LegendKiller Posted October 8, 2014 Report Share Posted October 8, 2014 Virus.Win32.Ramnit.a | Lavasoft Quote Link to comment Share on other sites More sharing options...
tweky94 Posted October 8, 2014 Report Share Posted October 8, 2014 mai pe romaneste? Quote Link to comment Share on other sites More sharing options...
.Breacker Posted October 8, 2014 Report Share Posted October 8, 2014 The script is executed each time the user opens the infected disk using the Windows Explorer if the autoplay function is turned on. Being executed, the script launches the "<rnd_2>.exe" file. Shortcuts created by the malicious program are exploits which use the CVE-2010-2568 vulnerability. In the "shell32.dll" library, this vulnerability consists in error of the shortcut processing (lnk and .pif files) and allows launching a code of random Windows libraries when hitting icons to open programs by the Windows Explorer. The code of the "<rnd_1>.cpl" library is launched. Being executed, it launches the "<rnd_2>.exe" file. The malicious program prevents modifying the files described above and creates them in an endless cycle.File InfectionThe virus infects files with the following extensions:exehtmldllhtm E grele limbele engleze . Quote Link to comment Share on other sites More sharing options...
nedo Posted October 8, 2014 Report Share Posted October 8, 2014 In pagina respectiva se gaseste un droper(adica este o pagina ce odata vizitata instaleaza pe calculatorul vizitatorului un virus, sau incearca sa instaleze un virus).Sugerez sa le stergi sau, si mai bine, sa cauti alta tema, intrucat aia sigur e plina de tot felul de gauri si probabil si backdoor-uri(modalitati prin care un hacker - cel ce probabil a creat/editat tema respectiva - sa poata obtine access la serverele celor ce ii folosesc tema). Quote Link to comment Share on other sites More sharing options...
nonimporta Posted October 8, 2014 Report Share Posted October 8, 2014 Zi cum se numeste tema poate... Quote Link to comment Share on other sites More sharing options...
