Lopakodó féreg vette célba a vállalatok dokumentumait
Jelentkezz be a hozzászóláshoz.
![[HUN]PAStheLoD](https://media.sg.hu/forum/avatars/10334754621140968716.jpg)
#3
Köszi köszi Billy boy ^.^
hátö .. az előző aláírásom sokkal jobb volt :]
#2
Nyilván, ha egy programot (vagy vírust) Windows alá írnak, akkor azon tud mûködni...
Gigabyte P55-US3L, QuadCore Intel Core i5 750, SAPPHIRE R9 270X 4GB GDDR5 WITH BOOST & OC, 16 GB Corsair Vengeance Memory DDR3-1600 SDRAM,Synchmaster EX2220 WIN10
http://www.f-secure.com/v-descs/myfip_h.shtml
When run, the worm copies under %SYSTEM% directory using the name 'kernel32dll.exe'. It creates a mutex named 'Meteo/EA
"Distributed File System" = "kernel32dll.exe"
The worm also creates a thread that adds the above registry key again if it is deleted.
If the worm is running under Windows NT-based system, it tries to inject code in address space of Explorer.exe. The injected code re-executes worm's file if the process terminates. The implementation seems to be quite unstable and it might crash Explorer.exe.
If the worm is running on Windows NT-based computer, it tries to hide its process by manipulating kernel data structures. This works only it worm is run under administrator privileges. If the system is Win9x-based, the worm tries to hide the process by issuing Win32 API call 'RegisterServiceProcess'.
Namost ugye unixon sajnos még regisztry sincs 😄DD
mac-on sem... na vajon, melyik oprendszer is lehet veszélyben... hmmmmm....
When run, the worm copies under %SYSTEM% directory using the name 'kernel32dll.exe'. It creates a mutex named 'Meteo/EA
"Distributed File System" = "kernel32dll.exe"
The worm also creates a thread that adds the above registry key again if it is deleted.
If the worm is running under Windows NT-based system, it tries to inject code in address space of Explorer.exe. The injected code re-executes worm's file if the process terminates. The implementation seems to be quite unstable and it might crash Explorer.exe.
If the worm is running on Windows NT-based computer, it tries to hide its process by manipulating kernel data structures. This works only it worm is run under administrator privileges. If the system is Win9x-based, the worm tries to hide the process by issuing Win32 API call 'RegisterServiceProcess'.
Namost ugye unixon sajnos még regisztry sincs 😄DD
mac-on sem... na vajon, melyik oprendszer is lehet veszélyben... hmmmmm....
Ha már kivan a faszod az idióta szignókkal csinálj te is egyet.