|
¡à °³¿ä
ÃÖ±Ù P2P °øÀ¯¸¦ ÅëÇÏ¿© ÀüÆĵǴ ·Ð´Ù¿úÀÇ º¯Á¾ÀÌ ÃâÇöÇÏ¿© ÁÖÀÇ°¡ ÇÊ¿äÇÔ
°¨¿° ½Ã, ¿úÀÌ ½ÇÇàµÈ Æú´õ ¹× ÇÏÀ§ Æú´õ°¡ »èÁ¦µÇ°í ƯÁ¤ ·¹Áö½ºÆ®¸®¸¦ º¯°æ ¹× Ãß°¡Çϸç
exe, wmv, mp3, mpeg µîÀÇ ÆÄÀÏÀÌ Á¤»óÀûÀ¸·Î ¿¸®Áö ¾ÊÀ½
P2P »ç¿ëÀÚ´Â ÃֽŠ¿µÈ ÆÄÀÏÀ̳ª À½¿ø ÆÄÀÏ ´Ù¿î·Îµå ½Ã ¹é½Å °Ë»ç¸¦ ÅëÇØ È®ÀÎÇÑ ÈÄ
½ÇÇà½Ãų °ÍÀ» ±ÇÀåÇÔ
¡à ÀüÆÄ ¹æ¹ý
o QFile P2P °øÀ¯Æú´õ¸¦ ÅëÇÏ¿© ÀüÆÄ
- ÇØ´ç ¿úÀº °¨¿° ½Ã QFileÀÇ P2P °øÀ¯Æú´õ¿¡ ÀÚ½ÅÀ» Á¤»óÀûÀÎ ÆÄÀÏ·Î À§ÀåÇÏ¿© °øÀ¯½ÃÅ´
¡Ø P2P »ç¿ëÀÚ°¡ ÇØ´ç ÆÄÀÏÀ» °Ë»ö ¹× ´Ù¿î·ÎµåÇÏ¿© ½ÇÇà½Ãų °æ¿ì °¨¿°µÊ
¡Ø c:\Program Files\QFile\Upload\ Æú´õ À§Ä¡¿¡ ¾Æ·¡ À̸§À¸·Î ¾Ç¼ºÆÄÀÏ »ý¼º ¹×
°øÀ¯ÇÔ
¡Ø ´Ù¸¥ º¯Á¾ÀÇ °æ¿ì QFile ÀÌ¿Ü¿¡ ´Ù¸¥ P2P ÇÁ·Î±×·¥À» ÅëÇÏ¿© ÀüÆÄµÉ ¼ö ÀÖÀ¸¹Ç·Î,
P2P¸¦ ÅëÇÑ ÆÄÀÏ ´Ù¿î·Îµå ½Ã ÁÖÀÇ°¡ ÇÊ¿äÇÔ
4.4.4..CD1.avi-.exe
4.4.4..CD1.smi-.exe
4.4.4..CD2.avi-.exe
4.4.4..CD2.smi-.exe
Daniel Powter - Free Loop.mp3-.exe
muse - uno.mp3-.exe
[The Fray] - How To Save a Life.mp3-.exe
±×´ë¸¦ ¾Ë°í - ¾çÆÄ.mp3-.exe
±â´ã1.CD1.avi-.exe
±â´ã1.CD1.smi-.exe
±â´ã1.CD2.avi-.exe
±â´ã1.CD2.smi-.exe
´«¹° - M.C. The Max.mp3-.exe
´ÙÀÌÇϵå4.0.CD1.avi-.exe
´ÙÀÌÇϵå4.0.CD1.smi-.exe
´ÙÀÌÇϵå4.0.CD2.avi-.exe
´ÙÀÌÇϵå4.0.CD2.smi-.exe
µð¼¾Æ®.CD1.avi-.exe
µð¼¾Æ®.CD1.smi-.exe
µð¼¾Æ®.CD2.avi-.exe
µð¼¾Æ®.CD2.smi-.exe
µð¿ö.CD1.avi-.exe
µð¿ö.CD1.smi-.exe
µð¿ö.CD2.avi-.exe
µð¿ö.CD2.smi-.exe
»ç¶û..±×°Ô ¹ºµ¥ - ¾çÆÄ.mp3-.exe
»ç¶û¾ÎÀÌ - F.T Island.mp3-.exe
»ç¶ûÀº °¡½¿ÀÌ ½ÃŲ´Ù Part.2 - BUZZ.mp3-.exe
»ç¶ûÀÇ Àλç - ¾¾¾ß (SeeYa).mp3-.exe
¼¤.CD1.avi-.exe
¼¤.CD1.smi-.exe
¼¤.CD2.avi-.exe
¼¤.CD2.smi-.exe
¿ì¾ÆÇѼ¼°è1.CD1.avi-.exe
¿ì¾ÆÇѼ¼°è1.CD1.smi-.exe
¿ì¾ÆÇѼ¼°è1.CD2.avi-.exe
¿ì¾ÆÇѼ¼°è1.CD2.smi-.exe
Æ®·£½ºÆ÷¸Ó.CD1.avi-.exe
Æ®·£½ºÆ÷¸Ó.CD1.smi-.exe
Æ®·£½ºÆ÷¸Ó.CD2.avi-.exe
Æ®·£½ºÆ÷¸Ó.CD2.smi-.exe
Çظ®Æ÷ÅͿͺһçÁ¶±â»ç´Ü.CD1.avi-.exe
Çظ®Æ÷ÅͿͺһçÁ¶±â»ç´Ü.CD1.smi-.exe
Çظ®Æ÷ÅͿͺһçÁ¶±â»ç´Ü.CD2.avi-.exe
Çظ®Æ÷ÅͿͺһçÁ¶±â»ç´Ü.CD2.smi-.exe
È·ÁÇÑÈÞ°¡.CD1.avi-.exe
È·ÁÇÑÈÞ°¡.CD1.smi-.exe
È·ÁÇÑÈÞ°¡.CD2.avi-.exe
È·ÁÇÑÈÞ°¡.CD2.smi-.exe
¡à ¾Ç¼º ±â´É
o ÆÄÀÏ »ý¼º
- C:\ Æú´õ ¾Æ·¡ You_want_to_die.log ÆÄÀÏÀ» »ý¼ºÇÔ
o ÆÄÀÏ »èÁ¦
- °¨¿° ½Ã, "C:\Documents and Settings\"·Î±×ÀξÆÀ̵ð"\¹ÙÅÁ ȸé" Æú´õ¿Í ÇÏÀ§ Æú´õ ³»ÀÇ
ÆÄÀϵéÀ» ¸ðµÎ »èÁ¦ÇÔ
- rstrui.exe ÆÄÀÏÀ» »èÁ¦ÇÏ¿© ½Ã½ºÅÛ º¹¿øÀ» ¹æÇØÇÔ
%½Ã½ºÅÛÆú´õ%Restore\rstrui.exe
%½Ã½ºÅÛÆú´õ%dllcache\rstrui.exe
%À©µµ¿ìÆú´õ%ServicePackFiles\i386\
- Favorites Æú´õ³»ÀÇ ÆÄÀϵéÀ» »èÁ¦ÇÔ
o ºÎÆà ½Ã °è¼ÓÀûÀÎ È°µ¿À» À§ÇÏ¿©, ·¹Áö½ºÆ®¸®¿¡ µî·Ï
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ¿¡
windows À̸§À¸·Î ÀÚ½ÅÀ» µî·ÏÇÔ
o ¾Æ·¡ÀÇ ·¹Áö½ºÆ®¸®¸¦ º¯°æ ¹× Ãß°¡ÇÏ¿© exe ÆÄÀÏÀÌ Á¤»óÀûÀ¸·Î ½ÇÇàµÇÁö ¾Êµµ·Ï Çϰųª
wmv,mp3,mpeg ÆÄÀϵîÀÌ Á¤»óÀûÀ¸·Î ¿¸®Áö ¾Êµµ·Ï ÇÔ
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WMVFile\shell\open\command]
"C:\Program Files\Windows Media Player\wmplayer.exe" ¸¦
"C:\Windows\ronda" %1 ·Î º¯°æ
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\wmafile\shell\open\command]
"C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:5... ¸¦
"C:\Windows\ronda" %1 ·Î º¯°æ
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\mpegfile\shell\open\command]
"C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:9... ¸¦
"C:\Windows\ronda" %1 ·Î º¯°æ
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\mp3file\shell\open\command]
"C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:6... ¸¦
"C:\Windows\ronda" %1 ·Î º¯°æ
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
"%1" %* ¸¦ "C:\Windows\ronda" %1 ·Î º¯°æ
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\wavfile\shell\open\command]
"C:\Windows\ronda" %1
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\smifile\shell\open\command]
"C:\Windows\ronda" %1
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\plsfile\shell\open\command]
"C:\Windows\ronda" %1
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\oggfile\shell\open\command]
"C:\Windows\ronda" %1
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\mpgfile\shell\open\command]
"C:\Windows\ronda" %1
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\mp2file\shell\open\command]
"C:\Windows\ronda" %1
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\movfile\shell\open\command]
"C:\Windows\ronda" %1
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\logfile\shell\open\command]
"C:\Windows\ronda" %1
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\emlfile\shell\open\command]
"C:\Windows\ronda" %1
o »çÀÌÆ® Á¢¼Ó
- file.ze.to »çÀÌÆ®·Î Á¢¼ÓÇÔ
¡à Ä¡·á ¹æ¹ý
Step 1) "½ÃÀÛ" -> "¸ðµç ÇÁ·Î±×·¥" -> "º¸Á¶ ÇÁ·Î±×·¥" -> "¸í·É ÇÁ·ÒÇÁÆ®" ¼±ÅÃ
Step 2) ¿¬°á ÇÁ·Î±×·¥ÀÌ ¶ß¸é "ã¾Æº¸±â" ¿¡¼ %½Ã½ºÅÛÆú´õ% ÀÇ cmd.exe ½ÇÇà
Step 3) cmd.exe °¡ ½ÇÇàµÇ¸é ¾Æ·¡ÀÇ ½ºÅ©¸³Æ®¸¦ ½ÇÇà
¡Ø ¾Æ·¡ÀÇ ½ºÅ©¸³Æ®¸¦ "º¹»ç"ÇÏ¿© cmd.exe â¿¡¼ "ºÙ¿©³Ö±â" ÇÔ
REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Run\ /v windows /f
REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\wavfile\ /f
REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\smifile\ /f
REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\plsfile\ /f
REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\oggfile\ /f
REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\mpgfile\ /f
REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\mp2file\ /f
REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\movfile\ /f
REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\logfile\ /f
REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\emlfile\ /f
REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WMVFile\
shell\open\command\ /ve /f
REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\wmafile\
shell\open\command\ /ve /f
REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\wmafile\
shell\open\command\ /ve /f
REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\mpegfile\
shell\open\command\ /ve /f
REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\mp3file\
shell\open\command\ /ve /f
REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\
shell\open\command\ /ve /f
REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WMVFile\
shell\open\command\ /ve /d "C:\Program Files\
Windows Media Player\wmplayer.exe"
REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Classes\wmafile\
shell\open\command\ /ve /d "C:\Program Files\
Windows Media Player\wmplayer.exe"
REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Classes\mpegfile\
shell\open\command\ /ve /d "C:\Program Files\
Windows MediaPlayer\wmplayer.exe"
REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Classes\mp3file\
shell\open\command\ /ve /d "C:\Program Files\
Windows Media Player\wmplayer.exe"
REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\
shell\open\command\ /ve /d "%1"
Step 4) ¿úÀÌ »ý¼ºÇÑ ¾Æ·¡ÀÇ ÆÄÀÏ »èÁ¦
- C:\Program Files\QFile\Upload\ Æú´õ À§Ä¡ÀÇ ¾Æ·¡ÀÇ ÆÄÀÏ »èÁ¦
4.4.4..CD1.avi-.exe
4.4.4..CD1.smi-.exe
4.4.4..CD2.avi-.exe
4.4.4..CD2.smi-.exe
Daniel Powter - Free Loop.mp3-.exe
muse - uno.mp3-.exe
[The Fray] - How To Save a Life.mp3-.exe
±×´ë¸¦ ¾Ë°í - ¾çÆÄ.mp3-.exe
±â´ã1.CD1.avi-.exe
±â´ã1.CD1.smi-.exe
±â´ã1.CD2.avi-.exe
±â´ã1.CD2.smi-.exe
´«¹° - M.C. The Max.mp3-.exe
´ÙÀÌÇϵå4.0.CD1.avi-.exe
´ÙÀÌÇϵå4.0.CD1.smi-.exe
´ÙÀÌÇϵå4.0.CD2.avi-.exe
´ÙÀÌÇϵå4.0.CD2.smi-.exe
µð¼¾Æ®.CD1.avi-.exe
µð¼¾Æ®.CD1.smi-.exe
µð¼¾Æ®.CD2.avi-.exe
µð¼¾Æ®.CD2.smi-.exe
µð¿ö.CD1.avi-.exe
µð¿ö.CD1.smi-.exe
µð¿ö.CD2.avi-.exe
µð¿ö.CD2.smi-.exe
»ç¶û..±×°Ô ¹ºµ¥ - ¾çÆÄ.mp3-.exe
»ç¶û¾ÎÀÌ - F.T Island.mp3-.exe
»ç¶ûÀº °¡½¿ÀÌ ½ÃŲ´Ù Part.2 - BUZZ.mp3-.exe
»ç¶ûÀÇ Àλç - ¾¾¾ß (SeeYa).mp3-.exe
¼¤.CD1.avi-.exe
¼¤.CD1.smi-.exe
¼¤.CD2.avi-.exe
¼¤.CD2.smi-.exe
¿ì¾ÆÇѼ¼°è1.CD1.avi-.exe
¿ì¾ÆÇѼ¼°è1.CD1.smi-.exe
¿ì¾ÆÇѼ¼°è1.CD2.avi-.exe
¿ì¾ÆÇѼ¼°è1.CD2.smi-.exe
Æ®·£½ºÆ÷¸Ó.CD1.avi-.exe
Æ®·£½ºÆ÷¸Ó.CD1.smi-.exe
Æ®·£½ºÆ÷¸Ó.CD2.avi-.exe
Æ®·£½ºÆ÷¸Ó.CD2.smi-.exe
Çظ®Æ÷ÅͿͺһçÁ¶±â»ç´Ü.CD1.avi-.exe
Çظ®Æ÷ÅͿͺһçÁ¶±â»ç´Ü.CD1.smi-.exe
Çظ®Æ÷ÅͿͺһçÁ¶±â»ç´Ü.CD2.avi-.exe
Çظ®Æ÷ÅͿͺһçÁ¶±â»ç´Ü.CD2.smi-.exe
È·ÁÇÑÈÞ°¡.CD1.avi-.exe
È·ÁÇÑÈÞ°¡.CD1.smi-.exe
È·ÁÇÑÈÞ°¡.CD2.avi-.exe
È·ÁÇÑÈÞ°¡.CD2.smi-.exe
|
