sasser in ilacı(W32.Cycle)

horde_1 · 11-05-04, 12:11

hayırlı olsun...............
blaster
sasser
ve
skynette etkilerini silenyeni virus......biri dalga geciyor

teknik detaylar
-----------------------------------------------

When W32.Cycle is executed, it performs the following actions:

Creates the following files:
%Windir%\cyclone.txt
%Windir%\system\svchost.exe (a copy of the worm)

--------------------------------------------------------------------------------
Note: %Windir% is a variable. The worm locates the Windows installation folder (by default, this is C:\Windows or C:\Winnt) and copies itself to that location.
--------------------------------------------------------------------------------

Ends the following processes:
msblast.exe
avserve.exe
avserve2.exe
skynetave.exe

Creates the following mutexes:
SkynetSasserVersionWithPingFast
Jobaka3l
JumpallsNlsTillt
Jobaka3

If the system clock's date is set to May 18, it will perform Denial of Service (DoS) attacks against www.irna.com and www.bbcnews.com.

Opens a backdoor on TCP port 3332. This backdoor does not have an apparent function. It immediately closes any connection that it has made.

Runs a TFTP server on UDP port 69, which will send a copy of the worm to the processes connecting to that port.

Generates a random IP address and attempts to connect to TCP port 445 on any computer at the IP address.

Runs a remote shell, which downloads a copy of the worm from the TFTP server on UDP port 69, and then runs it. This requires that there is a TFTP client named "tftp" in the path of the computer, on which the remote shell runs.

The name of the downloaded file is cyclone.exe.

When the downloaded file runs, it may modify the value:

"Generic Host Service"="%windir%\system\svchost.exe"

in the registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run

Shadowfex · 11-05-04, 22:58

alın buda virüsün yaması:
http://members.lycos.co.uk/fexi/FxSasser.rar

horde_1 · 12-05-04, 00:14

shadowfex ben sasser den bahsetmiyorum,ondan sonra cıkan cycle wormunu yazdım. verdigin adresteki sasser yaması degil temizleme aracıdır...

DJ SONSUZLUK · 12-05-04, 00:22

Offff of yav aramayı kullanın allah için artık,daha yeni verildi bunun kesin çözümü.

İnanın kilitlemekten bıktım,biraz daha anlayışlı olun lütfen.

11-05-04, 12:11	#1
horde_1	sasser in ilacı(W32.Cycle) hayırlı olsun............... blaster sasser ve skynette etkilerini silenyeni virus......biri dalga geciyor teknik detaylar ----------------------------------------------- When W32.Cycle is executed, it performs the following actions: Creates the following files: %Windir%\cyclone.txt %Windir%\system\svchost.exe (a copy of the worm) -------------------------------------------------------------------------------- Note: %Windir% is a variable. The worm locates the Windows installation folder (by default, this is C:\Windows or C:\Winnt) and copies itself to that location. -------------------------------------------------------------------------------- Ends the following processes: msblast.exe avserve.exe avserve2.exe skynetave.exe Creates the following mutexes: SkynetSasserVersionWithPingFast Jobaka3l JumpallsNlsTillt Jobaka3 If the system clock's date is set to May 18, it will perform Denial of Service (DoS) attacks against www.irna.com and www.bbcnews.com. Opens a backdoor on TCP port 3332. This backdoor does not have an apparent function. It immediately closes any connection that it has made. Runs a TFTP server on UDP port 69, which will send a copy of the worm to the processes connecting to that port. Generates a random IP address and attempts to connect to TCP port 445 on any computer at the IP address. Runs a remote shell, which downloads a copy of the worm from the TFTP server on UDP port 69, and then runs it. This requires that there is a TFTP client named "tftp" in the path of the computer, on which the remote shell runs. The name of the downloaded file is cyclone.exe. When the downloaded file runs, it may modify the value: "Generic Host Service"="%windir%\system\svchost.exe" in the registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run

11-05-04, 22:58	#2
Shadowfex	Cvp: sasser in ilacı(W32.Cycle) alın buda virüsün yaması: http://members.lycos.co.uk/fexi/FxSasser.rar

12-05-04, 00:14	#3
horde_1	Cvp: sasser in ilacı(W32.Cycle) shadowfex ben sasser den bahsetmiyorum,ondan sonra cıkan cycle wormunu yazdım. verdigin adresteki sasser yaması degil temizleme aracıdır...

12-05-04, 00:22	#4
DJ SONSUZLUK	Cvp: sasser in ilacı(W32.Cycle) Offff of yav aramayı kullanın allah için artık,daha yeni verildi bunun kesin çözümü. İnanın kilitlemekten bıktım,biraz daha anlayışlı olun lütfen.

Konu Araçları
Çıktı Görüntüsünü Göster Sayfayı E-posta İle Yolla