증상은 트레이에 상주하면서 System Alert! (시스템 경고!) 를 짜증나도록 뿌려주죠.
System Alert! (시스템 경고!) 클릭하게 되면~~ antispycheck 사이트로 빠집니다.
익스플로러를 실행시키면 해당 홈페이지에 접속이 되질 않고,
Insecure Internet activity. Threat of virus attack
Due to insecure Internet browsing your PC can easily get infected with viruses, worms and trojans without your knowledge, and that can lead to system slowdown, freezes and crashes. Also insecure Internet activity can result in revealing your personal information. To get full advanced real-time protection for PC and Internet activity, register AntiSpyCheck.
We recommend you to protect your PC now and continue safe Internet browsing.
Click here to get full advanced real-time protection and continue browsing. Continue to this website unprotected (not recommended).
이 문구를 사정없이 뿌려줍니다. 그런데 파이어폭스에선 아무문제가 없더라구요.
그리고 AntiSpyCheck 2.1 이란 프로그램도 알아서 깔아줘요~
"Malwarebytes' Anti-Malware" 라는 프로그램 으로 돌려보니....
자그마치 44개가 잡히네요.
메모리를 프로세스에 감염 : C:\Program Files\Applications\iebtm.exe (Trojan.Zlob) -> Unloaded process successfully. C:\Program Files\Applications\iebtmm.exe (Trojan.Zlob) -> Unloaded process successfully. C:\Program Files\Applications\wcm.exe (Trojan.Zlob) -> Unloaded process successfully.
메모리 모듈에 감염 : C:\Program Files\Applications\iebt.dll (Trojan.Zlob) -> Delete on reboot.
레지스트리 키에 감염 : HKEY_CLASSES_ROOT\Interface\{967a494a-6aec-4555-9caf-fa6eb00acf91} (Rogue.PestPatrol) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{9692be2f-eb8f-49d9-a11c-c24c1ef734d5} (Rogue.PestPatrol) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{a8954909-1f0f-41a5-a7fa-3b376d69e226} (Rogue.PestPatrol) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e1fab6bd-4a34-47ce-82af-50b16a6be77e} (Rogue.PestPatrol) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e1fab6bd-4a34-47ce-82af-50b16a6be77e} (Rogue.PestPatrol) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0bd44ab1-76a7-4e05-92f4-4b065fe72bd6} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0bd44ab1-76a7-4e05-92f4-4b065fe72bd6} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEBrowse Tool (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Bar (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Warning Center (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
레지스트리 값에 감염 : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\start (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\smile (Trojan.Zlob) -> Quarantined and deleted successfully.
레지스트리 데이터 항목에 감염 : (아니오 악의적인 상품 검색)
폴더에 감염된 : C:\Documents and Settings\ZIWOOGAE\Start Menu\Programs\AntiSpyCheck 2.1 (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
파일에 감염 : C:\Program Files\aspch\ThreatWarning.dll (Rogue.PestPatrol) -> Delete on reboot. C:\Documents and Settings\ZIWOOGAE\Start Menu\Programs\AntiSpyCheck 2.1\AntiSpyCheck 2.1.lnk (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\Applications\iebt.dll (Trojan.Zlob) -> Delete on reboot. C:\Program Files\Applications\iebtm.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\Applications\iebtmm.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\Applications\iebtu.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\Applications\iebu.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\Applications\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\Applications\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\Applications\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\Applications\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\Applications\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\Applications\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\Applications\wcm.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\Applications\wcu.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Documents and Settings\ZIWOOGAE\Desktop\AntiSpyCheck 2.1.lnk (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully. C:\Documents and Settings\ZIWOOGAE\Start Menu\AntiSpyCheck 2.1.lnk (Rogue.AntiSpyCheck) -
