Jump to content

Virus


liane
 Share

Recommended Posts

Olá a todos

Ando com um vírus à perna e não me consigo livrar dele.

Algum de vocês me pode dizer se conhece o vírus W32 mitiglied.P e como ele me pode afectar o pc?

E claro, como que gaita me livro dele.

Thx

Link to comment
Share on other sites

A dar cabo de virús o Mcafee é eficiente...

Tens o Mcafee Virus Scan (é versão trial mas resolve-te o assunto na mesma). Sempre podes tentar conseguir algum crack ou serial em www.astalavista.box.sk

Também eu tive há pouco tempo um virús maroto que não queria sair e com o Macfee Virus Scan em dois tempos tratei-lhe da saúde...

Tb tens as versões gratuitas do AVG e AVAST, são mais limitados mas tb cumprem bem os seus objectivos...

Podes encontrar isso tudo em www.download.com

Não deverá ser novidade para ti mas se tiveres uma firewall (zonealarm chega e sobra) e um anti-virus actualizados (AVG, porque não, já o utilizei e não tive grandes problemas) safas-te na boa...

Se isto não resolver, diz qq coisa que tenho mais alternativas ...

Edited by Walt Sousa
Link to comment
Share on other sites


W32/Mitglied.gen 

• Process File: realupd32 or realupd32.exe

• Destructivity:  Spreading:  Overall risk:  

• Detected by virus detection files published:  

• Virus characteristics first published: 13 Dec. 2005 

• Virus characteristics latest update: 15 Dec. 2005 

• Type: Trojan 

• Alias: Mitglied.gen 

• Spreading mechanism: Email, Network 

• Overall risk: Low 

• Payload: Disables security software, includes backdoor and downloader capability 

 

This is a trojan which might have backdoor, downloader and worm characteristics. 



Because of the similarities between many of the Mitglied variants this is a generic description.



The Mitglieds are often spammed out in email attachments and are a common part of the Bagle email-worms. The email rely backdoor opened by the Mitglied might be used both for commercial spam and to distribute new variants of Mitglieds and Bagles.



When the Miglied is executed it will copy itself to the %SYSTEM% folder and register itself in the runkey "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" in the registry to be executed on windows startup. It might also modify/create the key "HKCR\exefile\shell\open\command" and set the value "default=%SYSTEM%\<virusfile> -run "%1" %*"



Some Mitglieds also have the functionality to search for computers which have been infected with the "W32\MyDoom" worm, and if such a computer is found, the Mitglied will get copied over. These variants will also try to delete registry keys made by the MyDoom worm.



A selection of filenames used by Mitglied:

	  irun4.exe

	  window.exe

	  winhost.exe	   

	  winshost.exe

	  syswrun4x.exe

	  realupd.exe

	  wind.exe

	  windll32.exe

	  scvhost.exe

	  sysdoor.exe

	  windllsys32.exe

	  winudll.exe	   

	  winsystems.exe

	  runner.exe

	  system.exe

	  drwatson32.exe

	  antiav_exe.exe

	  anti_troj.exe 

	  or a random value 



A selection of runkey Values it might use are:			 

	  "sgrate.exe"	  

	  "ssgrate.exe"

	  "RealUpdater"

	  "windows.exe"

	  "dm_service"

	  "usrgtway.exe"

	  "Symantec NetDriver Monitor" 

	  "auto__hloader__key"

	  "auto__antiav__key"

	  "WindowsDebug" 

	  or the filename it copied itself to.



The Mitglied will install itself to the registry key and also open a random or given port which may then be used as an email relay. 

Then it will go to a number of URLs and include the port, IP and other information as variables in the request by adding i.e. "?p=<value>&id=<value>" at the end of the requested URLs. 

It also creates a mutex to ensure only one instance is running.





The Mitglied might also search for running AV products and terminate these, search for AV executables and rename or delete these, search for AV registry keys and modify or delete these and modify the HOSTS file so that the infected computer can not contact AV-vendor webpages.



The Mitglied might also download a file from a webpage to the %WINDOWS% directory and execute it.  



It might drop one or more files to the %WINDOWS%, %SYSTEM% and/or %TEMP% directories. These files are often classified and detected as other variants of the Midglied trojan.



Link to comment
Share on other sites

Formatar o pc só em último caso. Realmente é a forma mais prática e fácil de resolver o problema... Liane, se tentares correr um ou dois anti-virús e não conseguires acabar com o virús, não terás outro remédio senão fazer um format c:

Mas os virús voltarão sempre a aparecer e com a maior das facilidades se não estiveres minimamente protegida: firewall + anti-virús...

A não ser que prefiras formatar o pc diariamente...

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.