Trojan.W97M.EMOTET.SMI
HEUR:Trojan.Script.Generic (KASPERSKY); TrojanDownloader:O97M/Emotet.S!MTB (MICROSOFT)
Windows
恶意软件类型:
Trojan
有(yǒu)破坏性?:
没有(yǒu)
加密?:
是的
In the Wild:
是的
概要
它以文(wén)件的形式出现在系统中(zhōng),可(kě)能(néng)是其他(tā)恶意软件投放的,或者是用(yòng)户在访问恶意网站时无意中(zhōng)下载的。
技(jì )术详细信息
???????
It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
??
????????:
- {Malware Path}\{Time} ? deleted afterwards
???????:
- {Malware Path}\{Time}\{filename} ? from downloaded zipped file
- {Malware Path}\{Time}.tmp ? renamed and moved copy of {filename}
???????:
- "%System%\regsvr32.exe" /s "{Malware File Path}\{Time}.tmp" ? if download is successful
(??: %System% ? Windows ? system ???,???? C:\Windows\System (Windows 98 ? ME)?C:\WINNT\System32 (Windows NT ? 2000) ? C:\WINDOWS\system32 (Windows 2000(32-bit)?XP?Server 2003(32-bit)?Vista?7?8?8.1?2008(64-bit),2012(64bit) ? 10(64-bit))?)
????
???????????????:
- {Malware Path}\{Time}.zip ? deleted afterwards
解决方案
Step 1
??Windows ME?XP??,????,????????????,??????????
Step 2
注意:在此恶意软件/间谍软件/灰色软件执行期间,并非所有(yǒu)文(wén)件、文(wén)件夹和注册表键值和项都会安(ān)装(zhuāng)到您的计算机上。这可(kě)能(néng)是由于不完整的安(ān)装(zhuāng)或其他(tā)操作(zuò)系统条件所致。如果您没有(yǒu)找到相同的文(wén)件/文(wén)件夹/注册表信息,请继续进行下一步操作(zuò)。
Step 3
?????????
- {Malware Path}\{Time}.zip
- {Malware Path}\{Time}\{filename}
- {Malware Path}\{Time}.tmp
- {Malware Path}\{Time}.zip
- {Malware Path}\{Time}\{filename}
- {Malware Path}\{Time}.tmp
Step 4
??????????
- {Malware Path}\{Time}
Step 5
?????????????,???????Trojan.W97M.EMOTET.SMI?? ????????????????????????,????????????????????????????????????????