|
|
¿À´Ã |
2,314
|
|
|
¾îÁ¦ |
3,062
|
|
|
ÃÖ´ë |
3,169
|
|
|
Àüü |
2,281,552
|
|
| |
|
|
 | ÇöÀçÀ§Ä¡ : Á¤º¸¸¶´ç > ¢Ñ ÄÄ Ç» ÅÍ | | |
ÀÛ¼ºÀÏ : 16-08-08 17:08
|
Generic Host Process for win32 services¿¡·¯
|
 |
|
±Û¾´ÀÌ :
Çѳª
 Á¶È¸ : 3,393
|
Generic Host Process for win32 services¿¡·¯
¼öµ¿ ÇØ°á¹ý
1. Á¦¾îÆÇ -> °ü¸®µµ±¸ -> ¼ºñ½º
2. Remote Procedure Call(RPC) ´õºíŬ¸¯
3. º¹±¸ ÅÇ¿¡¼ ù° ½ÇÆÐ, µÑ° ½ÇÆÐ, ÈÄ¼Ó ½ÇÆи¦ ÀüºÎ µ¿ÀÛÇÏÁö ¾ÊÀ½À¸·Î º¯°æ ÈÄ ÀçºÎÆÃ
4. 1.2.3ÀÇ °úÁ¤À» °ÅÃĵµ ÇØ°áµÇÁö ¾ÊÀ» ½Ã¿¡ À§¿¡ ¿Ã·ÁÁø º¸¾È ¾÷µ¥ÀÌÆ® ¼³Ä¡ ÈÄ ÀçºÎÆÃ
5. ±×·¡µµ ÇØ°áµÇÁö ¾ÊÀ¸¸é, ÀÛ¾÷°ü¸®ÀÚ(Ctrl + Alt + Delete)¸¦ ½ÇÇàÇؼ msblast.exe¸¦ Á¾·á
6. C:\windows\system32\msblast.exe »èÁ¦ ÈÄ ÀçºÎÆÃ
7. 1~6±îÁö ½ÇÇàÇصµ ÇØ°áµÇÁö ¾ÊÀ¸¸é, ½ÃÀÛ -> ½ÇÇà -> regedit ÀÔ·Â ÈÄ È®ÀÎ
8. HKEY_Local_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs Ç׸ñÀ» ¼±ÅÃ
9. RpcSsÀÇ start°ªÀ» 2·Î ¼öÁ¤ ÈÄ ÀçºÎÆÃ
10. 1~10±îÁö ½ÇÇàÇصµ ÇØ°áµÇÁö ¾ÊÀ¸¸é ¹é¾÷ ÈÄ ½Ã½ºÅÛ ´Ù½Ã ¼³Ä¡
============
¾Æ·¡ÀÇ ¸µÅ©¸¦ Ŭ¸¯ÇÏ¿© ¾ÐÃàÆÄÀÏÀ» ´Ù¿î¹Þ¾Æ Áֽñ⠹ٶø´Ï´Ù.
http://pclemon.tistory.com/attachment/cfile3.uf@112CF31C4B0CE6FE32D5FF.zip
´Ù¿î¹ÞÀº ¾ÐÃàÆÄÀÏÀ» ¾ÐÃàÇØÁ¦Çϸé 3°³ÀÇ ÆÄÀÏÀÌ ³ªÅ¾´Ï´Ù.
¾Æ·¡ÀÇ ¼ø¼´ë·Î ÆÐÄ¡ÇÁ·Î±×·¥À» ½ÇÇàÇÏ¿© ¼³Ä¡ÇØÁֽñ⠹ٶø´Ï´Ù.
I. WindowsXP-KB894391-x86-KOR.exe
II. kb921883-19850815.exe
III. kb922616-19850815.exe
¼³Ä¡ ¿Ï·á ÈÄ ÄÄÇ»Å͸¦ Àç½ÃÀÛÇÏ¿© ¹®Á¦°¡ ÇØ°áµÇ¾ú´ÂÁö È®ÀÎÇØ º¸½Ã±â ¹Ù¶ø´Ï´Ù.
======
°Ë»öÀ» Á» Çغ¸´Ï ¹ÙÀÌ·¯½º¿Í °ü·ÃµÇ¼ ÀϾ´Â ¿¡·¯¶ó´Â ¸»°ú ÇÔ²² À©µµ¿ì XP ¼ºñ½ºÆÑ2ÀÇ °íÁúÀûÀÎ ¹®Á¦¶ó´Â ¸» µîÀÌ ¶°µ¹°í ÀÖ¾ú´Ù. ¿¡·¯¸¸ ¶ß°í Á¤»óÀÛµ¿À» Çϸé ÁÁ°ÚÁö¸¸, ¼Ò¸®°¡ ¾È³ª¿È°ú µ¿½Ã¿¡ ÀüüÀûÀ¸·Î ½Ã½ºÅÛÀÌ ´À·ÁÁö´Â ¹®Á¦°¡ ¹ß»ý. ¹é½ÅÀ» ÀÌ¿ëÇØ ºÃÀÚ, º° ¹ÝÀÀÀÌ ¾ø¾ú´Ù. »ç¿ëÇÏ´Â ¹é½ÅÀÌ ¹«·á ¹é½ÅÀÌ¶ó¼ ±×·±°ÉÁöµµ ¸ð¸£Áö¸¸......
¾î·µç, º¸¾È ÆÐÄ¡¸¦ ÀÌ¿ëÇÏ¸é µÈ´Ù´Â °ÍÀ» ¾Ë°Ô µÇ¾ú´Ù. ¹«·Á µÎ°³³ª ¼³Ä¡ÇØ¾ß ÇÏÁö¸¸, ¾î·µç ¹®Á¦ ÇØ°á. ÈÖÀ¯~ ¼Ò¸®°¡ ´Ù½Ã ³ª¿À±â ½ÃÀÛÇßÀ¸¸ç, ½Ã½ºÅÛÀÌ ´À·ÁÁö´Â Áõ»óµµ ¿ÏȵǾú´Ù. ÀÏ´ÜÀº º° ¹®Á¦ ¾ø´Â µí.
Generic Host Process for Win32 Services ¿¡·¯ ¹ß»ý½Ã ¼³Ä¡ÇÒ º¸¾È ¾÷µ¥ÀÌÆ®
http://kaonic.tistory.com/attachment/cr745.exe
http://kaonic.tistory.com/attachment/dr777.exe
À§ÀÇ µÎ ÆÄÀÏÀ» ÀüºÎ ¼³Ä¡ÇÏ´Ï ÇØ°á µÇ¾ú´Ù. ÀÌ ¿¡·¯´Â ½Ã½ºÅÛ ±âº» ¼ºñ½º·Î½á DLL·Î ½ÇÇàµÇ´Â ¼ºñ½º¸¦ ±×·ìÈÇؼ È£½ºÆÃÇÏ´Â svchost.exe¿Í °ü·ÃµÇ¾î ÀÖ¾î¼ ´õ¿í ³°¨ÇÑ ÀÏÀÌ´Ù. ÀÛ¾÷°ü¸®ÀÚ(Ctrl + Alt + Delete)¸¦ »ìÆ캸¸é, svchost.exe°¡ ¿©·¯°³ ½ÇÇà Áß À̶õ »ç½ÇÀ» ¾Ë ¼ö Àִµ¥, ÀÌ´Â ÀÚ¿¬½º·± Áõ»óÀ¸·Î ½ÇÇàµÇ°í ÀÖ´Â ÇÁ·Î¼¼½º¸¦ »ìÆ캻´Ù°í Çصµ »ÇÁ·ÇÑ ¼ö°¡ ¾ø´Ù. ¶§¹®¿¡ ¾îÁö°£ÇÑ ¾Ç¼º ¹ÙÀÌ·¯½º´Â ÀÌ svchost.exe¸¦ °ø°ÝÇÏ°Ô ¸¶·ÃÀÌ´Ù. °Ô´Ù°¡ À§¿¡ ¿Ã·ÁµÐ µÎ°³ÀÇ ÆÄÀÏÀ» ¼³Ä¡Çصµ ÇØ°áµÇÁö ¾Ê´Â °æ¿ìµµ ÀÖ´Ù. ±×·± °æ¿ì¿£ ÀÏÀÏÀÌ ¼öµ¿À¸·Î ÇØ°áÇÏ´øÁö, ½Ã½ºÅÛÀ» ÀüºÎ ´Ù½Ã ¼³Ä¡ÇÏ´Â ¼ö ¹Û¿¡ ¾ø´Ù.
=====
À©µµ¿ì XP¿ë RPCº¸¾È ÆÐÄ¡
http://jog.co.kr/board.php?db=win2000&j=dn&number=44
http://jog.co.kr/board.php?db=win2000&j=v&number=44&pg=3&cv=&sf=&sd=&sw=&ps=53&pe=19
============
http://moss2.tistory.com/attachment/dk41.zip
¿¡·¯°¡ ¶ßÁö ¾Ê´Â ÄÄÇ»ÅÍ¿¡¼ 2°³ÀÇ ÆÄÀÏÀ» ´Ù¿î ¹Þ½À´Ï´Ù.
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wbemcore.dll
±×·±´ÙÀ½¿¡ ¾ÈÀü¸ðµå·Î ºÎÆÃÇÏ½ÅµÚ ¿À·ù°¡ÀÖ´Â Àú µÎ°³ÀÇÆÄÀÏÀ» Áö¿ì½Ã°í
±×ÀÚ¸®¿¡ ¸ÕÀú ´Ù¿î¹Þ¾Æ³õÀº ÆÄÀÏÀ» º¹»çÇؼ ºÙ¿©³Ö±â ÇϽðí ÀçºÎÆÃÇϽøé ÇØ°áµË´Ï´Ù.
====»çÀÌÆ® ¾È³» ====
http://bluejj.tistory.com/6
|
|
| |
|
¢ÄÂù¾ç & ¹æ¼Ûº¸±â¢Å
