Alias
Caractéristiques
-
Permet aux autres personnes d'accéder à l'ordinateur
-
Efface les fichiers de l'ordinateur
-
Vole des informations
-
Télécharge du code d'Internet
-
Diminue la sécurité du système
-
Modifie les mots de passe
Systèmes d'exploitation affectés
Instructions de restauration :
Veuillez suivre les instructions de suppression de vers.
The SH/Renepo-A virus can spread using any filename, but always tries to copy itself to /System/Library/StartupItems. Be sure to review this location for unwanted or malicious scripts.
The SH/Renepo-A virus creates a directory named "/.info" in which to collect data such as password hashes and application configuration. The presence of this directory should be considered suspicious.
The SH/Renepo-A virus attempts to create an admin-level user named "LDAP-daemon" with a password hash of "rQ3p5/hpOpvGE" and a user ID of 401. The presence of such an account should be considered suspicious.
Since SH/Renepo-A makes a wide range of changes to system security, a complete security review should be carried out on compromised computers. Be sure to turn back on any services disabled by the virus, including accounting, logging, firewall and auto-updates. Also look for files and directories with "777" (world-writeable) permissions, especially /etc/hostconfig, /etc/xinetd.d/ssh and the various data files used by cron.
Assume that all passwords on your network have been compromised. SH/Renepo-A attempts to harvest user, configuration and password data for a wide range of applications, including FTP servers, web servers, browsers, VNC and the operating system itself.