http://net-studio.org >> Patch>

SdBot fix pour le virus ctfmonn.exe


	Patchs for virus
	Tutorials
	Tips
	Forum
	Windows Optimum
	USB FireWall
	Boost Google Search

	Alias
	Voici les Alias de ctfmonn.exe et de ses variantes par les éditeurs d'Antivirus Backdoor.SdBot [PCTools] Backdoor.Win32.SdBot.arn [Kaspersky Lab] W32.Spybot.Worm [Symantec] W32/Sdbot.worm.gen.ax [McAfee]
	Information
	Ce virus se transmet vie la réseau et attends des instructions venant du développeur du virus sur la machine inféctée en utilisant IRC. Le virus peut se mettre à jour tout seul sur Internet, pouvant aussi donc modifier ses paramètres ou ses possibilités.
	Fichier
	Le virus met trois fichiers dans le système: <Windows>\ctfmonn.exe Deux autres fichiers dans les disques externes et Flash disque : autorun.inf ctfmonn.exe
	Registre
	Crée les clés de registre : HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_SERVICE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_SERVICE\0000 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_SERVICE\0000\Control HKEY_LOCAL_MACHINE\SOFTWARE\ProductName HKEY_LOCAL_MACHINE\SOFTWARE\ProductName\ProductID HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NETWORK SERVICE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NETWORK SERVICE\Security HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NETWORK SERVICE\Enum HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NETWORK SERVICE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NETWORK SERVICE\Security HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NETWORK SERVICE\Enum HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_SERVICE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_SERVICE\0000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_SERVICE\0000\Control Crée les valeurs: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotAllowXPSP2 = 0x00000001 HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile EnableFirewall = 0x00000000 HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile EnableFirewall = 0x00000000 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_SERVICE\0000\Control NewlyCreated = 0x00000000 ActiveService = "NETWORK SERVICE" HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_SERVICE\0000 Service = "NETWORK SERVICE" Legacy = 0x00000001 ConfigFlags = 0x00000000 Class = "LegacyDriver" ClassGUID = "{8ECC055D-047F-11D1-A537-0000F8753ED1}" DeviceDesc = "NETWORK SERVICE" HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_SERVICE NextInstance = 0x00000001 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NETWORK SERVICE\Enum 0 = "Root\LEGACY_NETWORK_SERVICE\0000" Count = 0x00000001 NextInstance = 0x00000001 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NETWORK SERVICE\Security Security = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 0 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NETWORK SERVICE Type = 0x00000110 Start = 0x00000002 ErrorControl = 0x00000000 ImagePath = "<Windows>\ctfmonn.exe" DisplayName = "NETWORK SERVICE" ObjectName = "LocalSystem" FailureActions = 0A 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 B8 0B 00 00 Description = "NETWORK SERVICE" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_SERVICE\0000\Control NewlyCreated = 0x00000000 ActiveService = "NETWORK SERVICE" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_SERVICE\0000 Service = "NETWORK SERVICE" Legacy = 0x00000001 ConfigFlags = 0x00000000 Class = "LegacyDriver" ClassGUID = "{8ECC055D-047F-11D1-A537-0000F8753ED1}" DeviceDesc = "NETWORK SERVICE" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_SERVICE NextInstance = 0x00000001 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NETWORK SERVICE\Enum 0 = "Root\LEGACY_NETWORK_SERVICE\0000" Count = 0x00000001 NextInstance = 0x00000001 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NETWORK SERVICE\Security Security = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NETWORK SERVICE Type = 0x00000110 Start = 0x00000002 ErrorControl = 0x00000000 ImagePath = <Windows>\ctfmonn.exe" DisplayName = "NETWORK SERVICE" ObjectName = "LocalSystem" FailureActions = 0A 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 B8 0B 00 00 Description = "NETWORK SERVICE" Modifie les valeurs: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole EnableDCOM = "N" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center AntiVirusOverride = 0x00000001 FirewallOverride = 0x00000001 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths Directory = "%user%\LocalService\Local Settings\Temporary Internet Files\Content.IE5" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1 CachePath = "%user%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2 CachePath = "%user%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache2" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3 CachePath = "%user%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache3" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4 CachePath = "%user%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache4" HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control WaitToKillServiceTimeout = "7000" HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa restrictanonymous = 0x00000001 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceCurrent (Default) = 0x00000015 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control WaitToKillServiceTimeout = "7000" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa restrictanonymous = 0x00000001 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceCurrent (Default) = 0x00000015 HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders Cookies = "%user%\LocalService\Cookies" Cache = "%user%\LocalService\Local Settings\Temporary Internet Files" History = "%user%\LocalService\Local Settings\History"
	ATTENTION
	Il est préférable de télécharger ce patch et de le décompresser sur le bureau, de redémarrer votre machine en mode sans échec et de lancer le patch, toujours en mode sans échec. Tutoriel mode sans échec.

	Lien

Les derniers Patchs:

Antivirus 360 (av360.exe)
Spyware Guard (spywareguard.exe, Mal/EncPk-CZ, Rootkit.Win32.TDSS, SpywareGuard2008, Program:Win32/FakeSpyguard)
Brastk (Win32/Wantvi.I, Brastk.exe)
Braviax (Win32/Wantvi.I, Braviax.exe)
XP AntiSpyware 2009 (XP_AntiSpyware.exeL, Downloader.Win32.Agent.bs,New Malware.aj)
FlashGuard.exe (DriveGuard.exe,Win32.Worm.Autoit.AL, AUTORUN.TZ)
cradle of filth (cradle_of_filth.vbe, Notre Gates qui est à Seattle)

COPYRIGHT (C) 2008 NET STUDIO, ALL RIGHT RESERVED