�� esetnod32.ru [��: Win32/Corcow AX]

Win32/Corcow AX

Wed, 24 Dec 2014 17:54:31 +0300

Win32/Corcow AX Win32/Corcow AX � �� .
+
��
https://www.virustotal.com/ru/file/7339d925fdf3dd891a1d2b760148ab248cc62029433f87bb39110a918886fc0c/...

�.�. �� VT

====quote====
�� C:\PROGRAM FILES\WINDOWS NT\MICROSOFT\SP2SF\REGSNAP.API
�� REGSNAP.API

��
�� Win32/Corkow.AZ [ESET-NOD32] [�� 64(64), ��. �� 64, �� 64]

www.virustotal.com 2014-12-24 [2014-12-24 14:53:09 UTC ( 3 minutes ago )]
DrWeb Trojan.Bayanker.38
ESET-NOD32 Win32/Corkow.AZ

��
CORKOW.LANMANSERVER (�� ~ LANMANSERVER)(1) AND (��. �� !~ ��)(1)
SERV_DLL.FALSE (�� ~ \PARAMETERS\SERVICEDLL)(1) AND (��. �� !~ ��)(1)
=============

24.12.2014 17:54:31, santy.

Win32/Corcow AX

Wed, 24 Dec 2014 17:45:56 +0300

Win32/Corcow AX Win32/Corcow AX � �� .

====quote====
zloyDi ��:

====quote====
�� :
�� .

=============
�� ... �� . �� .
=============
�� . �� -�� . ��, �� .
24.12.2014 17:45:56, �� .

Win32/Corcow AX

Wed, 24 Dec 2014 17:21:31 +0300

Win32/Corcow AX Win32/Corcow AX � �� .

====quote====
�� :
�� .

=============

�� ... �� . �� .
24.12.2014 17:21:31, zloyDi.

Win32/Corcow AX

Wed, 24 Dec 2014 14:16:16 +0300

Win32/Corcow AX Win32/Corcow AX � �� .
�� uVS ��.
�� .
�� .
�� .
�� https://www.virustotal.com/ �� , �� REGSNAP.API �� .
�� .
��!
24.12.2014 14:16:16, �� .

Win32/Corcow AX

Wed, 24 Dec 2014 13:47:01 +0300

Win32/Corcow AX Win32/Corcow AX � �� .

====quote====
RP55 RP55 ��:
�� : REGSNAP.API
C:\PROGRAM FILES\WINDOWS NT\MICROSOFT\SP2SF\REGSNAP.API
��: https://www.virustotal.com/
�� .
=============

� �� https://www.virustotal.com/ �� - �� , � �� (
24.12.2014 13:47:01, �� .

Win32/Corcow AX

Wed, 24 Dec 2014 13:21:13 +0300

Win32/Corcow AX Win32/Corcow AX � �� .
�� uVS:
- �� ;
- �� uVS(start.exe), �� : �� , �� - �� - �� ;
- �� ;
�� - �� _�� "��"
====code====

;uVS v3.85.3 [http://dsrt.dyndns.org]
;Target OS: NTv6.1
v385c
OFFSGNSAVE
addsgn 7F8D846F27B8B2AA48B0FB0FF7FE10C3A384B3EE89FA1F7885C3C5BC50D6714C2317C3573E559D492B80849F461649FA7DDFE87255DAB02C2D77A42FC7062273 64 Cork

zoo %SystemDrive%\PROGRAM FILES\WINDOWS NT\MICROSOFT\SP2SF\REGSNAP.API
;------------------------autoscript---------------------------

chklst
delvir

; Java(TM) 6 Update 23
exec MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216021FF} /quiet
deltmp
delnfr
;-------------------------------------------------------------

czoo
restart

=============
��, �� .
�� uVS (�� : ZOO_2012-12-31_23-59-59.rar/7z) �� sendvirus2011@gmail.com, support@esetnod32.ru
------------
��,
��
http://forum.esetnod32.ru/forum9/topic10688/
24.12.2014 13:21:13, santy.

Win32/Corcow AX

Wed, 24 Dec 2014 12:57:16 +0300

Win32/Corcow AX Win32/Corcow AX � �� .
��
�� : REGSNAP.API
C:\PROGRAM FILES\WINDOWS NT\MICROSOFT\SP2SF\REGSNAP.API
��: https://www.virustotal.com/
�� .
24.12.2014 12:57:16, RP55 RP55.

Win32/Corcow AX

Wed, 24 Dec 2014 11:19:48 +0300

Win32/Corcow AX Win32/Corcow AX � �� .
��.
� �� , ��
�� : "�� " �� ""�� ."" - �� . �� . ��.

ADMIN-PK_2014-12-24_10-05-24.RAR
24.12.2014 11:19:48, �� .

Win32/Corcow AX

Tue, 23 Dec 2014 20:15:38 +0300

Win32/Corcow AX Win32/Corcow AX � �� .
�� , ��
�� uVS �� :
�� _��_��.txt �� ***.7z
--------
�� :
1-��_2014-12-04_16-52-44.txt
��
ADMIN-7T4XP3C7I_2014-12-18_15-27-40.txt

---------
�� ,
�� , � �� ,
�� .
23.12.2014 20:15:38, santy.

Win32/Corcow AX

Tue, 23 Dec 2014 19:49:59 +0300

Win32/Corcow AX Win32/Corcow AX � �� .
�� . �� 32 �� "�� ! �� =svchost.exe( 944 ) �� Win32/Corkow.AX �� . �� - �� "
��, ��.
�� 4 �� "�� uVS (�� )" ��, �� "�� (� �� _��_��_��.txt) �� 7z �� rar." �� .
�� "�� ." �� .
�� ?
23.12.2014 19:49:59, �� .

����� esetnod32.ru [����: Win32/Corcow AX]

Win32/Corcow AX

Win32/Corcow AX

Win32/Corcow AX

Win32/Corcow AX

Win32/Corcow AX

Win32/Corcow AX

Win32/Corcow AX

Win32/Corcow AX

Win32/Corcow AX

Win32/Corcow AX

�� esetnod32.ru [��: Win32/Corcow AX]