- 바이러스 정보
- 터보백신에서 분석한 바이러스 위협 정보, 보안 통계를 확인할 수 있습니다.
- 이름
- Worm-W32/Kelvir.69632
- 바이러스 종류
- Worm
- 실행환경
- Windows
- 증상요약
- 비주얼 베이직으로 제작되었으며, 시스템 수행 속도를 떨어뜨리고 MSN 메신저로 전파되는 웜이다.
- 위험등급
- 높음
- 확산방법
- MSN 메신저
- 치료방법
- <span class="style4">터보백신 제품군으로 진단/치료 가능합니다.</span><br>
- ※ 상세 설명
- 메신저에 나타난 링크를 클릭 하면 screensaver.scr 파일을 다운로드 받는 웹싸이트로 연결된다.<br>
<br>
감염된 시스템은 Msn 메신저 대화 상대 리스트를 수집하여 웜을 내려 받을수 있는
주소를 무작위로 보내게 된다.<br>
<br>
<br>
<br><img src="http://www.everyzone.com/info/virus_db/images/Worm_W32_Kelvir_69632_MSN.jpg" border="0">
<br>
<br>
Msn 메신저로 보내지는 내용은 다음 과 같다.
<br>
> Why should u do this, this is very strange. I just checked, i cant believe it. :|<br>
> http://checkthis.ubb.cc/
<br>
> This is some kind of new movie, it must come out in 2 weeks, Preview! :<br>
> http://check.100mbitde.info/
<br>
> Why should u do this, this is very strange. I just checked, i cant believe it. :|<br>
> http://OMG.100mbitde.info/
<br>
> This is some kind of new movie, it must come out in 2 weeks, Preview! :<br>
> http://checkthis.100mbitde.info/
<br>
> This link, got it from someone in my list. I checked it out, very weird movie lol.<br>
> http://checkthis.100mbitde.info/
<br>
> Why should u do this, this is very strange. I just checked, i cant believe it. :|<br>
> http://checkthis.ubb.cc/
<br>
> :D This is so cool!<br>
> http://checkthis.100mbitde.info/
<br>
> :D This is so cool!<br>
> http://OMG.100mbitde.info/
<br>
> :D This is so cool!<br>
> http://checkthis.ubb.cc/
<br>
> This link, got it from someone in my list. I checked it out, very weird movie lol.<br>
> http://checkthis.dd.vg/
<br>
> :D This is so cool!<br>
> http://checkthis.100mbitde.info/
<br>
> :D This is so cool!<br>
> http://check.100mbitde.info/
<br>
> This is some kind of new movie, it must come out in 2 weeks, Preview! :<br>
> http://OMG.100mbitde.info/
<br>
> This is some kind of new movie, it must come out in 2 weeks, Preview! :<br>
> http://check.100mbitde.info/
<br>
> This is some kind of new movie, it must come out in 2 weeks, Preview! :<br>
> http://checkthis.dd.vg/
<br>
> This is some kind of new movie, it must come out in 2 weeks, Preview! :<br>
> http://checkthis.dd.vg/
<br>
웜이 실행 되면 윈도우폴더(win 2000, NT : c:\Winnt, win XP : c:\windows, win 95/98/me : c:\windows)에
hosts.exe 파일을 생성한다.<br>
<br>
또한 다음처럼 레지스트를 수정, 다음 부팅시 실행되도록 조작한다. <br>
<br>
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
항목에 <br>
<br>
(win9x의 경우) <br>
Windows Hosts = c:\windows\hosts.exe<br>
<br>
(win2000, NT의 경우) <br>
Windows Hosts = c:\winnt\hosts.exe<br>
<br>
(WinXP의 경우) <br>
Windows Hosts = c:\windows\hosts.exe<br>
<br>
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
항목에<br>
<br>
(win9x의 경우) <br>
Windows Hosts = c:\windows\hosts.exe<br>
<br>
(win2000, NT의 경우) <br>
Windows Hosts = c:\winnt\hosts.exe<br>
<br>
(WinXP의 경우) <br>
Windows Hosts = c:\windows\hosts.exe<br>
<br>
또한 다음처름 바이러스 백신과 보안제품의 서비스가 실행되면 강제 종료 시키게 된다.<br>
<br>
Ahnlab Task Scheduler <br>
altiris client service <br>
ANTIVIR <br>
ATRACK <br>
avast! antivirus <br>
avast! iavs4 control service <br>
AVCONSOL <br>
AVG6 Service <br>
AVG7 Alert Manager Server <br>
AVG7 Update Service <br>
AVP control center service <br>
AVP.EXE <br>
AVP32 <br>
AVSync Manager <br>
AVSYNMGR <br>
Background Intelligent Transfer Service <br>
BlackICE <br>
CFINET <br>
CFINET32 <br>
DefWatch <br>
Detector de OfficeScanNT <br>
dllhost <br>
eTrust Antivirus Job Server <br>
etrust antivirus job server <br>
eTrust Antivirus Realtime Server<br>
etrust antivirus realtime server <br>
eTrust Antivirus RPC Server <br>
etrust antivirus rpc server <br>
fix-it task manager <br>
F-PROT95 <br>
FP-WIN <br>
F-STOPW <br>
fxsvc <br>
IAMAPP <br>
ICMON <br>
intel file transfer <br>
intel pds <br>
internet pr0tocol <br>
IOMON98 <br>
IPSEC Policy Agent <br>
Kaspersky <br>
Kaspersky Antivirus <br>
Kaspersky Anti-Virus <br>
kaspersky auto protect service <br>
Kaspersky Client <br>
KAV Moniter Service <br>
kerio personal firewall <br>
Kingsoft AntiVirus Service <br>
LOCKDOWN2000 <br>
LUALL <br>
LUCOMSERVER <br>
MCAFEE <br>
McAfee Agent <br>
mcafee framework service <br>
McAfee.com McShield <br>
McAfee.com VirusScan Online Realtime Engine <br>
McShield <br>
MonSvcNT <br>
msclol2 <br>
msclol8 <br>
NAV Alert <br>
NAV Auto-Protect <br>
NAVAPSVC <br>
NAVAPW32 <br>
NAVRUNR <br>
NAVW32 <br>
NAVWNT <br>
NISSERV <br>
NISUM <br>
NMAIN <br>
NORTON <br>
Norton AntiVirus Auto Protect Service <br>
Norton Antivirus Auto Protect Service <br>
Norton AntiVirus Client <br>
Norton AntiVirus Corporate Edition <br>
Norton AntiVirus Server <br>
Norton Internet Security Accounts Manager <br>
Norton Internet Security Proxy Service <br>
Norton Internet Security Proxy Srvice <br>
Norton Internet Security Service <br>
Norton Internet Security service <br>
Norton Unerase Protection <br>
NVC95 <br>
nvscv <br>
officescannt listener <br>
OfficeScanNT Monitor <br>
officescannt realtime scan <br>
outpost firewall service <br>
Panda Antivirus <br>
pcanywhere host service <br>
PC-cillin Personal Firewall <br>
PCCIOMON <br>
PCCMAIN <br>
PCCWIN98 <br>
POP3TRAP <br>
PVIEW95 <br>
Quick Heal Online Protection <br>
RemoteAgent <br>
RESCUE32 <br>
Rising Process Communication Center <br>
rising process communication center <br>
Rising Realtime Monitor Service <br>
rising realtime monitor service <br>
rundll <br>
SAFEWEB <br>
savroam <br>
ScriptBlocking Service <br>
scvhost <br>
secur2 <br>
Security Center <br>
Serv-U FTP Server <br>
snake sockproxy service <br>
Sophos Anti-Virus <br>
Sophos Anti-Virus Network <br>
Sygate Personal Firewall <br>
Sygate Personal Firewall Pro <br>
SyGateService <br>
symantec antivirus<br>
Symantec AntiVirus Client <br>
symantec central quarantine <br>
Symantec Event Manager <br>
Symantec Proxy Service <br>
symantec quarantine agent <br>
symantec quarantine scanner <br>
SYMPROXYSVC <br>
syslock <br>
System Event Notification <br>
systemsecuritydll <br>
Trend Micro Proxy Service <br>
Trend NT Realtime Service <br>
TrueVector Internet Monitor <br>
V3MonNT <br>
V3MonSvc <br>
ViRobot Expert Monitoring <br>
ViRobot Lite Monitoring <br>
ViRobot Professional Monitoring <br>
vnc server <br>
VSHWIN32 <br>
VSSTAT <br>
WEBSCANX <br>
WEBTRAP <br>
Windows Firewall <br>
Windows Internet Connection Sharing(ICS) <br>
WMDM PMSP Service <br>
ZoneAlarm <br>
- ※ 예방 및 수동 조치 방법
-
- 본 컨텐츠에 대한 저작권은 '에브리존'에게 있으며 이에 무단 사용 및 재배포를 금지합니다.
- 본 컨텐츠에 대한 이용 문의는 '에브리존'으로 문의하여 주십시요
