컴퓨터에서 인터넷 뱅킹을 하다보면 키보드 보안 관련 프로그램을 여러개 설치하게 됩니다.
은행사마다 보안 프로그램도 달라서 여러 사이트를 이용하다보면 많은 보안 프로그램들이 컴퓨터에 설치가 되는데요.
그중에서 AhnLab Safe Transaction 은 프로세스도 종료할 수 없도록 설정되어 있습니다.
완전 악질중 악질입니다. ㅠㅠ
AhnLab Safe Transaction 관련 프로세스를 부팅시 자동실행이 되지 않도록 설정하는 방법에 대해서 알아보겠습니다.
테스트한 설치파일의 속성입니다.
파일이름 : astx_setup.exe
설명 : AhnLab Safe Transaction Setup Program.
파일버전 : 1.5.0.1576
제작사 : AhnLab, Inc.
제품이름 : AhnLab Safe Transaction
저작권 : (C) 2015 AhnLab, Inc. All rights reserved.
파일해시 MD5 : 3638f56c1e220fd3a3c46ecdc7c39807
파일해시 SHA1 : d4b633460d0e5704290f962f5426c073ff889a82
파일해시 SHA256 : 60ba95640408856ee14666806d34c131390ff853959356eeb126a19ed317e84a
파일 사이즈 : 77,926,128 Bytes
프로그램 설치부터 해보겠습니다.
다운로드 받은 설치 파일 실행, 다음클릭.
동의함 클릭.
프로그램 설치가 완료되었습니다. 마침을 클릭하세요.
안랩 프로그램이 실행되면 시스템 트레이에 방패 모양의 아이콘이 생기고 마우스를 그 위에 놓으면 관련 메세지가 표시됩니다.
안랩 관련 프로세스는 작업관리자에서 강제 종료가 불가능합니다.
그래서 환경 설정에서 변경해야만 됩니다.
마우스 우클릭해서 환경설정을 클릭하세요.
시작 유형에 보면 자동 시작 항목이 있는데요.
자동 시작 사용안함, 보호 사이트 종료 시 자동 종료 이걸로 선택하세요.
시작 유형을 변경할 건지 물어보는데 시작 유형 변경에 체크하고 예를 클릭하세요.
아주 개같은 프로그램입니다. 메인 설정화면에서 바로 적용하면 되는데 또 물어보네요.
잠시 기다리면 안랩 관련 프로세스는 종료되고 부팅시에도 프로그램이 실행되지 않습니다.
AhnLab Safe Transaction 프로그램을 삭제해보겠습니다.
제어판 - 프로그램 추가/제거로 이동해서 AhnLab Safe Transaction 를 더블클릭하세요.
제거를 클릭하세요.
자동 삭제 방지 문자를 물어보네요. 화면에 보이는 숫자를 입력하고 제거를 클릭하세요.
마지막까지 욕이 나옵니다.
프로그램 삭제가 완료되었습니다. 확인을 클릭하세요.
프로그램 설치후 생성되는 파일 및 레지스트리 모니터링 결과
실행중인 프로세스
C:\Program Files\AhnLab\Safe Transaction\StSess.exe
C:\Program Files\AhnLab\Safe Transaction\Nz32\StSess32.exe
C:\Program Files\AhnLab\Safe Transaction\ASDSvc.exe
시작프로그램
C:\Program Files\AhnLab\Safe Transaction\stsess.exe /tray - AhnLab Safe Transaction Application
윈도우 서비스
C:\Program Files\AhnLab\Safe Transaction\ASDSvc.exe - SafeTransactionSVC - AhnLab Safe Transaction Service
드라이버 서비스
C:\Windows\system32\Drivers\Cdm2DrNt.sys - Cdm2DrNt - Cdm2DrNt
C:\Windows\system32\drivers\AhnRghNt.sys - AhnRghNt - AhnRghNt
C:\Program Files\AhnLab\Safe Transaction\ATamptNt.sys - ATamptNt_SafeTransaction - ATamptNt_SafeTransaction
C:\Program Files\AhnLab\Safe Transaction\AHAWKENT.sys - AntiStealth_SafeTransaction - AntiStealth_SafeTransaction
C:\Program Files\AhnLab\Safe Transaction\TfFRegNt.sys - AntiStealth_SafeTransactionF - AntiStealth_SafeTransactionF
C:\Program Files\AhnLab\Safe Transaction\TSFltDrv.sys - TSFltDrv_SafeTransaction - TSFltDrv_SafeTransaction
C:\Program Files\AhnLab\Safe Transaction\MeDCoreD.sys - MeDCoreD_SafeTransaction - MeDCoreD_SafeTransaction
C:\Windows\system32\Drivers\AMonCDW8.sys - AMonCDW8 - AMonCDW8
C:\Program Files\AhnLab\Safe Transaction\MeDVpDrv.sys - MeDVpDrv_SafeTransaction - MeDVpDrv_SafeTransaction
C:\Program Files\AhnLab\Safe Transaction\TNFwNt.sys - TNFwNt_SafeTransaction - TNFwNt_SafeTransaction
C:\Program Files\AhnLab\Safe Transaction\TNNipsNt.sys - TNNipsNt_SafeTransaction - TNNipsNt_SafeTransaction
C:\Windows\system32\drivers\V3ElamDr.sys - V3ElamDr - V3ElamDr
C:\Windows\system32\drivers\Mkd3kfNt.sys - Mkd3kfNt - Mkd3kfNt
C:\Windows\system32\drivers\Mkd2Nadr.sys - Mkd2Nadr - Mkd2Nadr
C:\Windows\system32\drivers\Mkd2Bthf.sys - Mkd2Bthf - Mkd2Bthf
C:\Windows\system32\drivers\HSBDrv64.sys - HSBDrv64 - HSBDrv64
프로그램 추가/제거
AhnLab Safe Transaction - AhnLab, Inc. - C:\Program Files\AhnLab\Safe Transaction\V3Medic.exe -Uninstall - C:\Program Files\AhnLab\Safe Transaction - {19DD1D8D-927F-45DF-ADF4-75D38267848D}
방화벽 규칙
AhnLab Safe Transaction - C:\Program Files\AhnLab\Safe Transaction\StSess.exe - {6D123B93-72B6-4BCF-B998-319739C9F81D}
파일 생성 목록 (일부 파일 필터링)
C:\Program Files\AhnLab\Safe Transaction\AhnCtlKD.dll
C:\Program Files\AhnLab\Safe Transaction\AMonLWLH.sys
C:\Program Files\AhnLab\Safe Transaction\aostrust.dll
C:\Program Files\AhnLab\Safe Transaction\Ark64.dll
C:\Program Files\AhnLab\Safe Transaction\Ark64lgplv2.dll
C:\Program Files\AhnLab\Safe Transaction\asc_main.dll
C:\Program Files\AhnLab\Safe Transaction\ASDCli.exe
C:\Program Files\AhnLab\Safe Transaction\ASDCr.exe
C:\Program Files\AhnLab\Safe Transaction\ASDi.dll
C:\Program Files\AhnLab\Safe Transaction\ASDSvc.exe
C:\Program Files\AhnLab\Safe Transaction\ASDUp.exe
C:\Program Files\AhnLab\Safe Transaction\ASDWsc.exe
C:\Program Files\AhnLab\Safe Transaction\ATampt.dll
C:\Program Files\AhnLab\Safe Transaction\ATamptNt.sys
C:\Program Files\AhnLab\Safe Transaction\AtamptU.dll
C:\Program Files\AhnLab\Safe Transaction\AupASD.exe
C:\Program Files\AhnLab\Safe Transaction\Av.dll
C:\Program Files\AhnLab\Safe Transaction\BtScnCtl.dll
C:\Program Files\AhnLab\Safe Transaction\CdmAPI.dll
C:\Program Files\AhnLab\Safe Transaction\CdmCtrl.dll
C:\Program Files\AhnLab\Safe Transactionadm.dll
C:\Program Files\AhnLab\Safe Transactionutil_.exe
C:\Program Files\AhnLab\Safe Transactionutil.exe
C:\Program Files\AhnLab\Safe Transaction\freebl3.dll
C:\Program Files\AhnLab\Safe Transaction\libnspr4.dll
C:\Program Files\AhnLab\Safe Transaction\libplc4.dll
C:\Program Files\AhnLab\Safe Transaction\libplds4.dll
C:\Program Files\AhnLab\Safe Transaction3.dll
C:\Program Files\AhnLab\Safe Transactionckbi.dll
C:\Program Files\AhnLab\Safe Transactiondbm3.dll
C:\Program Files\AhnLab\Safe Transactionutil3.dll
C:\Program Files\AhnLab\Safe Transaction\smime3.dll
C:\Program Files\AhnLab\Safe Transaction\softokn3.dll
C:\Program Files\AhnLab\Safe Transaction\sqlite3.dll
C:\Program Files\AhnLab\Safe Transaction\ssl3.dll
C:\Program Files\AhnLab\Safe Transaction\Core.dll
C:\Program Files\AhnLab\Safe Transaction\Fw.dll
C:\Program Files\AhnLab\Safe Transaction\HsbCtl.dll
C:\Program Files\AhnLab\Safe Transaction\IAccessible2Proxy.dll
C:\Program Files\AhnLab\Safe Transaction\Ips.dll
C:\Program Files\AhnLab\Safe Transaction\Mdp.dll
C:\Program Files\AhnLab\Safe Transaction\atstrumt.dll
C:\Program Files\AhnLab\Safe Transaction\libcrypto-1_1-x64.dll
C:\Program Files\AhnLab\Safe Transaction\libssl-1_1-x64.dll
C:\Program Files\AhnLab\Safe Transaction\MeDCore.dll
C:\Program Files\AhnLab\Safe Transaction\MeDCoreD.sys
C:\Program Files\AhnLab\Safe Transaction\MeDExt.dll
C:\Program Files\AhnLab\Safe Transaction\MeDVpDrv.sys
C:\Program Files\AhnLab\Safe Transaction\MeDVpHkD.sys
C:\Program Files\AhnLab\Safe Transaction\MeDVpHkU.dll
C:\Program Files\AhnLab\Safe Transaction\MeDVpHkUW6.dll
C:\Program Files\AhnLab\Safe Transaction\AhnI2.dll
C:\Program Files\AhnLab\Safe Transaction\AhnUp.dll
C:\Program Files\AhnLab\Safe Transaction\AhnUpCtl.dll
C:\Program Files\AhnLab\Safe Transaction\atstrust.dll
C:\Program Files\AhnLab\Safe Transaction\mspatcha.dll
C:\Program Files\AhnLab\Safe Transaction.exe
C:\Program Files\AhnLab\Safe Transaction\RestoreU.exe
C:\Program Files\AhnLab\Safe Transaction\tsPatcha.dll
C:\Program Files\AhnLab\Safe Transaction\V3Hunt.dll
C:\Program Files\AhnLab\Safe Transaction\V3INet2.dll
C:\Program Files\AhnLab\Safe Transaction\V3INet3.dll
C:\Program Files\AhnLab\Safe Transaction\V3INet4.dll
C:\Program Files\AhnLab\Safe Transaction\aostrust32.dll
C:\Program Files\AhnLab\Safe Transaction\IAccessible2Proxy32.dll
C:\Program Files\AhnLab\Safe Transaction\NzBrcom32.dll
C:\Program Files\AhnLab\Safe Transaction\NzInst32.dll
C:\Program Files\AhnLab\Safe Transaction\powapi32.dll
C:\Program Files\AhnLab\Safe Transaction\StCtl32.dll
C:\Program Files\AhnLab\Safe Transaction\StSess32.exe
C:\Program Files\AhnLab\Safe Transaction\NzBrcom.dll
C:\Program Files\AhnLab\Safe Transaction\NzInst.dll
C:\Program Files\AhnLab\Safe Transaction\NzPlugin.dll
C:\Program Files\AhnLab\Safe Transaction\PdCfg.dll
C:\Program Files\AhnLab\Safe Transaction\powapi.dll
C:\Program Files\AhnLab\Safe Transaction\libacm.dll
C:\Program Files\AhnLab\Safe Transaction\msvcp90.dll
C:\Program Files\AhnLab\Safe Transaction\HsbCtl32.dll
C:\Program Files\AhnLab\Safe Transaction\nzbrcom32.dll
C:\Program Files\AhnLab\Safe Transaction\nzbrcomf32.dll
C:\Program Files\AhnLab\Safe Transaction\ScrMon32.dll
C:\Program Files\AhnLab\Safe Transaction\StSdk32.dll
C:\Program Files\AhnLab\Safe Transaction\nzbrcom.dll
C:\Program Files\AhnLab\Safe Transaction\nzbrcomf.dll
C:\Program Files\AhnLab\Safe Transaction\mkd2564.dll
C:\Program Files\AhnLab\Safe Transaction\StSdk.dll
C:\Program Files\AhnLab\Safe Transaction\SCTX.exe
C:\Program Files\AhnLab\Safe Transaction\mkd25.dll
C:\Program Files\AhnLab\Safe Transaction\mkd25def.dll
C:\Program Files\AhnLab\Safe Transaction\mkd25sdk.dll
C:\Program Files\AhnLab\Safe Transaction\mkd25def64.dll
C:\Program Files\AhnLab\Safe Transaction\mkd25sdk64.dll
C:\Program Files\AhnLab\Safe Transaction\StCli.exe
C:\Program Files\AhnLab\Safe Transaction\StCtInst.dll
C:\Program Files\AhnLab\Safe Transaction\StCtl.dll
C:\Program Files\AhnLab\Safe Transaction\StSess.exe
C:\Program Files\AhnLab\Safe Transaction\StSvr.dll
C:\Program Files\AhnLab\Safe Transaction\TNFwCt.dll
C:\Program Files\AhnLab\Safe Transaction\TNFwNt.sys
C:\Program Files\AhnLab\Safe Transaction\TNHipsCt.dll
C:\Program Files\AhnLab\Safe Transaction\TNHipsNt.sys
C:\Program Files\AhnLab\Safe Transaction\TNNetUtil.dll
C:\Program Files\AhnLab\Safe Transaction\TNNipsCt.dll
C:\Program Files\AhnLab\Safe Transaction\TNNipsNt.sys
C:\Program Files\AhnLab\Safe Transaction\TrueEyesU.dll
C:\Program Files\AhnLab\Safe Transaction\TrueEyesU_1.3.3.9.dll
C:\Program Files\AhnLab\Safe Transaction\TSFltCtl.dll
C:\Program Files\AhnLab\Safe Transaction\TSFltDrv.sys
C:\Program Files\AhnLab\Safe Transaction\tsmime.dll
C:\Program Files\AhnLab\Safe Transaction\UpEx.dll
C:\Program Files\AhnLab\Safe Transaction\V3Cert.dll
C:\Program Files\AhnLab\Safe Transaction\V3ElamCt.dll
C:\Program Files\AhnLab\Safe Transaction\V3Medic.exe
C:\Program Files\AhnLab\Safe Transaction\WinFWMgr.dll
C:\Windows\System32\drivers\AhnRghNt.sys
C:\Windows\System32\drivers\AMonCDW7.sys
C:\Windows\System32\drivers\AMonCDW8.sys
C:\Windows\System32\drivers\AMonHKnt.sys
C:\Windows\System32\drivers\AMonLWLH.sys
C:\Windows\System32\drivers\AMonTDLH.sys
C:\Windows\System32\drivers\AMonTDnt.sys
C:\Windows\System32\drivers\Cdm2DrNt.sys
C:\Windows\System32\drivers\HsbDrv64.sys
C:\Windows\System32\drivers\klb64mkd.sys
C:\Windows\System32\drivers\Mkd2bthf.sys
C:\Windows\System32\drivers\Mkd2Nadr.sys
C:\Windows\System32\drivers\mkd3kfnt.sys
C:\Windows\System32\drivers\V3ElamDr.sys
바로가기 생성 목록
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AhnLab\AhnLab Safe Transaction\AhnLab Safe Transaction 제거.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AhnLab\AhnLab Safe Transaction\AhnLab Safe Transaction.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AhnLab\AhnLab Safe Transaction\AhnReport.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AhnLab\AhnLab Safe Transaction\환경 설정.lnk