Aliases: W32/AutoIt.CFO!tr (Fortinet) ,Trojan.Win32.AutoIt.cfo (Ikarus),W32/Autorun.worm.aapp (McAfee) ,Win32/Autoit.JW worm (Eset),Backdoor.Trojan (Symantec)Malware type: Worm Destructive: NoPlatform: Windows 2000, Windows Server 2003, Windows XP (32-bit, 64-bit), Windows Vista (32-bit, 64-bit), Windows 7 (32-bit, 64-bit)Encrypted: No In the wild: Yes--------------------------------------------------------------------------------
លំអិតការចម្លង៖
វាឆ្លងតាមរយះ USB និង HHD Drive មេរោគនេះគ្រាន់តែវាផ្តល់នូវភាពរំខាន និងបណ្តាលឲ្យប្រពន្ឋដំណើរការយឺត។ វាជាការទំលាក់មកតាមពពួក malware ឬការ downloaded ដោយមិនស្គាល់ច្បាស់នូវវឺបសាយ malicious។ការចម្លងនេះវាដំឡើង files:C:\Google\Autoit3.exeC:\Google\Google.lnkC:\Google\Windowsupdate.lnkC:\Google\GoogleUpdate.lnk %User Startup%\GoogleUpdate.lnk %User Startup%\WindowsUpdate.lnk{removable drive letter}:\Hot.lnk{removable drive letter}:\Movies.lnk{removable drive letter}:\My Games.lnk{removable drive letter}:\My Pictuers.lnk{removable drive letter}:\My Videos.lnkវារត់ស្វ័យប្រវត្តិតាម Registry
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Run
Windows Update = "C:\Google\Windowsupdate.lnk"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Windows Update = "C:\Google\Windowsupdate.lnk"
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Run
JavaUpdate = "C:\Google\GoogleUpdate.lnk"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
AdopeUpdate = "C:\Google\GoogleUpdate.lnk"
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Run
NewJavaInstall = "C:\Google\AutoIt3.exe /AutoIt3ExecuteScript C:\Google\googleupdate.a3x"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
AdopeFlash = "C:\Google\AutoIt3.exe /AutoIt3ExecuteScript C:\Google\googleupdate.a3x"
ដំណោះស្រាយ៖
ជំហាន១
មុនពេលធ្វើការ Scans អ្នកត្រូវ Disable System Restore ដើម្បីអនុញ្ញាត្ត Scans Computer ទាំងមូលបានល្អ
ជំហាន២
បិទដំណើរការ Autoit3 នៅក្នុង Task Manager (End Process)
ជំហាន៣បង្ហាញ Folder និង Files ដែលលាក់ (Hidden File and Folder)
លុប files ,Folder និង Registry នៅទីតាំខាងក្រោម:
C:\Google\Autoit3.exe
C:\Google\Google.lnk
C:\Google\Windowsupdate.lnk
C:\Google\GoogleUpdate.lnk %User Startup%\GoogleUpdate.lnk %User Startup%\WindowsUpdate.lnk
{removable drive letter}:\Hot.lnk
{removable drive letter}:\Movies.lnk
{removable drive letter}:\My Games.lnk
{removable drive letter}:\My Pictuers.lnk
{removable drive letter}:\My Videos.lnk
Registry
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Run
Windows Update = "C:\Google\Windowsupdate.lnk"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Windows Update = "C:\Google\Windowsupdate.lnk"
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Run
JavaUpdate = "C:\Google\GoogleUpdate.lnk"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
AdopeUpdate = "C:\Google\GoogleUpdate.lnk"
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Run
NewJavaInstall = "C:\Google\AutoIt3.exe /AutoIt3ExecuteScript C:\Google\googleupdate.a3x"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
AdopeFlash = "C:\Google\AutoIt3.exe /AutoIt3ExecuteScript C:\Google\googleupdate.a3x"
និង តាម Drive D, E, F តាមរបៀបដូចរូប
ជំហាន៥
ចំនុចសំខាន់ត្រូវ លុប ទិន្នន័យ របស់ Registry តែត្រូវប្រយ័ត្នបើអ្នកមិនសូវច្បាស់ក្នុងការប្រើប្រាស់ ប្រព័ន្ឋដំណើរការរបស់ Microsoft ទេ ចូរសួរមកកាន់សិស្ស IT ចុះ។
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
- Windows Update = "C:\Google\Windowsupdate.lnk"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- Windows Update = "C:\Google\Windowsupdate.lnk"
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
- JavaUpdate = "C:\Google\GoogleUpdate.lnk"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- AdopeUpdate = "C:\Google\GoogleUpdate.lnk"
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
- NewJavaInstall = "C:\Google\AutoIt3.exe /AutoIt3ExecuteScript C:\Google\googleupdate.a3x"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- AdopeFlash = "C:\Google\AutoIt3.exe /AutoIt3ExecuteScript C:\Google\googleupdate.a3x"
ជំហាន៥
បង្ហាញនូវ File and Folder ដែល Hidden តាម Registry ដូចខាងក្រោមបើអ្នកមិនបានអនុវត្ត តាមជំហានទី៣
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
- From: ShowSuperHidden = 0To: ShowSuperHidden = "1"
ជំហាន៦ស្វែងរក និងលុប នូវ File and Folder ខាងក្រោមម្តងទៀត
- C:\Google
- %drive letter%:\Skypee
- %User Startup%\GoogleUpdate.lnk
- %User Startup%\WindowsUpdate.lnk
- {removable drive letter}:\Hot.lnk
- {removable drive letter}:\Movies.lnk
- {removable drive letter}:\My Games.lnk
- {removable drive letter}:\My Pictuers.lnk
- {removable drive letter}:\My Videos.lnk
ជំហាន៧ប្រើកម្មវិធីកំចាត់មេរោគ ដើម្បី scan និង លុបចោលទាំងអស់។