ใครที่ download keygen ของ RVS 2010 ต้องระวังนะครับ
เพราะว่าผมลอง Upload ไปที่ VirusTotal.com แล้ว
แทบไม่มี Antivirus ตัวไหนเลยที่รู้่จัก
------------------------------------------------------------------------------
Keygen > Returnil.Virtual.System.2010
(TrojanDownloader.FakeAlert.ATQ : Detect by NOD32)
File size 160 KB (163,840 bytes)
MD5: 505A4F71F3E5678DD3C09A94F2408A69
SHA-1: 43017F8A41FFC7D0EF306B98EF82EBF4977B99B0
=======================================================
| Antivirus | Version | Last Update | Result |
|---|---|---|---|
| a-squared | 4.5.0.50 | 2010.02.07 | - |
| AhnLab-V3 | 5.0.0.2 | 2010.02.06 | - |
| AntiVir | 7.9.1.158 | 2010.02.05 | - |
| Antiy-AVL | 2.0.3.7 | 2010.02.05 | - |
| Authentium | 5.2.0.5 | 2010.02.06 | - |
| Avast | 4.8.1351.0 | 2010.02.06 | - |
| AVG | 9.0.0.730 | 2010.02.07 | - |
| BitDefender | 7.2 | 2010.02.07 | - |
| CAT-QuickHeal | 10.00 | 2010.02.06 | - |
| ClamAV | 0.96.0.0-git | 2010.02.06 | - |
| Comodo | 3851 | 2010.02.07 | - |
| DrWeb | 5.0.1.12222 | 2010.02.07 | Trojan.Siggen.58426 |
| eSafe | 7.0.17.0 | 2010.02.04 | - |
| eTrust-Vet | 35.2.7286 | 2010.02.05 | - |
| F-Prot | 4.5.1.85 | 2010.02.06 | - |
| F-Secure | 9.0.15370.0 | 2010.02.07 | - |
| Fortinet | 4.0.14.0 | 2010.02.07 | - |
| GData | 19 | 2010.02.07 | - |
| Ikarus | T3.1.1.80.0 | 2010.02.07 | - |
| Jiangmin | 13.0.900 | 2010.02.07 | - |
| K7AntiVirus | 7.10.968 | 2010.02.06 | - |
| Kaspersky | 7.0.0.125 | 2010.02.07 | - |
| McAfee | 5884 | 2010.02.06 | - |
| McAfee+Artemis | 5884 | 2010.02.06 | - |
| McAfee-GW-Edition | 6.8.5 | 2010.02.07 | - |
| Microsoft | 1.5406 | 2010.02.07 | - |
| NOD32 | 4844 | 2010.02.07 | Win32/TrojanDownloader.FakeAlert.ATQ |
| Norman | 6.04.03 | 2010.02.07 | - |
| nProtect | 2009.1.8.0 | 2010.02.07 | - |
| Panda | 10.0.2.2 | 2010.02.06 | - |
| PCTools | 7.0.3.5 | 2010.02.07 | - |
| Prevx | 3.0 | 2010.02.07 | - |
| Rising | 22.33.06.04 | 2010.02.07 | - |
| Sophos | 4.50.0 | 2010.02.07 | - |
| Sunbelt | 3.2.1858.2 | 2010.02.07 | - |
| TheHacker | 6.5.1.0.182 | 2010.02.07 | Trojan/Krap.an |
| TrendMicro | 9.120.0.1004 | 2010.02.07 | - |
| VBA32 | 3.12.12.1 | 2010.02.05 | - |
| ViRobot | 2010.2.5.2174 | 2010.02.05 | - |
| VirusBuster | 5.0.21.0 | 2010.02.06 | Trojan.Codecpack.Gen |
-------------------------------------------------------------------------------
msa.exe
Sfb.exe
Sfc.exe
Sfd.exe
Files Created / download
%Temp%\Sfb.exe
%Temp%\Sfc.exe
%Temp%\Sfd.exe
%WinDir%\msa.exe
%WinDir%\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
%WinDir%\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
%System%\Sshnas21.dll
%Temp% = C:\Documents and Settings\[UserName]\Local Settings\Temp\
%WinDir% = C:\Windows\
%System% = C:\Windows\System32\
-------------------------------------------------------------------------
Keys added
HKLM\SYSTEM\ControlSet001\Services\SSHNAS
HKLM\SYSTEM\ControlSet001\Services\SSHNAS\Parameters
HKLM\SYSTEM\ControlSet001\Services\SSHNAS\Security
HKLM\SYSTEM\CurrentControlSet\Services\SSHNAS
HKLM\SYSTEM\CurrentControlSet\Services\SSHNAS\Parameters
HKLM\SYSTEM\CurrentControlSet\Services\SSHNAS\Security
HKCU\Software\Microsoft\Handle
HKCU\Software\F5JMWNZTHI
HKCU\Software\ROUA3O12PW
HKCU\Software\XML
Values Added
HKLM\SYSTEM\ControlSet001\Services\SSHNAS\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\SYSTEM\ControlSet001\Services\SSHNAS\Parameters\
ServiceDll ="C:\WINDOWS\system32\sshnas21.dll"
HKLM\SYSTEM\ControlSet001\Services\SSHNAS\Type = 0x00000020
HKLM\SYSTEM\ControlSet001\Services\SSHNAS\Start = 0x00000002
HKLM\SYSTEM\ControlSet001\Services\SSHNAS\ErrorControl = 0x00000000
HKLM\SYSTEM\ControlSet001\Services\SSHNAS\
ImagePath ="%SystemRoot%\system32\svchost.exe -k netsvcs"
HKLM\SYSTEM\ControlSet001\Services\SSHNAS\
DisplayName = "SSHNAS"
HKLM\SYSTEM\ControlSet001\Services\SSHNAS\
ObjectName = "LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Services\SSHNAS\Security\
Security = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\SSHNAS\Parameters\
ServiceDll="C:\WINDOWS\system32\sshnas21.dll"
HKLM\SYSTEM\CurrentControlSet\Services\SSHNAS\Type= 0x00000020
HKLM\SYSTEM\CurrentControlSet\Services\SSHNAS\Start= 0x00000002
HKLM\SYSTEM\CurrentControlSet\Services\SSHNAS\ErrorControl= 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\SSHNAS\
ImagePath="%SystemRoot%\system32\svchost.exe -k netsvcs"
HKLM\SYSTEM\CurrentControlSet\Services\SSHNAS\DisplayName= "SSHNAS"
HKLM\SYSTEM\CurrentControlSet\Services\SSHNAS\ObjectName= "LocalSystem"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
F5JMWNZTHI = %Temp%\Sfd.exe"
HKCU\Software\F5JMWNZTHI\Sk2="xC7aKZ+O6wyPlq1krRM4sG7m2LFGsYtHjHOagBf10Ek/n4gL8s8xs9LeD5KQVh3/j+XFbG3/8Bu5aiMqJVRVcQF7oop6V/nqCjgd83M9F4qOfs643eYxlxdOozwYgUI="
HKCU\Software\F5JMWNZTHI\Sk0="tSLPLpWL7R22spR48AI743bz2Kge8sEPy1iosXy2iAog1s0v9M0gqMzCQfK0HljtkauXVCGbnnfra35yNQwaJTgv68pHV/XrSWpKvD4YfL3BUK2YmKdwy0wP+mREmBu3qeV4TyHp6lc/8xIj6ehCR1T2ygeXbopFSi+wcuZzVX7WA8yjo9XhuJU5/pNqmcfKB2V7Y7qn2tZwrqT3eKKXPIf9sbxy38uNoUF1xYIsnQ3hFA=="
HKCU\Software\F5JMWNZTHI\Sk1="tSbFNJuL/h22spR48AI743bz2Kge8sEeyVi7rDe7ghMhx8cxtMM6rsHIXa/qBkChgvGQSnOomXTeInlsZ1oGJTxl/soFQ//uV2wIsDIefbzBT+aPj6cx11ELryRfxAfh1NNeBib3uHpWiFcm77lAS0ithBveOJURRz6rY+ZxCjaQEduyrdTmo4559JNpxYvGGmwxY6z6xdJ15uLtZODZWf39sa5lx53p30M="
HKCU\Software\F5JMWNZTHI\Sb4= 0x00015180
HKCU\Software\F5JMWNZTHI\Sb5= 0x00000002
HKCU\Software\F5JMWNZTHI\Sb2= 0x01CAA8D5
HKCU\Software\F5JMWNZTHI\Sb3= 0x980A1B20
HKCU\Software\F5JMWNZTHI\Sb6= 0x00000001
HKCU\Software\F5JMWNZTHI\Sb0= 0x01CAA80E
HKCU\Software\F5JMWNZTHI\Sb1= 0xCDA631F0
HKCU\Software\ROUA3O12PW\Ssu3= "FOqnUNTOQxLe9g=="
HKCU\Software\ROUA3O12PW\
Ssu0="Gbv+C4eSExjnyIpWf4+pYXAo/2QGxA/X94OiMMEM3fg20bvg2lIH4I0SSBgUTuqf3fYxYYGgq646p4fQ0BKrrEqQmaTQyIWqoOGOMOR4MoH3sbitDgpFNd6HxZeCxMZEGF6iVtfwyKQ0agFQ1SzbUq43Q7Tpdhtm4U0ZRBNS6KYvkV2YzEwrOYxvFG4Qb8nrZPgjFnZJlNiNMc7X3BcE8gHKumxx8LYriVQTDzdu3czzeElaBVyMVp60Tv/wD8Kw"
HKCU\Software\ROUA3O12PW\Spe2= 0x000151E4
HKCU\Software\ROUA3O12PW\Spe5= 0x000151E4
HKCU\Software\ROUA3O12PW\Spe3= 0x000151E4
HKCU\Software\ROUA3O12PW\Spe4= 0x000151E4
HKCU\Software\ROUA3O12PW\Spe6= 0x00000000
HKCU\Software\ROUA3O12PW\Spe14= 0x00000000
HKCU\Software\ROUA3O12PW\Spe0= 0x01CAA8D5
HKCU\Software\ROUA3O12PW\Spe1= 0x9B0029A0
==================================================
วิธีกำจัด/แก้ : TrojanDownloader.FakeAlert.ATQ
==================================================
Download Fix Tool : PeeTechFix-SSHNAS21 1.3.00
No comments:
Post a Comment