Adware/Rogue - Windows-site security (KS82381) (유해사이트차단)

입력일 : 2007/12/23 21:44

Adware/Rogue - Windows-site security (KS82381) (유해사이트차단)
--> 다른버전 : Windows-WebProtect
http://fantasy-actuality.tistory.com/178

WindowsSecuritySiteService 이 생겼고 이것 때문에 겜이 안된다는 분들 요즘 많은 듯하다. 인터넷 상에 유포되고 있는 유해 사이트를 차단해준다는 툴의 변종들이 때문..

빛자루의 안티스파이웨어 에서 Win-Downloader/SLimit.141312 (SZ) 로 진단되어 지는
slupd.exe 에 의해 설치되며,

해당 파일 내부에 입력되어 있는 Url 값은 아래와 같음 ..

www.okinternet.xx.kr / hxxp://anti-spy.xx.kr/setup/

File slupd.exe received on 12.24.2007 03:25:48 (CET)
MD5: 0a0c9f1168fa7c5c720efcec906c4573
--> http://www.virustotal.com/resultado.html?4eb3a758a21aa271ebafe22642192ced

<slupd.exe 에 의해 생성되는 목록> <2007.12.23>
--> 목록은 유포시점에 따라 다를 수 있음

Windows-site security (KS82381)
Uninstall AdImageware
--> 관련정보 : http://fantasy-actuality.tistory.com/219
Windows-WebProtect
--> 관련 정보 : http://fantasy-actuality.tistory.com/178

오케이인터넷 에서 밝히는 삭제 방법은 ..

암호를 설정하지 않았다면 암호는 1234 를 입력후 삭제를 시도하라는 안내문이 있음.
삭제하려면 보여지는 암호 입력란

설치될 당시 직접 관리번호를 입력하였거나 분실 한 경우

--> 이메일 주소를 입력후 암호 받기
--> 사전에 관리 번호를 지정하지 않았는데도 암호가 틀리다고 나오는 경우
이메일 을 임의로 <dfdf@dfdf.com> 입력후 다음단계로 넘기고
암호 1234를 재입력

< 제작사에서 언급하는 방법으로 되지 않을 경우 >

1> 위와 같이 조치하여도 삭제되지 않을 경우 아래 언급되는 진단내역을 확인하여
진단되는 보안제품으로 치료를 시도

2> 직접수동삭제 시도
본문에 언급되는 설치정보를 참조하여
해당 레지스터리와 의심스러운 시작프로그램 목록을 정리후
폴더 위치를 참조하여 삭제..

단, 레지스터리는 빨간색으로 표기한 것을 찾아 삭제 하십시오.

삭제되지 않는 항목들은 재부팅후 삭제하십시오.
-->안전모드로 부팅후 처리하는 것을 권장
< 안전모드는 부팅 초기 F8 입력후 안전모드선택>

c:\WINDOWS\Downloaded Program Files\SW 에 생성되는 것에 대해선
--> 이곳을 참조 하여 삭제 : http://fantasy-actuality.tistory.com/178

<진단상황>

<2007.12.23>
--> 진단상황은 일부 누락되었을 수 있습니다.

1> 안철수 연구소

Ahnlab SpyZero 2.0 / V3 Internet Security Platinum / 빛자루의 안티스파이웨어

wpupd.ex_ Win-Trojan/Agent.142848.O
Win-Downloader/WebProtect.158720.B
Win-Downloader/WebProtect.158720
Win-Spyware/Slimit.218112
Win-Spyware/SLimit.49152

Win-Downloader/SLimit.141312 slupd.exe
Win-Downloader/OkInternet.151552 C:\WINDOWS\system32\wpuninstall.exe Win-Spyware/SLimit.150528 C:\WINDOWS\system32\sluninstall.exe Win-Spyware/SLimit.49152 C:\WINDOWS\system32\SiteProt.dll Win-Adware/Website.44544 C:\WINDOWS\system32\SiteDB_SW.dll Win-Adware/Website.2995712 C:\WINDOWS\system32\SiteDB.dll

Win-Adware/WebProtect.53248.B
C:\WINDOWS\system32\ProtHK.dl_
C:\WINDOWS\system32\ProtHK.dll
C:\WINDOWS\Downloaded Program Files\SW\ProtHK.dll

Win-Downloader/OkInternet.142848 C:\Program Files\webprotect\wpupd.ex_ Win-Adware/WebProtect.218112 C:\Program Files\webprotect\sitelimit.exe Win-Downloader/WebProtect.158720.B C:\Program Files\webprotect\IHUpd.exe Win-Adware/WebProtect.142848 C:\Program Files\webprotect\IHuk.exe Win-Adware/WebProtect.61440 C:\Program Files\webprotect\IEHK.dll Win-Downloader/SLimit.141312 C:\Program Files\sitelimit\slupd.exe Win-Spyware/Slimit.218112 C:\Program Files\sitelimit\sitelimit.exe Win-Downloader/WebProtect.142848
C:\Documents and Settings\계정\Templates\wpupd2.exe
Win-Downloader/WebProtect.158720.B
C:\Documents and Settings\계정\Templates\IHUpd.exe

Win-Spyware/SLimit.49152
C:\WINDOWS\system32\sw_pass.swb C:\WINDOWS\system32\sw_deny.swb
C:\WINDOWS\system32\SiteDB.dll
C:\WINDOWS\system32\SiteDB_SW.dll
C:\WINDOWS\system32\SiteProt.dll

Win-Spyware/Slimit.218112 HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows-site security (KS82381) "UninstallString"="C:\WINDOWS\system32\sluninstall.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows-site security (KS82381) "DisplayName"="Windows-site security (KS82381)" HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows-site security (KS82381)
C:\WINDOWS\system32\sluninstall.exe
HKCU\Software\slexe
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\유해사이트차단
C:\Documents and Settings\j\시작 메뉴\프로그램\유해사이트차단\유해사이트차단.lnk
C:\Documents and Settings\j\시작 메뉴\프로그램\유해사이트차단
HKLM\Software\Microsoft\Windows\CurrentVersion\Run "유해사이트차단"="C:\Program Files\sitelimit\slupd.exe -update"
C:\Program Files\sitelimit\slupd.exe
C:\Program Files\sitelimit\sitelimit.exe
C:\Program Files\sitelimit\sitelimit.cfg
C:\Program Files\sitelimit

Win-Downloader/WebProtect.158720 HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows-WebProtect "UninstallString"="C:\WINDOWS\system32\wpuninstall.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows-WebProtect "DisplayName"="Windows-WebProtect"
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows-WebProtect
C:\Documents and Settings\j\Templates\IHUpd.exe
C:\Program Files\webprotect\wpupd.ex_
C:\Program Files\webprotect\sitelimit.exe
C:\Program Files\webprotect\sitelimit.cfg
C:\Program Files\webprotect\IHUpd.exe
C:\Program Files\webprotect\IHuk.exe
C:\Program Files\webprotect\IHUK.cfg
C:\Program Files\webprotect\IEHK.dll
C:\Program Files\webprotect

Win-Downloader/WebProtect.158720.B HKLM\Software\Microsoft\Windows\CurrentVersion\Run "WebProtect"="C:\WINDOWS\system32\ProtMng.exe"
C:\Documents and Settings\계정\Templates\wpupd2.exe
C:\WINDOWS\system32\ProtHK.dll
C:\WINDOWS\system32\ProtMng.exe
C:\WINDOWS\system32\ProtUtil.exe

Win-Downloader/WebProtect.143360
HKCU\Software\IHUK

2> 하우리 (바이로봇)

wpuninstall.exe   Spyware.Agent.Do.151552 / Trojan.Win32.Downloader.151552.D
Adware.Slimit
Adware.SHNeo.R
Adware.WebProtect

3> 바이러스체이서

wpupd2.exe    Trojan.DownLoader.34095
wpupd.ex_    Trojan.DownLoader.35203

4> 알약 v1.0 beta

V,DWN.WebProtect
H.HJK.IHuk
H.HJK.ISecu

5> 카스퍼스키 제품 ( kaspersky )

ProtHK.dll    Trojan.Win32.Agent.diw
ProtHK.dl_    Trojan.Win32.Agent.diw
ProtMng.exe    Trojan.Win32.Agent.dbe
ProtMng.ex_    Trojan.Win32.Agent.dbe
ProtUtil.exe Trojan.Win32.Agent.cqs
SiteProt.dll    not-a-virus:AdWare.Win32.Agent.uo
sluninstall.exe    Trojan-Downloader.Win32.Agent.det

<설치정보><2007.12.23>

보안제품 사용자라면 최소한 알아야 할 진단명 설명
--> http://fantasy-actuality.tistory.com/20

HijackThis - 보안툴 <참고하면 좋은 프로그램>
--> http://fantasy-actuality.tistory.com/103

제어판 - 추가삭제 항목에서 아래 프로그램 목록을 확인할 수 있다.

Windows-site security (KS82381)
Windows-WebProtect
--> 관련 정보 : http://fantasy-actuality.tistory.com/178

시작프로그램에 아래항목 등록

[유해사이트차단] C:\Program Files\sitelimit\slupd.exe -update
[WebProtect] C:\WINDOWS\system32\ProtMng.exe
[IHUK] C:\Program Files\webprotect\IHUpd.exe -update
[UpdateAdImageware] "C:\Program Files\AdImageware\UpdateAdImageware.exe"
RunOnce: [AA] C:\WINDOWS\system32\ProtUtil.exe -upd

File slupd.exe received on 12.24.2007 03:25:48 (CET)
MD5: 0a0c9f1168fa7c5c720efcec906c4573
--> http://www.virustotal.com/resultado.html?4eb3a758a21aa271ebafe22642192ced

File ProtMng.exe received on 12.24.2007 08:27:42 (CET)
MD5: 97b487c90271d70a6b78a0b083771508
http://www.virustotal.com/resultado.html?6f264197a59bdda6b24810e656f938b7

File IHUpd.exe received on 12.24.2007 07:46:13 (CET)
MD5: ff32c8587cda5b5431f3fec1f3b65ab4
http://www.virustotal.com/resultado.html?4193ad398da5f07bcd53c7f853e01132

File ProtUtil.exe received on 12.24.2007 07:34:31 (CET)
MD5: 59430e70468941760303e3d18e1fb13e
http://www.virustotal.com/resultado.html?c2a15891d3e4c96ac2e9bcae8648758c

<설치 레지스터리 일부><2007.12.23>

HKEY_CURRENT_USER\Software\IHUK
HKEY_CURRENT_USER\Software\slexe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IHUK REG_SZ C:\Program Files\webprotect\IHUpd.exe -update
WebProtect REG_SZ C:\WINDOWS\system32\ProtMng.exe
유해사이트차단 REG_SZ C:\Program Files\sitelimit\slupd.exe -update
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce AA REG_SZ C:\WINDOWS\system32\ProtUtil.exe -upd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Uninstall\Windows-site security (KS82381)
DisplayName REG_SZ Windows-site security (KS82381)
UninstallString REG_SZ C:\WINDOWS\system32\sluninstall.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Uninstall\Windows-WebProtect
DisplayName REG_SZ Windows-WebProtect
UninstallString REG_SZ C:\WINDOWS\system32\wpuninstall.exe
HKEY_USERS\S-1-5-21-448539723-1482476501-682003330-1003\Software\IHUK
HKEY_USERS\S-1-5-21-448539723-1482476501-682003330-1003\Software\slexe

<설치 폴더 일부><2007.12.23>

c:\Documents and Settings\계정\Templates
	IHUpd.exe	2007-12-23 19:34.04	158,720
	SetupAdImage.exe	2007-12-23 19:34.05	28,672
	wpupd2.exe	2007-12-23 19:33.30	142,848
c:\Documents and Settings\계정\시작 메뉴\프로그램\유해사이트차단
	유해사이트차단.lnk	2007-12-23 19:33.30	453
c:\Program Files\sitelimit
	sitelimit.cfg	2007-12-23 19:33.54	284
	sitelimit.exe	2007-12-23 19:33.51	218,112
	slupd.exe	2007-12-23 19:33.54	141,312
c:\Program Files\webprotect
	IEHK.dll	2007-12-23 19:34.07	61,440
	IHUK.cfg	2007-12-23 19:34.08	16
	IHuk.exe	2007-12-23 19:34.06	142,848
	IHUpd.exe	2007-12-23 19:34.08	158,720
	sitelimit.cfg	2007-12-23 19:34.01	296
	sitelimit.exe	2007-12-23 19:33.53	218,112
	wpupd.ex_	2007-12-23 19:33.56	142,848
c:\WINDOWS\system32
	ProtHK.dl_	2007-12-23 19:33.59	53,248
	ProtMng.ex_	2007-12-23 19:33.58	258,048
	ProtUtil.exe	2007-12-23 19:34.01	258,048
	SiteDB.dll	2007-12-23 19:33.51	2,995,712
	SiteDB_SW.dll	2007-12-23 19:33.52	44,544
	SiteProt.dll	2007-12-23 19:33.54	49,152
	sluninstall.exe	2007-12-23 19:33.53	150,528
	sw_deny.swb	2007-12-23 19:33.55	0
	sw_pass.swb	2007-12-23 19:33.55	0
	wpuninstall.exe	2007-12-23 19:33.55	151,552

< 재부팅후 설치정보 ><2007.12.23>

HKEY_CURRENT_USER\Software\ISECU
Popup REG_SZ 0
Search Date REG_SZ 0
Search Popup Date REG_SZ 0
Serial REG_SZ 119840711397
Site Date REG_SZ 20071223
SLimit REG_DWORD 0x00000001 (1)

HKEY_USERS\S-1-5-21-448539723-1482476501-682003330-1003\Software\ISECU
Popup REG_SZ 0
Search Date REG_SZ 0
Search Popup Date REG_SZ 0
Serial REG_SZ 119840711397
Site Date REG_SZ 20071223
SLimit REG_DWORD 0x00000001 (1)

c:\Program Files\WindowsSecuritySiteService
	ISecu.cfg	2007-12-23 19:52.02	16
	ISecu.exe	2007-12-23 19:52.00	53,248
	ISHK.dll	2007-12-23 19:52.01	57,344
	ISUpd.exe	2007-12-23 19:52.02	158,720
	S3CV.exe	2007-12-23 19:51.59	23,083
c:\WINDOWS\Downloaded Program Files\SW
	ProtHK.dll	2007-12-23 19:33.59	53,248
	ProtMng.exe	2007-12-23 19:33.58	258,048

c:\WINDOWS\system32
	ProtHK.dll	2007-12-23 19:33.59	53,248
	ProtMng.exe	2007-12-23 19:33.58	258,048

이전글

2007/11/22 - [유포 정보/유포 프로그램] - Adware/Rogue - Windows-WebProtect (유해사이트차단) / Trojan.Win32.SecondThought.bi

2007/10/21 - [유포 정보/유포 프로그램] - Adware/Rogue - coolcode(쿨코드) 와 동반 설치되는 Adware 2종

2007/10/06 - [유포 정보/유포 프로그램] - 유포되고 있는 Adware/Rogue - vaccine7

'Analysis > 유포 프로그램' 카테고리의 다른 글

Adware - win pluspoint Manager V2.33 (2)	2007.12.26
Adware - Uninstall AdImageware (1)	2007.12.24
Adware - Windows Go toolbar uninstall < 별칭 : GO툴바 > (1)	2007.12.23
Adware - Internet Explorer Guide V2 < 별칭 : 고툴바 / GO툴바 > (2)	2007.12.21
Grayware - Windows Urldoumi Object (0)	2007.12.20

File slupd.exe received on 12.24.2007 03:25:48 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2007.12.22.10	2007.12.21	위에 언급된 빛자루 진단명 참조
AntiVir	7.6.0.46	2007.12.23	TR/Dldr.Agent.det
Authentium	4.93.8	2007.12.23	-
Avast	4.7.1098.0	2007.12.23	Win32:Trojan-gen {UPX}
AVG	7.5.0.516	2007.12.23	Generic5.HBH
BitDefender	7.2	2007.12.24	-
CAT-QuickHeal	9.00	2007.12.22	TrojanDownloader.Agent.det
ClamAV	0.91.2	2007.12.24	Trojan.Downloader-16078
DrWeb	4.44.0.09170	2007.12.23	-
eSafe	7.0.15.0	2007.12.23	Win32.Agent.det
eTrust-Vet	31.3.5395	2007.12.21	-
Ewido	4.0	2007.12.23	Downloader.Agent.det
FileAdvisor	1	2007.12.24	High threat detected
Fortinet	3.14.0.0	2007.12.23	W32/Agent.DET!tr.dldr
F-Prot	4.4.2.54	2007.12.23	-
F-Secure	6.70.13030.0	2007.12.24	Trojan-Downloader.Win32.Agent.det
Ikarus	T3.1.1.15	2007.12.24	Trojan-Downloader.Win32.Agent.det
Kaspersky	7.0.0.125	2007.12.24	Trojan-Downloader.Win32.Agent.det
McAfee	5191	2007.12.21	Generic.da
Microsoft	1.3109	2007.12.24	TrojanDownloader:Win32/Agent.KA
NOD32v2	2744	2007.12.23	probably a variant of Win32/TrojanDownloader.Agent
Norman	5.80.02	2007.12.21	-
Panda	9.0.0.4	2007.12.23	Trj/Downloader.MDW
Prevx1	V2	2007.12.24	-
Rising	20.23.62.00	2007.12.23	Trojan.DL.Win32.Agent.det
Sophos	4.24.0	2007.12.23	SiteLimit
Sunbelt	2.2.907.0	2007.12.21	-
Symantec	10	2007.12.24	Downloader
TheHacker	6.2.9.168	2007.12.22	Trojan/Downloader.Agent.det
VBA32	3.12.2.5	2007.12.22	Trojan-Downloader.Win32.Agent.det
VirusBuster	4.3.26:9	2007.12.23	-
Webwasher-Gateway	6.6.2	2007.12.24	Trojan.Dldr.Agent.det

Additional information
File size: 141312 bytes
MD5: 0a0c9f1168fa7c5c720efcec906c4573
SHA1: 9f889ad41e8837e1f7767718c6d421927001bcab
PEiD: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
packers: UPX
packers: UPX
packers: UPX

File slupd.exe received on 12.24.2007 03:25:48 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2007.12.22.10	2007.12.21	위에 언급된 빛자루 진단명 참조
AntiVir	7.6.0.46	2007.12.23	TR/Dldr.Agent.det
Authentium	4.93.8	2007.12.23	-
Avast	4.7.1098.0	2007.12.23	Win32:Trojan-gen {UPX}
AVG	7.5.0.516	2007.12.23	Generic5.HBH
BitDefender	7.2	2007.12.24	-
CAT-QuickHeal	9.00	2007.12.22	TrojanDownloader.Agent.det
ClamAV	0.91.2	2007.12.24	Trojan.Downloader-16078
DrWeb	4.44.0.09170	2007.12.23	-
eSafe	7.0.15.0	2007.12.23	Win32.Agent.det
eTrust-Vet	31.3.5395	2007.12.21	-
Ewido	4.0	2007.12.23	Downloader.Agent.det
FileAdvisor	1	2007.12.24	High threat detected
Fortinet	3.14.0.0	2007.12.23	W32/Agent.DET!tr.dldr
F-Prot	4.4.2.54	2007.12.23	-
F-Secure	6.70.13030.0	2007.12.24	Trojan-Downloader.Win32.Agent.det
Ikarus	T3.1.1.15	2007.12.24	Trojan-Downloader.Win32.Agent.det
Kaspersky	7.0.0.125	2007.12.24	Trojan-Downloader.Win32.Agent.det
McAfee	5191	2007.12.21	Generic.da
Microsoft	1.3109	2007.12.24	TrojanDownloader:Win32/Agent.KA
NOD32v2	2744	2007.12.23	probably a variant of Win32/TrojanDownloader.Agent
Norman	5.80.02	2007.12.21	-
Panda	9.0.0.4	2007.12.23	Trj/Downloader.MDW
Prevx1	V2	2007.12.24	-
Rising	20.23.62.00	2007.12.23	Trojan.DL.Win32.Agent.det
Sophos	4.24.0	2007.12.23	SiteLimit
Sunbelt	2.2.907.0	2007.12.21	-
Symantec	10	2007.12.24	Downloader
TheHacker	6.2.9.168	2007.12.22	Trojan/Downloader.Agent.det
VBA32	3.12.2.5	2007.12.22	Trojan-Downloader.Win32.Agent.det
VirusBuster	4.3.26:9	2007.12.23	-
Webwasher-Gateway	6.6.2	2007.12.24	Trojan.Dldr.Agent.det

Additional information
File size: 141312 bytes
MD5: 0a0c9f1168fa7c5c720efcec906c4573
SHA1: 9f889ad41e8837e1f7767718c6d421927001bcab
PEiD: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
packers: UPX
packers: UPX
packers: UPX

File ProtMng.exe received on 12.24.2007 08:27:42 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2007.12.24.10	2007.12.24	-
AntiVir	7.6.0.46	2007.12.23	-
Authentium	4.93.8	2007.12.23	-
Avast	4.7.1098.0	2007.12.23	-
AVG	7.5.0.516	2007.12.23	Agent.LSP
BitDefender	7.2	2007.12.24	-
CAT-QuickHeal	9.00	2007.12.22	-
ClamAV	0.91.2	2007.12.24	-
DrWeb	4.44.0.09170	2007.12.24	-
eSafe	7.0.15.0	2007.12.23	-
eTrust-Vet	31.3.5400	2007.12.24	-
Ewido	4.0	2007.12.23	-
FileAdvisor	1	2007.12.24	-
Fortinet	3.14.0.0	2007.12.24	-
F-Prot	4.4.2.54	2007.12.23	-
F-Secure	6.70.13030.0	2007.12.24	Trojan.Win32.Agent.dbe
Ikarus	T3.1.1.15	2007.12.24	-
Kaspersky	7.0.0.125	2007.12.24	Trojan.Win32.Agent.dbe
McAfee	5191	2007.12.21	-
Microsoft	1.3109	2007.12.24	-
NOD32v2	2744	2007.12.23	-
Norman	5.80.02	2007.12.21	W32/Agent.DQGG
Panda	9.0.0.4	2007.12.23	-
Prevx1	V2	2007.12.24	-
Rising	20.24.00.00	2007.12.24	-
Sophos	4.24.0	2007.12.24	-
Sunbelt	2.2.907.0	2007.12.21	-
Symantec	10	2007.12.24	-
TheHacker	6.2.9.168	2007.12.22	-
VBA32	3.12.2.5	2007.12.22	-
VirusBuster	4.3.26:9	2007.12.23	Trojan.Agent.LZX
Webwasher-Gateway	6.6.2	2007.12.24	-

Additional information
File size: 258048 bytes
MD5: 97b487c90271d70a6b78a0b083771508
SHA1: 62197c5555045c566ee32d70a872ad22f34002b4
PEiD: -

File IHUpd.exe received on 12.24.2007 07:46:13 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2007.12.24.10	2007.12.24	-
AntiVir	7.6.0.46	2007.12.23	TR/Dldr.Agen.158720
Authentium	4.93.8	2007.12.23	-
Avast	4.7.1098.0	2007.12.23	-
AVG	7.5.0.516	2007.12.23	Downloader.Agent.VMN
BitDefender	7.2	2007.12.24	-
CAT-QuickHeal	9.00	2007.12.22	-
ClamAV	0.91.2	2007.12.24	-
DrWeb	4.44.0.09170	2007.12.23	-
eSafe	7.0.15.0	2007.12.23	Win32.Agent.evn
eTrust-Vet	31.3.5395	2007.12.21	-
Ewido	4.0	2007.12.23	Downloader.Agent.evn
FileAdvisor	1	2007.12.24	High threat detected
Fortinet	3.14.0.0	2007.12.24	-
F-Prot	4.4.2.54	2007.12.23	-
F-Secure	6.70.13030.0	2007.12.24	Trojan-Downloader.Win32.Agent.evn
Ikarus	T3.1.1.15	2007.12.24	Trojan-Downloader.Win32.Agent.det
Kaspersky	7.0.0.125	2007.12.24	Trojan-Downloader.Win32.Agent.evn
McAfee	5191	2007.12.21	Downloader.gen.a
Microsoft	1.3109	2007.12.24	TrojanDownloader:Win32/Agent.KA
NOD32v2	2744	2007.12.23	-
Norman	5.80.02	2007.12.21	W32/Agent.DHSP
Panda	9.0.0.4	2007.12.23	Suspicious file
Prevx1	V2	2007.12.24	Heuristic: Suspicious File With Bad Child Associations
Rising	20.24.00.00	2007.12.24	Trojan.DL.Win32.Agent.evn
Sophos	4.24.0	2007.12.24	Mal/Generic-A
Sunbelt	2.2.907.0	2007.12.21	-
Symantec	10	2007.12.24	Downloader
TheHacker	6.2.9.168	2007.12.22	-
VBA32	3.12.2.5	2007.12.22	Trojan-Downloader.Win32.Agent.evn
VirusBuster	4.3.26:9	2007.12.23	Trojan.DL.Agent.MCO
Webwasher-Gateway	6.6.2	2007.12.24	Trojan.Dldr.Agen.158720

Additional information
File size: 158720 bytes
MD5: ff32c8587cda5b5431f3fec1f3b65ab4
SHA1: 3735aa698b9fe9024a40fded3057cd28707bc06d
PEiD: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
packers: UPX
packers: UPX
packers: UPX

File ProtUtil.exe received on 12.24.2007 07:34:31 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2007.12.24.10	2007.12.24	-
AntiVir	7.6.0.46	2007.12.23	TR/Agent.258048
Authentium	4.93.8	2007.12.23	-
Avast	4.7.1098.0	2007.12.23	-
AVG	7.5.0.516	2007.12.23	Agent.KTZ
BitDefender	7.2	2007.12.24	-
CAT-QuickHeal	9.00	2007.12.22	-
ClamAV	0.91.2	2007.12.24	-
DrWeb	4.44.0.09170	2007.12.23	-
eSafe	7.0.15.0	2007.12.23	-
eTrust-Vet	31.3.5395	2007.12.21	-
Ewido	4.0	2007.12.23	Trojan.Agent.cqs
FileAdvisor	1	2007.12.24	-
Fortinet	3.14.0.0	2007.12.24	-
F-Prot	4.4.2.54	2007.12.23	-
F-Secure	6.70.13030.0	2007.12.24	Trojan.Win32.Agent.cqs
Ikarus	T3.1.1.15	2007.12.24	-
Kaspersky	7.0.0.125	2007.12.24	Trojan.Win32.Agent.cqs
McAfee	5191	2007.12.21	-
Microsoft	1.3109	2007.12.24	-
NOD32v2	2744	2007.12.23	-
Norman	5.80.02	2007.12.21	W32/Agent.DQGM
Panda	9.0.0.4	2007.12.23	-
Prevx1	V2	2007.12.24	-
Rising	20.24.00.00	2007.12.24	-
Sophos	4.24.0	2007.12.24	Mal/Generic-A
Sunbelt	2.2.907.0	2007.12.21	-
Symantec	10	2007.12.24	-
TheHacker	6.2.9.168	2007.12.22	-
VBA32	3.12.2.5	2007.12.22	-
VirusBuster	4.3.26:9	2007.12.23	Trojan.Agent.LXW
Webwasher-Gateway	6.6.2	2007.12.24	Trojan.Agent.258048

Additional information
File size: 258048 bytes
MD5: 59430e70468941760303e3d18e1fb13e
SHA1: 74be67dc206e3ce69e830738aef90b05c2239f0a
PEiD: -

진샘나미 정보 공유

Adware/Rogue - Windows-site security (KS82381) (유해사이트차단)

'Analysis > 유포 프로그램' 카테고리의 다른 글

티스토리툴바

Adware/Rogue - Windows-site security (KS82381) (유해사이트차단)

'Analysis > 유포 프로그램' 카테고리의 다른 글

'Analysis/유포 프로그램' Related Articles

티스토리툴바