebSites Log (À¥»çÀÌÆ® Á¢¼Ó)
- Application Log (¾îÇø®ÄÉÀÌ¼Ç »ç¿ë)
- Screenshots Log (ȸé ĸÃÄ)
- File/FolderS Log (ÆÄÀÏ/Æú´õ º¹»ç, »èÁ¦ µî)
[007 Spy Software] ´Â ÀϹÝÀûÀÎ °æ¿ì¿¡´Â »ç¿ëÀÚÀÇ µ¿ÀǸ¦ ÅëÇØ Á¤»óÀûÀÎ »ç¿ë ¼³¸í°ú ÇÔ²² ¼³Ä¡µÈ´Ù.
ÇÏÁö¸¸, ¿©·¯ »ç¶÷ÀÌ ÇϳªÀÇ À©µµ¿ì °èÁ¤À» °øÀ¯ÇÏ¿© »ç¿ëÇÏ´Â °æ¿ì (PC¹æ, °ø°øÀå¼Ò¿¡ ¼³Ä¡µÈ PC µî) ¿¡´Â ¼³Ä¡ÇÑ »ç¶÷ÀÇ ¾ÇÀÇÀûÀÎ ¸ñÀû¿¡ ÀÇÇØ [Monitor.007SpySoft.1246154]ÀÌ ¼³Ä¡ µÈÁö ¸ð¸¥ ä »ç¿ë ÇÒ °æ¿ì Ä¡¸íÀûÀÎ °³ÀÎÁ¤º¸ À¯ÃâÀÇ µµ±¸·Î »ç¿ë µÉ ¼ö ÀÖ´Ù.
[±×¸² 1.] [007 Spy Software] ÀÇ ¼³Á¤ â.
1. Å°º¸µå ÀÔ·Â ¸ð´ÏÅ͸µ.
[±×¸² 2.] , [±×¸² 3.] °ú °°ÀÌ »ç¿ëÀÚ°¡ ÀÔ·ÂÇÑ ¸ðµç Å°º¸µå ÀԷ¿¡ ´ëÇÑ Á¤º¸°¡ ÆÄÀÏ·Î ±â·Ï µÈ´Ù.
[±×¸² 2.] Å°º¸µå ÀÔ·Â ÀúÀå ·Î±×.
[±×¸² 3.] kys.dat ÆÄÀÏ·Î ÀúÀåµÈ Å°º¸µå ÀÔ·Â.
2. À¥»çÀÌÆ® Á¢¼Ó ¸ð´ÏÅ͸µ.
[±×¸² 4.] , [±×¸² 5.] ¿Í °°ÀÌ »ç¿ëÀÚ°¡ Á¢¼ÓÇÑ ¸ðµç »çÀÌÆ® URL¿¡ ´ëÇÑ Á¤º¸°¡ ÆÄÀÏ·Î ±â·Ï µÈ´Ù.
[±×¸² 4.] À¥ »çÀÌÆ® Á¢¼Ó ·Î±×.
[±×¸² 5.] Urls.dat ÆÄÀÏ·Î ÀúÀåµÈ URL »çÀÌÆ®.
3. ¾îÇø®ÄÉÀÌ¼Ç »ç¿ë ¸ð´ÏÅ͸µ.
[±×¸² 6.] , [±×¸² 7.] °ú °°ÀÌ »ç¿ëÀÚ°¡ »ç¿ëÇÑ ¸ðµç ÇÁ·Î±×·¥¿¡ ´ëÇÑ Á¤º¸°¡ ÆÄÀÏ·Î ±â·Ï µÈ´Ù.
[±×¸² 6.] ¾îÇø®ÄÉÀÌ¼Ç »ç¿ë ·Î±×.
[±×¸² 7.] Apps.dat ÆÄÀÏ·Î ÀúÀåµÈ ÇÁ·Î±×·¥ ¸®½ºÆ®.
4. »ç¿ë È¸é ¸ð´ÏÅ͸µ.
[±×¸² 8.] , [±×¸² 9.] , [±×¸² 10.] , [±×¸² 11.] °ú °°ÀÌ »ç¿ëÀÚ°¡ º¸¾Ò´ø ȸéµéÀ» ĸÃÄÇÏ¿© ÆÄÀÏ ¹× »çÁøÀ¸·Î ±â·Ï µÈ´Ù.
[±×¸² 8.] ȸé ĸÃÄ ·Î±×.
[±×¸² 9.] scr.dat ÆÄÀÏ¿¡ ÀúÀåµÈ ĸÃÄ ¸®½ºÆ®.
[±×¸² 10.] [Monitor.007SpySoft.1246154] ¿¡ ÀÇÇØ Ä¸ÃÄ µÈ »ç¿ëÀÚ È¸é1.
[±×¸² 11.] [Monitor.007SpySoft.1246154] ¿¡ ÀÇÇØ Ä¸ÃÄ µÈ »ç¿ëÀÚ È¸é2.
5. ÆÄÀÏ/Æú´õ º¹»ç, »èÁ¦ µîÀÇ ¸ð´ÏÅ͸µ
[±×¸² 12.] , [±×¸² 13.] °ú °°ÀÌ »ç¿ëÀÚ°¡ º¹»ç/»èÁ¦ µîÀÇ »ç¿ë¿¡ ´ëÇÑ Á¤º¸°¡ ÆÄÀÏ·Î ±â·Ï µÈ´Ù.
[±×¸² 12.] ÆÄÀÏ º¹»ç/»èÁ¦ µîÀÇ ·Î±×.
[±×¸² 13.] Flies.dat ¿¡ ÀúÀåµÈ ÆÄÀÏ Á¢±Ù ¸®½ºÆ®.
[Monitor.007SpySoft.1246154] ´Â ´Ù¼öÀÇ Á¤»ó À©µµ¿ì ½Ã½ºÅÛ ÆÄÀÏ/·¹Áö½ºÆ®¸® ¸¦ »ç¿ëÇϹǷΠ¼öµ¿ »èÁ¦½Ã À¯ÀÇÇÏ¿©¾ß ÇÑ´Ù.
< °ü·Ã URL >
http://www.(»ý·«)-software.com/spy_software.htm
< ÆÄÀÏ >
[Monitor.007SpySoft.1246154] ÀÌ(°¡) »ý¼ºÇÏ´Â ÆÄÀÏÀº ¾Æ·¡¿Í °°´Ù.
(ÇÁ·Î±×·¥ Æú´õ)\Common Files\Microsoft Shared\DAO\ssdata\Apps.dat
(ÇÁ·Î±×·¥ Æú´õ)\Common Files\Microsoft Shared\DAO\ssdata\kys.dat
(ÇÁ·Î±×·¥ Æú´õ)\Common Files\Microsoft Shared\DAO\ssdata\lgstat.ini
(ÇÁ·Î±×·¥ Æú´õ)\Common Files\Microsoft Shared\DAO\ssdata\scr.dat
(ÇÁ·Î±×·¥ Æú´õ)\Common Files\Microsoft Shared\DAO\svchost.exe
(½Ã½ºÅÛ Æú´õ)\COMCTL32.OCX
(½Ã½ºÅÛ Æú´õ)\ijl11pro.DLL
(½Ã½ºÅÛ Æú´õ)\MSINET.OCX
(½Ã½ºÅÛ Æú´õ)\VB5STKIT.DLL
(À©µµ¿ì Æú´õ)\winhelp.ini
< ·¹Áö½ºÆ®¸® >
[Monitor.007SpySoft.1246154] ÀÌ(°¡) »ý¼ºÇÏ´Â ·¹Áö½ºÆ®¸®´Â ¾Æ·¡¿Í °°´Ù.
HKLM\SOFTWARE\Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\CLSID\{0713E8A8-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\CLSID\{0713E8D8-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}
HKLM\SOFTWARE\Classes\CLSID\{373FF7F4-EB8B-11CD-8820-08002B2F4F5A}
HKLM\SOFTWARE\Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}
HKLM\SOFTWARE\Classes\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}
HKLM\SOFTWARE\Classes\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}
HKLM\SOFTWARE\Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\CLSID\{58DA8D93-9D6A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\CLSID\{58DA8D96-9D6A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\CLSID\{5ACBB955-5C57-11CF-8993-00AA00688B10}
HKLM\SOFTWARE\Classes\CLSID\{5ACBB956-5C57-11CF-8993-00AA00688B10}
HKLM\SOFTWARE\Classes\CLSID\{5ACBB957-5C57-11CF-8993-00AA00688B10}
HKLM\SOFTWARE\Classes\CLSID\{5ACBB958-5C57-11CF-8993-00AA00688B10}
HKLM\SOFTWARE\Classes\CLSID\{6027C2D4-FB28-11CD-8820-08002B2F4F5A}
HKLM\SOFTWARE\Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}
HKLM\SOFTWARE\Classes\CLSID\{612A8628-0FB3-11CE-8747-524153480004}
HKLM\SOFTWARE\Classes\CLSID\{62823C20-41A3-11CE-9E8B-0020AF039CA3}
HKLM\SOFTWARE\Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\CLSID\{6B7E63A3-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}
HKLM\SOFTWARE\Classes\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}
HKLM\SOFTWARE\Classes\CLSID\{B66834C6-2E60-11CE-8748-524153480004}
HKLM\SOFTWARE\Classes\Interface\{0713E451-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E791-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E8A0-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E8A1-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E8A3-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E8A4-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E8A5-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E8A7-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E8AE-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E8AF-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E8B0-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E8B1-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E8D0-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E8D1-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E944-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E953-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}
HKLM\SOFTWARE\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}
HKLM\SOFTWARE\Classes\Interface\{2C787A50-E01C-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{2C787A52-E01C-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{373FF7F1-EB8B-11CD-8820-08002B2F4F5A}
HKLM\SOFTWARE\Classes\Interface\{373FF7F2-EB8B-11CD-8820-08002B2F4F5A}
HKLM\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}
HKLM\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}
HKLM\SOFTWARE\Classes\Interface\{58DA8D8B-9D6A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{58DA8D8C-9D6A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{58DA8D90-9D6A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{58DA8D91-9D6A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{58DA8D94-9D6A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{58DA8D95-9D6A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{612A8625-0FB3-11CE-8747-524153480004}
HKLM\SOFTWARE\Classes\Interface\{612A8626-0FB3-11CE-8747-524153480004}
HKLM\SOFTWARE\Classes\Interface\{6B7E6390-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{6B7E6391-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{6E1B5150-DB62-11D0-A0D8-0080C7E7B78D}
HKLM\SOFTWARE\Classes\Interface\{7791BA40-E020-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{7791BA42-E020-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{7791BA50-E020-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{7791BA52-E020-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{7791BA60-E020-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{7791BA62-E020-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{8556BCD0-E01E-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{8556BCD2-E01E-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{9ED94441-E5E8-101B-B9B5-444553540000}
HKLM\SOFTWARE\Classes\Interface\{9ED94442-E5E8-101B-B9B5-444553540000}
HKLM\SOFTWARE\Classes\Interface\{BF877890-E026-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{BF877892-E026-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{BF877894-E026-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{BF877896-E026-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{E6E17E80-DF38-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{E6E17E82-DF38-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{E6E17E84-DF38-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{E6E17E86-DF38-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{E6E17E88-DF38-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{E6E17E8A-DF38-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{E6E17E8C-DF38-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{E6E17E8E-DF38-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{EC0AB1C0-6CAB-11CF-8998-00AA00688B10}
HKLM\SOFTWARE\Classes\Interface\{F4D83600-895E-11D0-B0A6-000000000000}
HKLM\SOFTWARE\Classes\Interface\{F4D83601-895E-11D0-B0A6-000000000000}
HKLM\SOFTWARE\Classes\Interface\{F4D83602-895E-11D0-B0A6-000000000000}
HKLM\SOFTWARE\Classes\Interface\{F4D83603-895E-11D0-B0A6-000000000000}
HKLM\SOFTWARE\Classes\Interface\{F4D83604-895E-11D0-B0A6-000000000000}
HKLM\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}
HKLM\SOFTWARE\Classes\TypeLib\{6B7E6392-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\COMCTL.ImageListCtrl
HKLM\SOFTWARE\Classes\COMCTL.ImageListCtrl.1
HKLM\SOFTWARE\Classes\COMCTL.ListViewCtrl
HKLM\SOFTWARE\Classes\COMCTL.ListViewCtrl.1
HKLM\SOFTWARE\Classes\COMCTL.ProgCtrl
HKLM\SOFTWARE\Classes\COMCTL.ProgCtrl.1
HKLM\SOFTWARE\Classes\COMCTL.SBarCtrl
HKLM\SOFTWARE\Classes\COMCTL.SBarCtrl.1
HKLM\SOFTWARE\Classes\COMCTL.Slider
HKLM\SOFTWARE\Classes\COMCTL.Slider.1
HKLM\SOFTWARE\Classes\COMCTL.TabStrip
HKLM\SOFTWARE\Classes\COMCTL.TabStrip.1
HKLM\SOFTWARE\Classes\COMCTL.Toolbar
HKLM\SOFTWARE\Classes\COMCTL.Toolbar.1
HKLM\SOFTWARE\Classes\COMCTL.TreeCtrl
HKLM\SOFTWARE\Classes\COMCTL.TreeCtrl.1
HKLM\SOFTWARE\Classes\InetCtls.Inet
HKLM\SOFTWARE\Classes\InetCtls.Inet.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows LSASS Service: "(ÇÁ·Î±×·¥ Æú´õ)\Common Files\Microsoft Shared\DAO\svchost.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\system32\ijl11pro.DLL: 0x00000001
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\system32\VB5STKIT.DLL: 0x00000001
< Ç¥±â¹ý >
"(¸ðµç »ç¿ëÀÚ°èÁ¤ Æú´õ)" ¶õ »ç¿ëÀÚ ¼³Á¤¿¡ µû¶ó ´Ù¸¦ ¼ö ÀÖÀ¸¸ç ÀϹÝÀûÀ¸·Î
C:\Documents and Settings\(¸ðµç »ç¿ëÀÚ°èÁ¤) ÀÌ´Ù
"(¹ÙÅÁȸé Æú´õ)" ¶õ ¿î¿µÃ¼Á¦¸¶´Ù ´Ù¸¦ ¼ö ÀÖÀ¸¸ç ÀϹÝÀûÀ¸·Î
C:\Documents and Settings\(»ç¿ëÀÚ°èÁ¤)\¹ÙÅÁ ȸé ÀÌ´Ù.
"(ºü¸¥½ÇÇà Æú´õ)" ¶õ ¿î¿µÃ¼Á¦(ȤÀº »ç¿ëÀÚ)¸¶´Ù ´Ù¸¦ ¼ö ÀÖÀ¸¸ç ÀϹÝÀûÀ¸·Î
C:\Documents and Settings\(»ç¿ëÀÚ°èÁ¤)\Application Data\Microsoft\Internet Explorer\Quick Launch ÀÌ´Ù.
"(Àӽà Æú´õ)" ¶õ ¿î¿µÃ¼Á¦¸¶´Ù ´Ù¸¦ ¼ö ÀÖÀ¸¸ç ÀϹÝÀûÀ¸·Î
C:\Documents and Settings\(»ç¿ëÀÚ°èÁ¤)\Local Settings\Temp ÀÌ´Ù.
"(ÇÁ·Î±×·¥ Æú´õ)" ¶õ ¿î¿µÃ¼Á¦¸¶´Ù ´Ù¸¦ ¼ö ÀÖÀ¸¸ç ÀϹÝÀûÀ¸·Î
C:\Program Files ÀÌ´Ù.
¡°(À©µµ¿ì Æú´õ)¡± ¶õ ¿î¿µÃ¼Á¦¸¶´Ù ´Ù¸¦ ¼ö ÀÖÀ¸¸ç ÀϹÝÀûÀ¸·Î
C:\Windows ÀÌ´Ù.
¡°(½Ã½ºÅÛ Æú´õ)¡± ¶õ ¿î¿µÃ¼Á¦¸¶´Ù ´Ù¸¦ ¼ö ÀÖÀ¸¸ç ÀϹÝÀûÀ¸·Î
C:\Windows\System32 ÀÌ´Ù.
|
/ 
