Thursday, June 26, 2014

បំបាត់មេរោគ AUTOIT3 បង្កើតSHORTCUT

                No comments   

Aliases: W32/AutoIt.CFO!tr (Fortinet) ,Trojan.Win32.AutoIt.cfo (Ikarus),W32/Autorun.worm.aapp (McAfee) ,Win32/Autoit.JW worm (Eset),Backdoor.Trojan (Symantec)
Malware type: Worm Destructive: No
Platform: Windows 2000, Windows Server 2003, Windows XP (32-bit, 64-bit), Windows Vista (32-bit, 64-bit), Windows 7 (32-bit, 64-bit)
Encrypted: No In the wild: Yes
--------------------------------------------------------------------------------

លំអិតការចម្លង៖ 

វាឆ្លងតាមរយះ USB និង HHD Drive មេរោគនេះគ្រាន់តែវាផ្តល់នូវភាពរំខាន និងបណ្តាលឲ្យប្រពន្ឋដំណើរការយឺត។ វាជាការទំលាក់មកតាមពពួក malware ឬការ downloaded ដោយមិនស្គាល់ច្បាស់នូវវឺបសាយ malicious។

ការចម្លងនេះវាដំឡើង files:
C:\Google\Autoit3.exe
C:\Google\Google.lnk
C:\Google\Windowsupdate.lnk
C:\Google\GoogleUpdate.lnk %User Startup%\GoogleUpdate.lnk %User Startup%\WindowsUpdate.lnk
{removable drive letter}:\Hot.lnk
{removable drive letter}:\Movies.lnk
{removable drive letter}:\My Games.lnk
{removable drive letter}:\My Pictuers.lnk
{removable drive letter}:\My Videos.lnk

វារត់ស្វ័យប្រវត្តិតាម Registry
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Run
Windows Update = "C:\Google\Windowsupdate.lnk"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Windows Update = "C:\Google\Windowsupdate.lnk"
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Run
JavaUpdate = "C:\Google\GoogleUpdate.lnk"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
AdopeUpdate = "C:\Google\GoogleUpdate.lnk"
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Run
NewJavaInstall = "C:\Google\AutoIt3.exe /AutoIt3ExecuteScript C:\Google\googleupdate.a3x"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
AdopeFlash = "C:\Google\AutoIt3.exe /AutoIt3ExecuteScript C:\Google\googleupdate.a3x"

ដំណោះស្រាយ៖ 

ជំហាន១

មុនពេលធ្វើការ Scans អ្នកត្រូវ Disable System Restore ដើម្បីអនុញ្ញាត្ត Scans Computer ទាំងមូលបានល្អ

ជំហាន២

បិទដំណើរការ Autoit3 នៅក្នុង Task Manager (End Process)

ជំហាន៣បង្ហាញ Folder និង Files ដែលលាក់ (Hidden File and Folder)


ជំហាន៤
លុប files ,Folder និង Registry នៅទីតាំខាងក្រោម:
C:\Google\Autoit3.exe
C:\Google\Google.lnk
C:\Google\Windowsupdate.lnk
C:\Google\GoogleUpdate.lnk %User Startup%\GoogleUpdate.lnk %User Startup%\WindowsUpdate.lnk
{removable drive letter}:\Hot.lnk
{removable drive letter}:\Movies.lnk
{removable drive letter}:\My Games.lnk
{removable drive letter}:\My Pictuers.lnk
{removable drive letter}:\My Videos.lnk

Registry
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Run
Windows Update = "C:\Google\Windowsupdate.lnk"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Windows Update = "C:\Google\Windowsupdate.lnk"
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Run
JavaUpdate = "C:\Google\GoogleUpdate.lnk"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
AdopeUpdate = "C:\Google\GoogleUpdate.lnk"
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Run
NewJavaInstall = "C:\Google\AutoIt3.exe /AutoIt3ExecuteScript C:\Google\googleupdate.a3x"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
AdopeFlash = "C:\Google\AutoIt3.exe /AutoIt3ExecuteScript C:\Google\googleupdate.a3x"
និង តាម Drive D, E, F តាមរបៀបដូចរូប

ជំហាន៥

ចំនុចសំខាន់ត្រូវ លុប ទិន្នន័យ របស់ Registry តែត្រូវប្រយ័ត្នបើអ្នកមិនសូវច្បាស់ក្នុងការប្រើប្រាស់ ប្រព័ន្ឋដំណើរការរបស់ Microsoft ទេ ចូរសួរមកកាន់សិស្ស IT ចុះ។

  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    • Windows Update = "C:\Google\Windowsupdate.lnk"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • Windows Update = "C:\Google\Windowsupdate.lnk"
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    • JavaUpdate = "C:\Google\GoogleUpdate.lnk"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • AdopeUpdate = "C:\Google\GoogleUpdate.lnk"
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    • NewJavaInstall = "C:\Google\AutoIt3.exe /AutoIt3ExecuteScript C:\Google\googleupdate.a3x"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • AdopeFlash = "C:\Google\AutoIt3.exe /AutoIt3ExecuteScript C:\Google\googleupdate.a3x"
ជំហាន៥
បង្ហាញនូវ File and Folder ដែល Hidden តាម Registry ដូចខាងក្រោមបើអ្នកមិនបានអនុវត្ត តាមជំហានទី៣
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    • From: ShowSuperHidden = 0To: ShowSuperHidden = "1"
ជំហាន៦
ស្វែងរក និងលុប នូវ File and Folder ខាងក្រោមម្តងទៀត

  • C:\Google
  • %drive letter%:\Skypee
  • %User Startup%\GoogleUpdate.lnk
  • %User Startup%\WindowsUpdate.lnk
  • {removable drive letter}:\Hot.lnk
  • {removable drive letter}:\Movies.lnk
  • {removable drive letter}:\My Games.lnk
  • {removable drive letter}:\My Pictuers.lnk
  • {removable drive letter}:\My Videos.lnk

ជំហាន៧
ប្រើកម្មវិធីកំចាត់មេរោគ ដើម្បី​ scan និង លុបចោលទាំងអស់។

0 comments:

Post a Comment

Copyright © អាយធីឈ្ពោះទៅមុខជានិច្ច | Powered by Blogger
Design by SimpleWpThemes | Blogger Theme by NewBloggerThemes.com | Appliance Reports