|
| <p>Adware/Dropper.Dpnetk32´Â ActiveX Çü½ÄÀ» ÃëÇϸç, <br>
ƯÁ¤ »çÀÌÆ®¿¡ Á¢¼Ó ½Ã »ç¿ëÀÚÀÇ ÀÇ»ç¿Í °ü°è¾øÀÌ ¼³Ä¡ µÇ¸ç,<br>
¼³Ä¡ °úÁ¤¿¡¼µµ ¼³Ä¡°úÁ¤À» Ç¥½Ã ÇÏÁö ¾Ê´Â µî ÀºÆóÀûÀ¸·Î <br>
¼³Ä¡µµ´Â ¾Ç¼ºÄÚµåÀÌ´Ù.<br>
¼³Ä¡ ÀÌÈÄ, ·¹Áö½ºÆ®¸® ½ÃÀÛ Ç׸ñ¿¡ µî·ÏµÇ¾î ÀÛµ¿ÇÏ°í <br>
´Ù¸¥ ¾Ç¼ºÄÚµåµéÀ» Drop ÇÑ´Ù. <br>
¶ÇÇÑ Æ¯Á¤ »çÀÌÆ®¿¡ Á¢¼Ó ½Ã »ç¿ëÀÚ°¡ À̵¿ ÇÑ »çÀÌÆ®¿¡¼ <br>
¸µÅ©½ÃŲ °Í ó·³ À§Àå ÇÏ¿© <br>
´Ù¸¥ ¾ÇÀÇÀûÀÎ ÇÁ·Î±×·¥À» »ç¿ëÀÚ¿¡°Ô ¹«ÀǽÄÀûÀ¸·Î <br>
´Ù¿î·Îµå ¹Þµµ·Ï ÇÏ´Â ¾Ç¼ºÄÚµåÀÌ´Ù. <br>
<br>
ÀÌ´Â<br>
1) À¥ºê¶ó¿ìÀúÀÇ È¨ÆäÀÌÁö ¼³Á¤À̳ª °Ë»ö ¼³Á¤À» º¯°æ ¶Ç´Â <br>
½Ã½ºÅÛ ¼³Á¤ º¯°æÇÏ´Â ÇàÀ§ <br>
2) ƯÁ¤ »çÀÌÆ®ÀÇ ¸í¿¹¸¦ ȸ¼Õ ½ÃÅ°´Â ÇàÀ§ <br>
3) »ç¿ëÀÚÀÇ Àǵµ¿Í »ó°ü ¾øÀÌ ÀºÆóÀûÀÎ ¼³Ä¡ °üÁ¤ ¾øÀÌ <br>
¼³Ä¡µÈ ÇàÀ§¿¡ ÇØ´çÇÏ¿©, ¾Ç¼ºÄÚµå·Î ±¸ºÐ µÈ´Ù. <br>
<br>
<img border="0" src="http://www.everyzone.com/info/images/badcode/bad1.gif" width="500" height="420"><br>
</p>
<p><img border="0" src="http://www.everyzone.com/info/images/badcode/bad2.gif" width="500" height="420"><br>
</p>
<p>-ƯÁ¤ »çÀÌÆ® Á¢¼Ó ½Ã ÇØ´ç »çÀÌÆ®¿Í ¹«°üÇÏ°Ô ¸µÅ©¸¦ °É¾î <br>
À¯ÇØÁ¤º¸¸¦ À¯Æ÷ÇÏ´Â °Íó·³ º¸ÀÌ°Ô ÇÔ<br>
<br>
<font color="#FF00FF"><b>[»ý¼º ÆÄÀÏ] </b></font><br>
%system%\dpnetk32.dll<br>
%system%\scmsg.dll<br>
%system%\scrun.exe<br>
%system%\dpnetk32.dll<br>
%system%\shellexp.dll<br>
%system%\d3dref92.sys<br>
%system%\softntmp0103.dll<br>
%system%\a.exe<br>
%system%\saycode.ini<br>
%system%\sysubs8.sys<br>
<br>
<img border="0" src="http://www.everyzone.com/info/images/badcode/bad4.gif" width="500" height="373"><br>
</p>
<p>- c:\windows\system32 Æú´õ¿¡ ¾Ç¼º ÆÄÀÏÀ» <br>
´Ù¿î·Îµå ÇÔ<br>
<br>
<br>
<font color="#FF00FF"><b>[»ý¼º ·¹Áö] </b></font><br>
Microsoft.DirectMusic.Dpnet32 <br>
Microsoft.DirectMusic.Dpnet32.1<br>
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E79A1FC3-<br>
E75F-464b-993C-8D539BC3678F}<br>
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\<br>
ActiveX Compatibility\{BBF122A7-8A4D-45B5-9E00-0F68BC87C904}<br>
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurredntVersion<br>
\Ext\Stats\{E79A1FC3-E75F-464B-993C-8D539BC3678F}<br>
HKEY_CLASSES_ROOT\TypeLib\{A6B0F76D-F060-4AD3-9F9A-<br>
31E047763ED6}<br>
HKEY_CLASSES_ROOT\Interface\{B22907DB-4D33-4658-<br>
9814-BA1767C12420}<br>
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig<br>
\startupreg\SAYCODE<br>
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current<br>
Version\Run SAYCODE <br>
<br>
<img border="0" src="http://www.everyzone.com/info/images/badcode/bad3.gif" width="500" height="420"><br>
</p>
<p>- ÀÎÅÍ³Ý ¼³Á¤¸¦ º¯°æÇÏ¿© ÀͽºÇ÷η¯ ½ÇÇà½Ã ÀÚµ¿À¸·Î ·ÎµùµÇ°Ô ÇÔ<br>
<br>
<br>
<br>
°æ·Î´Â ¾Æ·¡¸¦ ÂüÁ¶ ÇÑ´Ù. <br>
%windows% <br>
c:\windows <br>
%program% <br>
C:\Documents and Settings\(username)\½ÃÀÛ ¸Þ´º\ÇÁ·Î±×·¥ <br>
%system% <br>
C:\windows\system32 <br>
%prog% <br>
C:\Program Files <br>
%currentuser% <br>
C:\Documents and Settings\(username) <br>
%startmenu% <br>
C:\Documents and Settings\(username)\½ÃÀÛ ¸Þ´º <br>
</p>
|
|
|
