2007. 10. 9. 04:44

이상한 메세지가 뜨는 Hacked by 아무개가 뜨는 바이러스 치료법입니다.



드라이브가 클릭이 안되는현상,

첨부파일을 다운받아 실행하고, 다음, 다음, 드라이브 선택하고 치료.

재부팅을합니다.

스크린샷 찍느냐고 바이러스 안걸린 피씨에서 실행했더니 익스플로러 설정이 일부 변경되었네요. ㅡ,.ㅡ;;;;



레지스트리 변경로그입니다.

HKEY_USERS\S-1-5-21-484763869-2049760794-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced HideFileExt 0x00000001 (1) 32-bit number Delete detected
HKEY_USERS\S-1-5-21-484763869-2049760794-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced HideFileExt 0x00000001 (1) 32-bit number Delete allowed
HKEY_USERS\S-1-5-21-484763869-2049760794-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced HideFileExt 0x00000000 (0) 32-bit number Create detected
HKEY_USERS\S-1-5-21-484763869-2049760794-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced HideFileExt 0x00000000 (0) 32-bit number Create allowed
HKEY_USERS\S-1-5-21-484763869-2049760794-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced Hidden 0x00000001 (1) 32-bit number Delete detected
1HKEY_USERS\S-1-5-21-484763869-2049760794-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced Hidden 0x00000001 (1) 32-bit number Delete allowed
HKEY_USERS\S-1-5-21-484763869-2049760794-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced Hidden 0x00000001 (1) 32-bit number Create detected
HKEY_USERS\S-1-5-21-484763869-2049760794-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced Hidden 0x00000001 (1) 32-bit number Create allowed
HKEY_USERS\S-1-5-21-484763869-2049760794-682003330-500\Software\Microsoft\Internet Explorer\Main Start Page about:blank Unicode null-terminated string Delete detected
HKEY_USERS\S-1-5-21-484763869-2049760794-682003330-500\Software\Microsoft\Internet Explorer\Main Start Page about:blank Unicode null-terminated string Delete allowed
HKEY_USERS\S-1-5-21-484763869-2049760794-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced HideFileExt 0x00000000 (0) 32-bit number Delete detected
HKEY_USERS\S-1-5-21-484763869-2049760794-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced HideFileExt 0x00000000 (0) 32-bit number Delete allowed
HKEY_USERS\S-1-5-21-484763869-2049760794-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced HideFileExt 0x00000000 (0) 32-bit number Create detected
HKEY_USERS\S-1-5-21-484763869-2049760794-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced HideFileExt 0x00000000 (0) 32-bit number Create allowed
HKEY_USERS\S-1-5-21-484763869-2049760794-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced Hidden 0x00000001 (1) 32-bit number Delete detected
HKEY_USERS\S-1-5-21-484763869-2049760794-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced Hidden 0x00000001 (1) 32-bit number Delete allowed
HKEY_USERS\S-1-5-21-484763869-2049760794-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced Hidden 0x00000001 (1) 32-bit number Create detected
HKEY_USERS\S-1-5-21-484763869-2049760794-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced Hidden 0x00000001 (1) 32-bit number Create allowed
HKEY_USERS\S-1-5-21-484763869-2049760794-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ShowSuperHidden 0x00000001 (1) 32-bit number Delete detected
HKEY_USERS\S-1-5-21-484763869-2049760794-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ShowSuperHidden 0x00000001 (1) 32-bit number Delete allowed
HKEY_USERS\S-1-5-21-484763869-2049760794-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ShowSuperHidden 0x00000001 (1) 32-bit number Create detected
HKEY_USERS\S-1-5-21-484763869-2049760794-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ShowSuperHidden 0x00000001 (1) 32-bit number Create allowed
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit C:\WINDOWS\system32\userinit.exe, Unicode null-terminated string Delete detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit C:\WINDOWS\system32\userinit.exe, Unicode null-terminated string Delete allowed
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit C:\WINDOWS\system32\userinit.exe, Unicode null-terminated string Create detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit C:\WINDOWS\system32\userinit.exe, Unicode null-terminated string Create allowed

관련글 보기
2007/10/09 - [윈도우즈/컴퓨터] - 안철수연구소에서 배포하는 Win32/Polip 전용백신툴

Posted by jinmoda