Trojan.Alnaddy jest szkodnik ściąganym i uruchamianym ręcznie, który może ściągać inne paskudy na komputer.
Szkodnik tworzy następujące pliki
Kod: Zaznacz cały
%ProgramFiles% \Universal Updater\settings.json
%ProgramFiles%\ Universal Updater\UpdaterService.exe
Następnie w rejestrze dodaje
Kod: Zaznacz cały
HKEY_LOCAL_MACHINE\SOFTWARE\Universal\"aid" = "1001"
HKEY_LOCAL_MACHINE\SOFTWARE\Universal\"dt" = "23102014"
HKEY_LOCAL_MACHINE\SOFTWARE\Universal\"geo" = "[GEO]"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UniversalUpdater\"Type" = "10"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UniversalUpdater\"Start" = "2"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UniversalUpdater\"ErrorControl" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UniversalUpdater\"ImagePath" = "%ProgramFiles%\Universal Updater\UpdaterService.exe"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UniversalUpdater\"DisplayName" = "Universal Updater Service"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UniversalUpdater\"ObjectName" = "LocalSystem"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UniversalUpdater\"Description" = "Keeps your computer synchronized with the latest software updates."
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UniversalUpdater\Security\"Security" = "[BINARY DATA]"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UniversalUpdater\"Type" = "10"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UniversalUpdater\"Start" = "2"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UniversalUpdater\"ErrorControl" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UniversalUpdater\"ImagePath" = "%ProgramFiles%\Universal Updater\UpdaterService.exe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UniversalUpdater\"DisplayName" = "Universal Updater Service"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UniversalUpdater\"ObjectName" = "LocalSystem"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UniversalUpdater\"Description" = "Keeps your computer synchronized with the latest software updates."
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UniversalUpdater\Security\"Security" = "[BINARY DATA]"
Tworzy też usługę o nazwie Universal Updater Service z opisem
eeps your computer synchronized with the latest software updates.
Dodaje też dwa podklucze
Kod: Zaznacz cały
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UniversalUpdater
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UniversalUpdater