홈페이지 : http://www.novirusthanks.org/product/threat-killer/
Installer 다운로드 : http://downloads.novirusthanks.org/files/threatkiller_setup.exe
Portable 다운로드 : http://downloads.novirusthanks.org/files/portables/threatkiller_portable.zip
스크립트(Script) 예제 (Data 폴더에 존재)
[BACKUP OFF]
[RESTOREPOINT ON]
[KILL PROCESSES]
C:\WINDOWS\virus.exe
C:\Program Files\virus.exe
[END]
[UNREGISTER DLLS]
virus.dll
other_dll_name.dll
[END]
[COPY FILES]
C:\WINDOWS\virus.exe -> C:\ANALYSIS\virus_exe
C:\WINDOWS\virus2.exe -> C:\ANALYSIS\virus2_exe
[END]
[COPY FOLDERS]
C:\trojan_dir\ -> C:\ANALYSIS\trojan_dir.zip
C:\Program Files\A360\ -> C:\ANALYSIS\A360.zip
[END]
[MOVE FILES]
C:\virus.exe -> C:\ANALYSIS\virus3_exe
[END]
[DELETE FILES]
C:\WINDOWS\virus.exe
C:\WINDOWS\system32\virus.exe
C:\Program Files\virus.exe
%PROGRAMFILES%\A360\a360.exe
[END]
[FORCE DELETE FILES]
C:\WINDOWS\hiddenfile.exe
%HOMEDRIVE%\virus.exe
%SYSTEMDIR%\trojan.exe
[END]
[DELETE FOLDERS RECURSIVE]
C:\Program Files\trojan folder\
C:\WINDOWS\virus folder\
[END]
[DELETE FOLDERS]
C:\Program Files\trojan\
C:\WINDOWS\virus\
[END]
[EMPTY FOLDERS]
C:\Program Files\folder\
C:\WINDOWS\folder\
[END]
[DELETE REGISTRY KEYS]
HKEY_CURRENT_USER\Software\Virus\
[END]
[DELETE REGISTRY VALUES]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ -> Malware
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> D:\Virus.exe
[END]
[EMPTY REGISTRY VALUES]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ -> Test
[END]
[SET REGISTRY VALUES]
HKEY_LOCAL_MACHINE\Software\Microsoft\Explorer\ -> ValueName -> DWORD -> 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ -> Program -> STRING -> test.exe
[END]
[PROGRAMS TO LAUNCH]
explorer.exe
C:\WINDOWS\notepad.exe
[END]
[STOP DRIVERS]
C:\WINDOWS\system32\drivers\rootkit2.sys
[END]
[UNLOAD DRIVERS]
C:\WINDOWS\system32\drivers\rootkit3.sys
[END]
[DELETE DRIVERS]
C:\WINDOWS\system32\drivers\rootkit.sys
C:\WINDOWS\system32\drivers\vxxcvxb34erjewnkadsjadnj.sys
[END]
[BACKUP OFF]
[RESTOREPOINT ON]
[KILL PROCESSES]
C:\WINDOWS\virus.exe
C:\Program Files\virus.exe
[END]
[UNREGISTER DLLS]
virus.dll
other_dll_name.dll
[END]
[COPY FILES]
C:\WINDOWS\virus.exe -> C:\ANALYSIS\virus_exe
C:\WINDOWS\virus2.exe -> C:\ANALYSIS\virus2_exe
[END]
[COPY FOLDERS]
C:\trojan_dir\ -> C:\ANALYSIS\trojan_dir.zip
C:\Program Files\A360\ -> C:\ANALYSIS\A360.zip
[END]
[MOVE FILES]
C:\virus.exe -> C:\ANALYSIS\virus3_exe
[END]
[DELETE FILES]
C:\WINDOWS\virus.exe
C:\WINDOWS\system32\virus.exe
C:\Program Files\virus.exe
%PROGRAMFILES%\A360\a360.exe
[END]
[FORCE DELETE FILES]
C:\WINDOWS\hiddenfile.exe
%HOMEDRIVE%\virus.exe
%SYSTEMDIR%\trojan.exe
[END]
[DELETE FOLDERS RECURSIVE]
C:\Program Files\trojan folder\
C:\WINDOWS\virus folder\
[END]
[DELETE FOLDERS]
C:\Program Files\trojan\
C:\WINDOWS\virus\
[END]
[EMPTY FOLDERS]
C:\Program Files\folder\
C:\WINDOWS\folder\
[END]
[DELETE REGISTRY KEYS]
HKEY_CURRENT_USER\Software\Virus\
[END]
[DELETE REGISTRY VALUES]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ -> Malware
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> D:\Virus.exe
[END]
[EMPTY REGISTRY VALUES]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ -> Test
[END]
[SET REGISTRY VALUES]
HKEY_LOCAL_MACHINE\Software\Microsoft\Explorer\ -> ValueName -> DWORD -> 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ -> Program -> STRING -> test.exe
[END]
[PROGRAMS TO LAUNCH]
explorer.exe
C:\WINDOWS\notepad.exe
[END]
[STOP DRIVERS]
C:\WINDOWS\system32\drivers\rootkit2.sys
[END]
[UNLOAD DRIVERS]
C:\WINDOWS\system32\drivers\rootkit3.sys
[END]
[DELETE DRIVERS]
C:\WINDOWS\system32\drivers\rootkit.sys
C:\WINDOWS\system32\drivers\vxxcvxb34erjewnkadsjadnj.sys
[END]
댓글 없음:
댓글 쓰기