   AVZ  4.32
   20.06.2010 0:26:29
 :  - 274696,  - 2,   - 56,   17.06.2010 17:28
  : 383
  : 9
    : 209860
  :   
 : 
 Windows: 5.1.2600, Service Pack 2 ; AVZ    
 : 
1.  RootKit  ,   API
1.1   API,   UserMode
  kernel32.dll,      .text
  ntdll.dll,      .text
  user32.dll,      .text
  advapi32.dll,      .text
  ws2_32.dll,      .text
  wininet.dll,      .text
  rasapi32.dll,      .text
  urlmon.dll,      .text
  netapi32.dll,      .text
1.2   API,   KernelMode
   
 SDT  (RVA=082B80)
  ntoskrnl.exe      804D7000
   SDT = 80559B80
   KiST = 804E2D20 (284)
 : 284, : 0, : 0
1.3  IDT  SYSENTER
    1
  IDT  SYSENTER 
1.4     
   ,       AVZPM
   
1.5   IRP
  
2.  
   : 26
 -   1584 C:\Program Files\eSMI\eSmiLoader.exe
[ES]:   
[ES]:    
[ES]:   !!
[ES]: DLL RASAPI - ,     ?
 -   1772 C:\OPLIMIT\ocrawr32.exe
[ES]:    
   : 322
  
3.  
4.  Winsock Layered Service Provider (SPI/LSP)
  LSP .   
5.    // (Keylogger,  DLL)
C:\OPLIMIT\oahook32.dll -->   Keylogger   DLL
C:\OPLIMIT\oahook32.dll>>>   
  1.   : , ,  
C:\OPLIMIT\oahook32.dll>>> :    0.00%      /
 :     ,      (  FAQ), ..    DLL-
6.    TCP/UDP,   
   
7. c  
>>>      \ "bkmcsbn"
>>>      \ "hevsyec"
 
8.   
>> :     RemoteRegistry ( )
>> :     TermService ( )
>> :     SSDPSRV (  SSDP)
>> :     TlntSvr (Telnet)
>> :     Schedule ( )
>> :     mnmsrvc (NetMeeting Remote Desktop Sharing)
>> :     RDSessMgr (      )
> :   -           (,     ...)!
>> :     CDROM
>> :       (C$, D$ ...)
>> :      
>> :     
 
9.     
 >>     HDD
 >>      
 >>      
 
 : 348,   : 0,    0,  - 0
   20.06.2010 0:27:37
  00:01:11
            ,
      - http://virusinfo.info
  
  
