티스토리나 네이버 블로그에서 악성 프로그램을 링크를 걸어서 일반적인 프로그램을 악성프로그램으로 변조하여 다운로드를 시키고, 추가로 설치하는 개쓰레기 프로그램의 삭제코드 목록입니다.
이 악성코드는 이전에 만들었던 WindowexeLog 프로그램으로 삭제가 가능합니다.
삭제코드
||[00-PROCESS]**a_searchlikeex||
||[00-PROCESS]**b_searchlikeex||
||[00-PROCESS]**DrtLauncher||
||[00-PROCESS]**DtsGuard||
||[00-PROCESS]**DtsGuardCare||
||[00-PROCESS]**DtsMainCon||
||[00-PROCESS]**DtsMainProc||
||[00-PROCESS]**gongoo||
||[00-PROCESS]**HubCloud||
||[00-PROCESS]**HubConsole||
||[00-PROCESS]**HubService||
||[00-PROCESS]**ISZone||
||[00-PROCESS]**MBTIPv32||
||[00-PROCESS]**MBTIUPv32||
||[00-PROCESS]**msload||
||[00-PROCESS]**ngpup||
||[00-PROCESS]**scun||
||[00-PROCESS]**searchlike||
||[00-PROCESS]**sngp||
||[00-PROCESS]**sppobjs||
||[00-PROCESS]**srvwebbora||
||[00-PROCESS]**StorageServiceManager||
||[00-PROCESS]**topsadonagent||
||[00-PROCESS]**webbora||
||[00-PROCESS]**webboraset||
||[00-PROCESS]**wngplog||
||[01-HKCUREG]**DtsGuard||
||[01-HKCUREG]**DtsMainCon||
||[01-HKCUREG]**DtsMainProc||
||[01-HKCUREG]**MBTIPv32||
||[01-HKCUREG]**MBTIUPv32||
||[01-HKCUREG]**MSLoad||
||[01-HKCUREG]**NGPlus||
||[01-HKCUREG]**searchlike||
||[01-HKCUREG]**topsadon||
||[01-HKCUREG]**topsadonagent||
||[01-HKCUREG]**Webbora||
||[01-HKCUREG]**wngplog||
||[03-BHOCLSD]**{71B3701C-3A1D-4C67-A2D3-884CB7FB4317}||
||[05-SERVICE]**Windows NewGoPlus Log Service||
||[06-TASKLST]**bijg||
||[06-TASKLST]**HubCloud||
||[06-TASKLST]**HubConsole||
||[06-TASKLST]**HubService||
||[06-TASKLST]**MSLoad||
||[06-TASKLST]**NGPlus||
||[06-TASKLST]**StorageServiceManager||
||[25-DIREDEL]**C:\Program Files\ISZone||
||[25-DIREDEL]**C:\Users\Administrator\AppData\Local\searchlike||
||[25-DIREDEL]**C:\Users\Administrator\AppData\Local\Windows MBT Icons||
||[25-DIREDEL]**C:\Users\Administrator\AppData\Roaming\DreamTong\SmartService\Common||
||[25-DIREDEL]**C:\Users\Administrator\AppData\Roaming\DreamTong\SmartService\Guard||
||[25-DIREDEL]**C:\Users\Administrator\AppData\Roaming\HubCloud||
||[25-DIREDEL]**C:\Users\Administrator\AppData\Roaming\newgoplus||
||[25-DIREDEL]**C:\Users\Administrator\AppData\Roaming\topsadon||
||[25-DIREDEL]**C:\Users\Administrator\AppData\Roaming\webbora||
시작 프로그램 및 서비스, 인터넷 익스플로러 BHO(확장모듈), 작업 스케쥴러에 등록되는 프로세스 목록입니다.
NGPlus C:\Users\Administrator\AppData\Roaming\newgoplus\sngp.exe
Webbora C:\Users\Administrator\AppData\Roaming\webbora\webbora.exe
MSLoad C:\Users\Administrator\AppData\Roaming\newgoplus\msload.exe
MBTIUPv32 C:\Users\Administrator\AppData\Local\Windows MBT Icons\MBTIUPv32.exe
topsadon C:\Users\Administrator\AppData\Roaming\topsadon\topsadon.exe
topsadonagent C:\Users\Administrator\AppData\Roaming\topsadon\topsadonagent.exe
DtsMainCon C:\Users\Administrator\AppData\Roaming\DreamTong\SmartService\Common\DtsMainCon.exe -t NWgbEUnH
DtsMainProc C:\Users\Administrator\AppData\Roaming\DreamTong\SmartService\Common\DtsMainProc.exe /Y UKpyz
DtsGuard C:\Users\Administrator\AppData\Roaming\DreamTong\SmartService\Guard\DtsGuard.exe -juccPCdzM
HubConsole C:\Users\Administrator\AppData\Roaming\HubCloud\HubConsole.exe
NGPlus C:\Users\Administrator\AppData\Roaming\newgoplus\sngp.exe
searchlike C:\Users\Administrator\AppData\Local\searchlike\searchlike.exe
wngplog C:\ProgramData\Plugins\wngplog.exe
MBTIPv32 C:\Users\Administrator\AppData\Local\Windows MBT Icons\MBTIPv32.exe
DtsMainCon C:\Users\Administrator\AppData\Roaming\DreamTong\SmartService\Common\DtsMainCon.exe -t XWKwXu
DtsMainProc C:\Users\Administrator\AppData\Roaming\DreamTong\SmartService\Common\DtsMainProc.exe /Y UCTFJjXV
DtsGuard C:\Users\Administrator\AppData\Roaming\DreamTong\SmartService\Guard\DtsGuard.exe -RbKKxjL
bijg C:\Windows\bijg.exe
HubCloud C:\Users\Administrator\AppData\Roaming\HubCloud\HubCloud.exe
HubService C:\Users\Administrator\AppData\Roaming\HubCloud\HubService.exe
MSLoad C:\Users\Administrator\AppData\Roaming\newgoplus\msload.exe
StorageServiceManager C:\ProgramData\StorageServiceManager\StorageServiceManager.exe
topsadon Class C:\Users\Administrator\AppData\Roaming\topsadon\topsadonbho.dll {71B3701C-3A1D-4C67-A2D3-884CB7FB4317}
Windows NewGoPlus Log Service Windows NewGoPlus Log Service C:\Users\Administrator\AppData\Roaming\newgoplus\ngpup.exe