تم المسح

** المراقب **

مافي شيء الملف

اخ فيصل قم بعمل سيرش كامل للتروجينز :blackeye: .
Virus Profile: BackDoor-AVW

Type = Trojan
SubType = Remote Access

When the server component is executed, the Trojan drops the following files:


%Windows%\services.exe
%Windows%\system\sservice.exe
%Windows%\system32\fservice.exe
%Windows%\system32\reginv.dll (Hides the Trojan process from the process list)
%Windows%\system32\winkey.dll (Logs keystrokes belonging to application windows)
%Windows%\ktd32.atm (Stores recorded keystrokes)
In an attempt to make the dropped files harder to find, the files have their attributes changed to hidden and system.

The following Registry entries are modified, so the Trojan runs on startup:


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"
Explorer.exe %Windir%\system32\fservice.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{5Y99AE78-58TT-11dW-BE53-Y67078979Y} "StubPath"
%Windir%\system\sservice.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
policies\Explorer\Run "DirectX For Microsoft® Windows"
%Windir%\system32\fservice.exe

حبيبي اللعب بعيد .. :ciao:

وشـــــــــــ:yup::yup::yup::yup:ـــــــــــكراً