متفائل فى زمن اليآس
المدير العام
عدد الرسائل : 1510
العمر : 44
تاريخ التسجيل : 17/04/2008
 | موضوع: برنامج Resolve for W32Avril 1.04 لازالة العديد من الفايروسات ومنعها من العوده للأبد  الخميس أبريل 23, 2009 4:43 am | |
|
   برنامجResolve for W32/Avril
يقوم البرنامج بمسح و اعادة التغيرات التي اجريت من بعض فايروسات, تروجانات.
حيث يقوم هذا البرنامج بتوقيف عمليات الفايروسات عن العمل واعادة اي مفتاح الريجستير الذي قام بتغيره الفايروس.
يمكنك تنضيف الاصبات بكل سرعة و سهولة على حاسوب فردي او على شبكات مع عدد كبير من كمبيوترات.
ويعتبر W32/Avril-A فايروس انترنت الذي يقوم بنسخ نفسه في مجلد نظام التشغيل باستخدام اسم عشوائي
و يضع نفسه في الريجستري لشتغيل نفسه الياً عندما يقوم النظام الويندوز باقلاع    
اقتباس:
المشاركة الأصلية كتبت بواسطة خضر2003
A tool that removes W32/Avril
Resolve is the name for a set of small, downloadable Sophos utilities designed to remove and undo the changes made by certain viruses, Trojans and worms.
They terminate any virus processes and reset any registry keys that the virus changed. Existing infections can be cleaned up quickly and easily, both on individual workstations and over networks with large numbers of computers.
W32/Avril-A is an internet worm that copies itself into the Windows system folder using a random name and sets following registry entry to run itself automatically when Windows starts up:
HKLMSoftwareMicrosoftWindowsCurrentVersion
RunAvril Lavigne - Muse = randomname.exe
The following registry entries are also created:
HKLMSoftwareOvGAvril Lavigne=Done
HKLMSoftwareOvGAvril LavignePSW-Trojan=1
W32/Avril-A drops itself into the KaZaA folder with one of the filenames shown below and creates the file avril-ii.inf.
The worm terminates anti-virus products and drops several copies of itself onto the hard disk with random names.
On the 7th, 11th and 24th of any month, W32/Avril-A will open up Microsoft Internet Explorer to www.avril-lavigne.com, display coloured ellipses in the middle of the screen and display "AVRIL_LAVIGNE_LET_GO - MY_MUSE 2002 (c) Otto von Gutenberg" in the top left corner of the screen.
The worm can send cached passwords to a Russian email address.
W32/Avril-A spreads by sending itself to email addresses gathered from DBX, MBX, WAB, HTML, EML, HTM, TBB, SHTML, NCH and IDX files, stored in listrecp.dll.
The emails will have the following characteristics:
Subject line - randomly selected from one of the following 10:
Fw: Avril Lavigne - the best
Fw: Prohibited customers...
Fwd: Re: Admission procedure
Fwd: Re: Reply on account for Incorrect MIME-header
Re: According to Daos Summit
Re: ACTR/ACCELS Transcriptions
Re: Brigade Ocho Free membership
Re: Reply on account for IFRAME-Security breach
Re: Reply on account for IIS-Security
Re: The real estate plunger
Message body - chosen from 3 alternatives:
"Avril fans subscription
FanList admits you to take in Avril Lavigne 2003
Billboard awards ceremony
Vote for I'm with you!
Admission form attached below"
"Restricted area response team (RART)
Attachment you sent to is intended to overwrite
start address at 0000:HH4F
To prevent from the further buffer overflow attacks
apply the MSO-patch"
"Microsoft has identified a security vulnerability in
Microsoft? IIS 4.0 and 5.0
that is eliminated by a previously-released patch.
Customers who have applied that patch are already protected
and do not need to take additional action.
Microsoft strongly urges all customers using IIS 4.0 and 5.0
who have not already done so to apply the patch immediately.
Patch is also provided to subscribed list of Microsoft?Tech Support:"
Attached file - one of the following:
AvrilLavigne.exe
AvrilSmiles.exe
CERT-Vuln-Info.exe
Cogito_Ergo_Sum.exe
Complicated.exe
Download.exe
IAmWiThYoU.exe
MSO-Patch-0035.exe
MSO-Patch-0071.exe
Readme.exe
Resume.exe
Singles.exe
Sk8erBoi.exe
Sophos.exe
Transcripts.exe
Two-Up-Secretly.exe
W32/Avril-B is an internet worm which spreads via email. W32/Avril-B is an extended variant of W32/Avril-A. For information on the generic features of W32/Avril-B see the description of W32/Avril-A.
W32/Avril-B differs from W32/Avril-A as follows.
The format of the sent email has changed to the following:
Subject line - one of the following 16:
Fw: Avril Lavigne - CHART ATTACK!
Fw: F. M. Dostoyevsky "Crime and Punishment"
Fw: Redirection error notification
Fwd: Re: Have U requested Avril Lavigne bio?
Fwd: Re: Reply on account for Incorrect MIME-header
Fwd: RFC-0245 Specification requested...
Fwd: RFC-0841 Specification requested...
Re: According to Purge's Statement
Re: ACTR/ACCELS Transcriptions
Re: Brigada Ocho Free membership
Re: Ha perduto qualque cosa signora?
Re: IREX admits you to take in FSAU 2003
Re: Junior Achievement
Re: Reply on account for IFRAME-Security breach
Re: Reply on account for IIS-Security Breach (TFTP)
Re: Vote seniors masters - don't miss it!
Message text - may contain one of the following 4 alternatives, but they might be skipped and hence not included:
"AVRIL LAVIGNE - THE CHART ATTACK!
Vote fo4r Complicated!
Vote fo4r Sk8er Boi!
Vote fo4r I'm with you!
Chart attack active list:"
"Restricted area response team (RART)
Attachment you sent to is intended to overwrite
start address at 0000:HH4F
To prevent from the further buffer overflow attacks apply the MSO-patch"
"Network Associates weekly report:
Microsoft has identified a security vulnerability in Microsoft?
IIS 4.0 and 5.0 that is eliminated by a previously-released patch.
Customers who have applied that patch are already protected
against the vulnerability and do not need to take additional action.
Microsoft strongly urges all customers using IIS 4.0 and 5.0 who
have not already done so to apply the patch immediately.
Patch is also provided to subscribed list of Microsoft? Tech Support:"
"AVRIL LAVIGNE - THE BEST
Avril Lavigne's popularity increases:>
SO: First, Vote on TRL for I'm With U!
Next, Update your pics database!
Chart attack active list .>.>"
Attachment exe - one of the following 21:
ADialer.exe
ALavigne.exe
AvrilLavigne.exe
AvrilSmiles.exe
BioData.exe
CERT-Vuln-Info.exe
Cogito_Ergo_Sum.exe
Complicated.exe
EntradoDePer.exe
IAmWiThYoU.exe
MSO-Patch-0035.exe
MSO-Patch-0071.exe
Phantom.exe
Readme.exe
Resume.exe
SiamoDiTe.exe
Sk8erBoi.exe
Sophos.exe
Transcripts.exe
TrickerTape.exe
Two-Up-Secretly.exe
The worm may also attach a TXT, HTM, DOC or HTML file to the email from the Personal folder of the user.
W32/Avril-B tries to update itself from the web and also tries to download a backdoor Trojan (apparently Back Orifice 2K) from the web and run it on the user's computer. At the time of this writing the corresponding URL was unavailable. The worm would download the backdoor Trojan into bo2k.exe and set the following registry entry:
HKLMLSoftwareMicrosoftWindowsCurrentVersionRunSock etListener =
bo2k.exe
W32/Avril-B drops a different version of the text file avril-ii.inf and sends the cached passwords to different email addresses.
The payload has also been changed slightly, in that the text displayed in the top left corner of the screen is now "AVRIL_LAVIGNE_LET_GO - MY_MUSE VOTE FOR I'm With YoU.
W32/Avril-C is a worm that spreads in local networks (see W32/Avril-A for further information) and on the internet by sending emails to email addresses gathered from DBX, MBX, WAB, HTML, EML, HTM, ASP and SHTML files. The sent email has the following characteristics:
Subject line - one of the following:
Fw: IREX Fields Description
Re: ACCELS Awards results for 2003
Re: Avril Fans will rock you
Fw: Avril Lavigne - the best
Re: Antique themes
Re: ACTR/ACCELS Transcriptions
Message text - chosen from the following three options:
"EDUCATIONAL PURPOSE
Avril fans subscription
I wish you the sweetest thing"
"Restricted area response team (RART)
Attachment you sent to is really good :-)
Well done!
SMTP session error #450: service not ready"
|
  لفك الضغط عن الملفات
رمز:
خضر2003
بدون فاصل بين الاسم والرقم
تقبلوا تحياتي وتقديري
أخوكم خضر2003
|
منقول لتعم الفائدة | |
|
