|
notepad.exe (5.1.2600.0)
Содержали в средстве программирования |
|---|
| Имя: | Windows XP Home Edition, Deutsch |
|---|
| Лицензия: | коммерчески |
|---|
| Соединение информации: | http://www.microsoft.com/windowsxp/ |
|---|
Детали архива |
|---|
| Курс архива: | C:\WINDOWS\system32 \ notepad.exe |
|---|
| Дата архива: | 2002-08-29 14:00:00 |
|---|
| Вариант: | 5.1.2600.0 |
|---|
| Размер архива: | 67.072 байты |
|---|
Hashes checksum и архива |
|---|
| CRC32: | 301787D9 |
|---|
| MD5: | C388 4E80 3E1D 5D6C C94D 559E 5438 39AB |
|---|
| SHA1: | D53E 4313 E615 1FC6 3834 1561 18F4 BE79 04E7 7789 |
|---|
Данные по ресурса варианта |
|---|
| Имя компании: | Microsoft Corporation |
|---|
| Описание архива: | Editor |
|---|
| Оперативная система архива: | Windows NT, Windows 2000, Windows XP, Windows 2003 |
|---|
| Тип архива: | Application |
|---|
| Вариант архива: | 5.1.2600.0 |
|---|
| Внутренне имя: | Notepad |
|---|
| Законное авторское право: | © Microsoft Corporation. Alle Rechte vorbehalten. |
|---|
| Первоначально filename: | NOTEPAD.EXE |
|---|
| Имя продукта: | Betriebssystem Microsoft® Windows® |
|---|
| Вариант продукта: | 5.1.2600.0 |
|---|
notepad.exe было найдено в following рапортах:
|
|
|---|
Zeton.Mirc |
|---|
О Zeton.Mirc
...It copies itself to the Windows folder as Notepad.exe and to WindowsCommand as Edit.com, overwriting both files....
Оценка угрозой
...copies itself to overwrite notepad.exe ...
Технически детали
...to the following locations: C:WindowsNotepad.exe (overwriting the original Windows file)...
Инструкции удаления
...are detected as Zeton.Mirc. (Optional) Reinstall Notepad and Edit. (Optional) Rename the files...
Источник: http://securityresponse.symantec.com/avcenter/venc/data/zeton.mirc.html |
|---|
Backdoor.Way |
|---|
Технически детали
...in the following locations: \%System%Notepad.exe \%System%msgsvc.exe...
...of the (Default) value from C:WindowsNotepad.exe %1 to...
...This ensures that the Trojan file Notepad.exe is run instead of the real Notepad program whenever you open a .txt file....
Инструкции удаления
...from the line C:WindowsSystemNotepad.exe %1 so that it is...
Источник: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.way.html |
|---|
W2K.Team |
|---|
Технически детали
...with the added name ":ccc". For example, if the original file name was Notepad.exe, the virus would to the following:...
...Next, it copies the virus to Notepad.exe Finally, it copies the file...
...file by creating a process containing the code in the NTFS stream, for example, in Notepad.exe:ccc. ...
Источник: http://securityresponse.symantec.com/avcenter/venc/data/w2k.team.html |
|---|
W32.HLLW.Reckus |
|---|
О Zeton.Mirc
...KaZaA, Morpheus, and WinMX. It overwrites Notepad.exe and Regedit.exe with copies of itself and terminates antivirus and firewall...
Оценка угрозой
...Deletes files: Overwrites C:WindowsNotepad.exe and C:WindowsRegedit.exe; may delete other system files....
Технически детали
...LOL.exe Notepad.exe Regedit.exe...
...Note: The worm overwrites the legitimate applications, Notepad and Regedit, if they are found in this location....
Источник: http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.reckus.html |
|---|
W32.Dexec |
|---|
Технически детали
...as C:\%Windir%Fontsh.exe. C:\%Windir%Notepad.exe is copied as C:\%Windir%FontsNotepa.exe....
...sets its attribute to Hidden. C:\%Windir%Notepad.exe and sets its attribute to Hidden....
Инструкции удаления
...C:\%Windir%FontsNotepa.exe as C:\%Windir%Notepad.exe C:\%Windir%FontsScandsk.exe...
...C:\%Windir%FontsNotepa.exe as C:\%Windir%Notepad.exe C:\%Windir%Fontsscandsk.exe...
Источник: http://securityresponse.symantec.com/avcenter/venc/data/w32.dexec.html |
|---|
Trojan.Sarka |
|---|
О Zeton.Mirc
...The Trojan overwrites legitimate Windows executables like command.com and notepad.exe with a copy of itself. You may need to press the...
Технически детали
...%Windir%Command.com %Windir%Notepad.exe %Windir%Scanregw.exe...
Инструкции удаления
...Restore the overwritten system files, such as %Windir%Command.com and %Windir%Notepad.exe, from a backup. Manually delete Logo.sys,...
...Restore any overwritten system files, such as %Windir%Command.com and %Windir%Notepad.exe, from a backup or re-install them....
Источник: http://securityresponse.symantec.com/avcenter/venc/data/trojan.sarka.html |
|---|
PWSteal.Lemir.D |
|---|
Технически детали
...C:WindowsSystem32 (Windows XP). Makes a copy of %Windir%Notepad.exe, named Note.dll. Note: %Windir% is a variable....
...Copies itself as %System%Internat.exe and %Windir%Notepad.exe, overwriting the original executables, so that the Trojan runs in the background...
Инструкции удаления
...Restore the original executable files, Notepad.exe and Internat.exe, from the backup files that this Trojan created....
...4. Restoring the original executable files, Notepad.exe and Internat.exe Navigate to the %System% folder....
...Navigate to the %Windir% folder. Rename Note.dll to Notepad.exe. Write-up by:...
Источник: http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.lemir.d.html |
|---|
W32.HLLW.Qaz.D |
|---|
Оценка угрозой
...Modifies files: Renames Notepad.exe to Note.com Releases confidential info:...
...Target of infection: Notepad.exe ...
Технически детали
...When W32.HLLW.Qaz.D is launched, it searches for and renames Notepad.exe to Note.com. W32.HLLW.Qaz.D then copies...
...the computer as Notepad.exe. Each time Notepad.exe is executed, it runs the virus code and the original Notepad, which was renamed...
...the following string value: startIE notepad qazwsx.hsq to the registry key:...
...When it finds a computer, it infects it by searching for Notepad.exe and making the same modifications as previously described....
Инструкции удаления
...bymer.scanner registry entries Restore the original Notepad.exe file Detailed instructions follow....
...Boot to MS-DOS mode, and then delete the virus-infected Notepad.exe and Note.com files, and in some cases, an infected copy of the Wininit.exe file....
...pressing Enter after each line: del notepad.exe ren note.com notepad.exe...
...the following Name and Data: startIE "notepad qazwsx.hsq" NOTES:...
...In most cases, the text in the Data column points to Notepad. A few cases have been reported...
Источник: http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.qaz.d.html |
|---|
W32.HLLW.Qaz.C |
|---|
Оценка угрозой
...Modifies files: Renames Notepad.exe to Note.com Releases confidential info:...
...Target of infection: Notepad.exe ...
Технически детали
...When W32.HLLW.Qaz.C is launched, it searches for and renames Notepad.exe to Note.com. W32.HLLW.Qaz.C then copies...
...the computer as Notepad.exe. Each time Notepad.exe is executed, it runs the virus code and the original Notepad, which was renamed...
...the following string value: startIE notepad qazwsx.hsq to the registry key:...
...When it finds a computer, it infects it by searching for Notepad.exe and making the same modifications as previously described....
Инструкции удаления
...bymer.scanner registry entries Restore the original Notepad.exe file Detailed instructions follow....
...Boot to MS-DOS mode, and then delete the virus-infected Notepad.exe and Note.com files, and in some cases, an infected copy of the Wininit.exe file....
...pressing Enter after each line: del notepad.exe ren note.com notepad.exe...
...the following Name and Data: startIE "notepad qazwsx.hsq" NOTES:...
...In most cases, the text in the Data column points to Notepad. A few cases have been reported...
Источник: http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.qaz.c.html |
|---|
How Symantec Addresses Microsoft Compromise |
|---|
performs the following actions: Renames notepad.exe to note.com. Creates a copy of itself called...
...notepad.exe. Executes the old notepad.exe (note.com) when invoked by a user....
...registry (HKLMSoftwareMicrosoftWindowsCurrentVersionRun "StartIE"="C:WINDOWSNOTEPAD.EXE qazwsx.hsq") so that it is automatically executed during system startup....
...default, ESM and Intruder Alert audit changes to sensititive system files, including notepad.exe. This auditing can be configured...
...In the case of QAZ it detects the addition notepad.exe being added to the Run key....
...In the case of the QAZ worm, ESM detects a change to notepad.exe. ESM also detects that note.com...
...In the case of the QAZ worm, Intruder Alert detects that the MD5 hash of notepad.exe has changed. It also detects the addition...
......
Источник: http://securityresponse.symantec.com/avcenter/security/Content/2000_10_31.html |
|---|
|
|
![[filename.info logo]](/img/logo.png){kind=logo}
![[cn notepad.exe]](/img/nix.gif){kind=small}
