Adware.XP2010.R.345088
| ´Ù¸¥À̸§ | |||
|---|---|---|---|
| ´ëÇ¥Àû Áõ»ó | ½Ã½ºÅÛ ¿À·ù¹ß»ý,¾ÇÀÇÀûÀÎ »ç¿ë°¡´É,ÀçºÎÆýà ÀÚµ¿½ÇÇà,Á¤»ó ÇÁ·Î±×·¥ ¼³Ä¡/¿î¿µ ¹æÇØ,ƯÁ¤ À¥»çÀÌÆ® À̵¿,ÆÄÀÏ »èÁ¦ºÒ°¡,Æ˾÷â Ãâ·Â,ÇÁ·Î±×·¥ »èÁ¦ ºÒ°¡ | ||
| ¹ß°ßÀÏ | ±¹³» : 2010-02-02 ÇØ¿Ü : 2010-02-02 | ||
| ºÐ·ù | Adware | È°µ¿ ¹üÀ§ | |
| À§Çèµµ/È®»êµµ |  /  |
ƯÁ¤ È°µ¿ÀÏ | -- |
| Á¦ÀÛ±¹°¡ | ºÒºÐ¸í | ¾ÏÈ£È ¿©ºÎ | ºñ¾ÏÈ£È |
| °¨¿°À§Ä¡ | À¥ÆäÀÌÁö,ÀÀ¿ëÇÁ·Î±×·¥°ú ÇÔ²² ¼³Ä¡,ÆÄÀϽÇÇà | ½Ã½ºÅÛ ¸Þ¸ð¸® »óÁÖ¿©ºÎ |
|
| ¹ÙÀ̷κ¿ ´ëÀÀÁ¤º¸ |
2010-02-03 [Áø´ÜÄ¡·á°¡´É]
|
||
> [µ¿¿µ»ó ¸®ºä] ÅÇÀ¸·Î À̵¿ÇÏ¿© È®ÀÎ ÇÒ ¼ö ÀÖÀ¸¸ç, ¾à 8ºÐ 41ÃÊÀÇ ¿µ»óÀÔ´Ï´Ù. <
[Adware.XP2010.R.345088] Àº(´Â) ¹æȺ®À» »ç¿ëÇÏÁö ¾Êµµ·Ï ¼³Á¤À» º¯°æÇÏ°í, À©µµ¿ì ¾÷µ¥ÀÌÆ® ȸé°ú À¯»çÇÑ UI¸¦ ÅëÇØ ¼³Ä¡µÈ´Ù.
- ´Ù·®ÀÇ °æ°í¹®±¸¿Í ÇÔ²² ÇãÀ§ °¨¿°·Î±×¸¦ º¸¿©ÁÖ¸ç µî·Ï/°áÁ¦¸¦ ¿ä±¸ÇÑ´Ù. ¶ÇÇÑ, Internet Explorer ½ÇÇà ½Ã ¹«Á¶°Ç µî·Ï/°áÁ¦¸¦ ¿ä±¸ÇÏ°í, µî·Ï/°áÁ¦¸¦ Ãë¼ÒÇÒ °æ¿ì Internet Explorer¸¦ ÀÌ¿ëÇÒ ¼ö ¾ø´Ù. - ÇãÀ§¹é½ÅÀÇ À̸§Àº XP (¹é½Å°ú À¯»çÇÑ À̸§ = ·£´ý¸í) 2010 ÀÌ´Ù. - ÇØ´ç ÇÁ·Î±×·¥À» »èÁ¦ ½Ã exe °ü·Ã ÆÄÀÏÀ» Á¤»óÀûÀ¸·Î ÀÌ¿ëÇÒ ¼ö ¾ø´Ù. [±×¸² 1.] ¹æȺ® º¯°æ È¸é – ½ÇÇà ½Ã ¹æȺ®À» ºñÈ°¼ºÈ ½ÃŲ´Ù.
[±×¸² 2.] ¼³Ä¡ È¸é – ¿Ïº® ÀçÇöÀ» ÅëÇØ ¼³Ä¡ ½Ã ÀǽÉÀ» »çÁö ¾Ê´Â´Ù.
[±×¸² 3.] ½ºÄµ È¸é – 99% ÇѱÛÈ°¡ µÇ¾îÀÖ´Ù.
[±×¸² 4.] ÇãÀ§ ½Ã½ºÅÛ º¸¾È °æ°í – ½ºÄµÀÌ ³¡³ªÀÚ È°¼ºÈ¸¦ ¿ä±¸ÇÑ´Ù.
[±×¸² 5.] µî·Ï¿ä±¸ È¸é – ÇöȤµÈ ¹®±¸·Î µî·ÏÀ» ¿ä±¸ÇÑ´Ù.
[±×¸² 6.] °áÁ¦¿ä±¸ ȸé - 6°³¿ù¿¡ $49.95ÀÌ´Ù. (2/3ÀÏ È¯À²·Î´Â ¾à 57,500¿ø)
[±×¸² 7.] ÀÏÁ¤½Ã°£¸¶´Ù ³ªÅ¸³ª´Â °æº¸ È¸é – ·£´ýÇÑ IPÁÖ¼Ò/Æ÷Æ®¸¦ ¶ç¿ì¸ç ´Ù½Ã ÇÑ ¹ø °áÁ¦¸¦ ¿ä±¸ÇÑ´Ù.
[±×¸² 8.] Internet Explorer ½ÇÇà ½Ã È¸é – ¶Ç!! °áÁ¦¸¦ ¿ä±¸ÇÑ´Ù.
[±×¸² 9.] Internet Explorer ¿À·ù – °áÁ¦¸¦ °ÅºÎÇϸ顦 ¹«¼·°Ôµµ ÀÎÅͳÝÀ» ÀÌ¿ëÇÒ ¼ö ¾ø´Ù.
[±×¸² 10.] ´Ù¾çÇÑ °æ°í ȸé 1
[±×¸² 11.] ´Ù¾çÇÑ °æ°í ȸé 2
[±×¸² 12.] ´Ù¾çÇÑ °æ°í ȸé 3
[±×¸² 13.] ´Ù¾çÇÑ °æ°í ȸé 4
[±×¸² 14.] ´Ù¾çÇÑ °æ°í ȸé 5
[±×¸² 15.] ´Ù¾çÇÑ °æ°í ȸé 6
< °ü·Ã URL > hxxp://(»ý·«).com/1054001112 < ÆÄÀÏ > [Adware.XP2010.R.345088] ÀÌ(°¡) »ý¼ºÇÏ´Â ÆÄÀÏÀº ¾Æ·¡¿Í °°´Ù. (»ç¿ëÀÚ°èÁ¤ Æú´õ)\Local Settings\Application Data\av.exe (»ç¿ëÀÚ°èÁ¤ Æú´õ)\Local Settings\Application Data\PQyt < ·¹Áö½ºÆ®¸® > [Adware.XP2010.R.345088] ÀÌ(°¡) »ý¼ºÇÏ´Â ·¹Áö½ºÆ®¸®´Â ¾Æ·¡¿Í °°´Ù. HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile À̸§ : EnableFirewall °ª : 0x00000000 HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile À̸§ : EnableFirewall °ª : 0x00000000 HKCU\Software\Classes\.exe\shell\open\command °ª : ""(»ç¿ëÀÚ°èÁ¤ Æú´õ)\Local Settings\Application Data\av.exe" /START "%1" %*" HKCU\Software\Classes\.exe\shell\open\command À̸§ : IsolatedCommand °ª : ""%1" %*" HKCU\Software\Classes\.exe\shell\runas\command °ª : ""%1" %*" HKCU\Software\Classes\.exe\shell\runas\command À̸§ : IsolatedCommand °ª : ""%1" %*" HKCU\Software\Classes\.exe\shell\start\command °ª : ""%1" %*" HKCU\Software\Classes\.exe\shell\start\command À̸§ : IsolatedCommand °ª : ""%1" %*" HKCU\Software\Classes\.exe\DefaultIcon °ª : "%1"
À̸§ : Content Type °ª : "application/x-msdownload" HKCU\Software\Classes\secfile\shell\open\command °ª : ""(»ç¿ëÀÚ°èÁ¤ Æú´õ)\Local Settings\Application Data\av.exe" /START "%1" %*" HKCU\Software\Classes\secfile\shell\open\command À̸§ : IsolatedCommand °ª : ""%1" %*" HKCU\Software\Classes\secfile\shell\runas\command °ª : ""%1" %*" HKCU\Software\Classes\secfile\shell\runas\command À̸§ : IsolatedCommand °ª : ""%1" %*" HKCU\Software\Classes\secfile\shell\start\command °ª : ""%1" %*" HKCU\Software\Classes\secfile\shell\start\command À̸§ : IsolatedCommand °ª : ""%1" %*" HKCU\Software\Classes\secfile\DefaultIcon °ª : "%1" HKCU\Software\Classes\secfile °ª : "Application" HKCU\Software\Classes\secfile À̸§ : Content Type °ª : "application/x-msdownload" - º¯°æ Àü ·¹Áö½ºÆ®¸® – HKCU\Software\Classes\.exe °ª : "exefile" HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command °ª : ""(ÇÁ·Î±×·¥ Æú´õ)\Internet Explorer\iexplore.exe"" - º¯°æ ÈÄ ·¹Áö½ºÆ®¸® – HKCU\Software\Classes\.exe °ª : "secfile" HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command °ª : ""(»ç¿ëÀÚ°èÁ¤ Æú´õ)\Local Settings\Application Data\av.exe" /START "(ÇÁ·Î±×·¥Æú´õ)\Internet Explorer\iexplore.exe"" < Ç¥±â¹ý > "(»ç¿ëÀÚ°èÁ¤ Æú´õ)" ¶õ »ç¿ëÀÚ ¼³Á¤¿¡ µû¶ó ´Ù¸¦ ¼ö ÀÖÀ¸¸ç ÀϹÝÀûÀ¸·Î C:\Documents and Settings\(»ç¿ëÀÚ°èÁ¤) ÀÌ´Ù. "(ÇÁ·Î±×·¥ Æú´õ)" ¶õ ¿î¿µÃ¼Á¦¸¶´Ù ´Ù¸¦ ¼ö ÀÖÀ¸¸ç ÀϹÝÀûÀ¸·Î C:\Program Files ÀÌ´Ù.
|
|||
|
|||
|
|||
1. WinXP / ME »ç¿ëÀÚ¶ó¸é ½Ã½ºÅÛ º¹¿ø ±â´ÉÀ» ºñÈ°¼ºÈ ÇÑ´Ù. a. ½Ã½ºÅÛ º¹¿ø ºñÈ°¼ºÈ ¹æ¹ý (WInXP) b. ½Ã½ºÅÛ º¹¿ø ºñÈ°¼ºÈ ¹æ¹ý (WinME) ½Ã½ºÅÛ º¹¿ø ±â´ÉÀ» ºñÈ°¼ºÈ ÇÏ´Â ÀÌÀ¯´Â ±ú²ýÇÏ°Ô ¹ÙÀÌ·¯½º¸¦ Ä¡·áÇϱâ À§ÇؼÀÌ´Ù. °ü·Ã Á¤º¸´Â MS ȨÆäÀÌÁö ±â¼ú¹®¼(Q263455) ¿¡¼ È®ÀÎ ÇÒ ¼ö ÀÖ´Ù. 2. ¹é½Å ¿£ÁøÀ» ÃÖ½ÅÀ¸·Î ¾÷µ¥ÀÌÆ® ÇÑ´Ù. ÀÌ ¹ÙÀÌ·¯½º¸¦ Ä¡·áÇϱâ À§Çؼ´Â ÃÖ½ÅÀÇ ¹é½Å ¿£ÁøÀÌ ÇÊ¿äÇÏ´Ù. a. ¹ÙÀ̷κ¿ Á¤½Ä »ç¿ëÀÚÀÇ °æ¿ì : - Á¦Ç°±ºÀ» ÅëÇØ ¾÷µ¥ÀÌÆ® b. ¹ÙÀ̷κ¿À» »ç¿ëÇÏÁö ¾Ê´Â ÀÏ¹Ý °í°´ - ¶óÀ̺êÄÝ(¹«·á°Ë»ç) »çÀÌÆ®¸¦ ÀÌ¿ëÇÑ ¹ÙÀÌ·¯½º °Ë»ç - ¹ÙÀ̷κ¿ 7ÀÏ Æò°¡ÆÇ ¼³Ä¡ ÈÄ ¹ÙÀÌ·¯½º °Ë»ç 3. ½ºÆÄÀÌ¿þ¾î °Ë»ç¸¦ ÇÑ´Ù. a. ¹ÙÀ̷κ¿À» ½ÇÇàÇÏ¿©, ȯ°æ ¼³Á¤¿¡¼ ½ºÆÄÀÌ / ¾Öµå¿þ¾î °Ë»ç¸¦ ÇÑ´Ù. - Desktop 5.X : [µµ±¸]-[ȯ°æ¼³Á¤]-[½ºÆÄÀÌ¿þ¾î °Ë»ç] ¸ðµç ÆÄÀÏ Ã¼Å© - ¶óÀ̺êÄÝ(¹«·á°Ë»ç) : [°í±Þ°Ë»ç] üũ b. ¹ß°ßµÇ´Â ¸ðµç ½ºÆÄÀÌ¿þ¾î¿¡ ´ëÇؼ Ä¡·áÇÑ´Ù. c. [ÀçºÎÆà ÈÄ ÀÚµ¿ Ä¡·á] ¸Þ½ÃÁö°¡ ³ªÅ¸³µ´Ù¸é ÀçºÎÆÃÀ» ÇÑ ÈÄ¿¡ ´Ù½Ã °Ë»çÇÑ´Ù. |
