- 바이러스 정보
- 터보백신에서 분석한 바이러스 위협 정보, 보안 통계를 확인할 수 있습니다.
- 이름
- Worm-W32/Kelvir.73728
- 바이러스 종류
- Worm
- 실행환경
- Windows
- 증상요약
- Worm-W32/Kelvir.69632의 변종웜으로 시스템 수행 속도를 떨어뜨리고 Msn 메신저를 통해 전파되는 웜이다.
- 위험등급
- 보통
- 확산방법
- MSN 메신저
- 치료방법
- <span class="style4">터보백신 제품군으로 진단/치료 가능합니다.</span><br>
<br>
- ※ 상세 설명
- 메신저에 나타난 링크를 클릭 하면 screensaver.scr 파일을 다운로드 받는 웹싸이트로 연결된다.
감염된 시스템은 Msn 메신저 대화 상대 리스트를 수집하여 웜을 내려 받을수 있는
주소를 무작위로 보내게 된다.
Msn 메신저로 보내지는 내용은 다음 과 같다.
> Why should u do this, this is very strange. I just checked, i cant believe it. :|
> http://checkthis.ubb.cc/
> This is some kind of new movie, it must come out in 2 weeks, Preview! :
> http://check.100mbitde.info/
> Why should u do this, this is very strange. I just checked, i cant believe it. :|
> http://OMG.100mbitde.info/
> This is some kind of new movie, it must come out in 2 weeks, Preview! :
> http://checkthis.100mbitde.info/
> This link, got it from someone in my list. I checked it out, very weird movie lol.
> http://checkthis.100mbitde.info/
> Why should u do this, this is very strange. I just checked, i cant believe it. :|
> http://checkthis.ubb.cc/
> :D This is so cool!
> http://checkthis.100mbitde.info/
> Nice site, i love it
http://checkthis.100mbitde.info/
> :D This is so cool!
> http://OMG.100mbitde.info/
> Ilove u,look what i made
> http://checkthis.ubb.cc/
> :D This is so cool!
> http://checkthis.ubb.cc/
> This link, got it from someone in my list. I checked it out, very weird movie lol.
> http://checkthis.dd.vg/
> :D This is so cool!
> http://checkthis.100mbitde.info/
> :D This is so cool!
> http://check.100mbitde.info/
> This is some kind of new movie, it must come out in 2 weeks, Preview! :
> http://OMG.100mbitde.info/
> This is some kind of new movie, it must come out in 2 weeks, Preview! :
> http://check.100mbitde.info/
> This is some kind of new movie, it must come out in 2 weeks, Preview! :
> http://checkthis.dd.vg/
> This is some kind of new movie, it must come out in 2 weeks, Preview! :
> http://checkthis.dd.vg/
웜이 실행 되면 윈도우폴더(win 2000, NT : c:\Winnt, win XP : c:\windows, win 95/98/me : c:\windows)에
svchosts32.exe(73,728 Byte) 파일을 생성한다.
또한 다음처럼 레지스트를 수정, 다음 부팅시 실행되도록 조작한다.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
항목에
(win9x의 경우)
Windows Host Service = c:\windows\hosts.exe
(win2000, NT의 경우)
Windows Host Service = c:\winnt\svchosts32.exe
(WinXP의 경우)
Windows Host Service = c:\windows\svchosts32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
항목에
(win9x의 경우)
Windows Host Service = c:\windows\svchosts32.exe
(win2000, NT의 경우)
Windows Host Service = c:\winnt\svchosts32.exe
(WinXP의 경우)
Windows Host Service = c:\windows\svchosts32.exe
또한 다음처름 바이러스 백신과 보안제품의 서비스가 실행되면 강제 종료 시키게 된다.
Ahnlab Task Scheduler
altiris client service
ANTIVIR
ATRACK
avast! antivirus
avast! iavs4 control service
AVCONSOL
AVG6 Service
AVG7 Alert Manager Server
AVG7 Update Service
AVP control center service
AVP.EXE
AVP32
AVSync Manager
AVSYNMGR
Background Intelligent Transfer Service
BlackICE
CFINET
CFINET32
DefWatch
Detector de OfficeScanNT
dllhost
eTrust Antivirus Job Server
etrust antivirus job server
eTrust Antivirus Realtime Server
etrust antivirus realtime server
eTrust Antivirus RPC Server
etrust antivirus rpc server
fix-it task manager
F-PROT95
FP-WIN
F-STOPW
fxsvc
IAMAPP
ICMON
intel file transfer
intel pds
internet pr0tocol
IOMON98
IPSEC Policy Agent
Kaspersky
Kaspersky Antivirus
Kaspersky Anti-Virus
kaspersky auto protect service
Kaspersky Client
KAV Moniter Service
kerio personal firewall
Kingsoft AntiVirus Service
LOCKDOWN2000
LUALL
LUCOMSERVER
MCAFEE
McAfee Agent
mcafee framework service
McAfee.com McShield
McAfee.com VirusScan Online Realtime Engine
McShield
MonSvcNT
msclol2
msclol8
NAV Alert
NAV Auto-Protect
NAVAPSVC
NAVAPW32
NAVRUNR
NAVW32
NAVWNT
NISSERV
NISUM
NMAIN
NORTON
Norton AntiVirus Auto Protect Service
Norton Antivirus Auto Protect Service
Norton AntiVirus Client
Norton AntiVirus Corporate Edition
Norton AntiVirus Server
Norton Internet Security Accounts Manager
Norton Internet Security Proxy Service
Norton Internet Security Proxy Srvice
Norton Internet Security Service
Norton Internet Security service
Norton Unerase Protection
NVC95
nvscv
officescannt listener
OfficeScanNT Monitor
officescannt realtime scan
outpost firewall service
Panda Antivirus
pcanywhere host service
PC-cillin Personal Firewall
PCCIOMON
PCCMAIN
PCCWIN98
POP3TRAP
PVIEW95
Quick Heal Online Protection
RemoteAgent
RESCUE32
Rising Process Communication Center
rising process communication center
Rising Realtime Monitor Service
rising realtime monitor service
rundll
SAFEWEB
savroam
ScriptBlocking Service
scvhost
secur2
Security Center
Serv-U FTP Server
snake sockproxy service
Sophos Anti-Virus
Sophos Anti-Virus Network
Sygate Personal Firewall
Sygate Personal Firewall Pro
SyGateService
symantec antivirus
Symantec AntiVirus Client
symantec central quarantine
Symantec Event Manager
Symantec Proxy Service
symantec quarantine agent
symantec quarantine scanner
SYMPROXYSVC
syslock
System Event Notification
systemsecuritydll
Trend Micro Proxy Service
Trend NT Realtime Service
TrueVector Internet Monitor
V3MonNT
V3MonSvc
ViRobot Expert Monitoring
ViRobot Lite Monitoring
ViRobot Professional Monitoring
vnc server
VSHWIN32
VSSTAT
WEBSCANX
WEBTRAP
Windows Firewall
Windows Internet Connection Sharing(ICS)
WMDM PMSP Service
ZoneAlarm
- ※ 예방 및 수동 조치 방법
-
- 본 컨텐츠에 대한 저작권은 '에브리존'에게 있으며 이에 무단 사용 및 재배포를 금지합니다.
- 본 컨텐츠에 대한 이용 문의는 '에브리존'으로 문의하여 주십시요
