[filename.info logo]
[cn hh.exe][de hh.exe][es hh.exe][fr hh.exe][gb hh.exe][it hh.exe][jp hh.exe][kr hh.exe][nl hh.exe][pt hh.exe][ru hh.exe][us hh.exe]

hh.exe ( 5.2.3644.0)

Contenu dans le logiciel

Nom:Windows XP Home Edition, Deutsch
Lien de l'information:http://www.microsoft.com/windowsxp/

DĂ©tails de dossier

Chemin de dossier:C:\WINDOWS\$NtUninstallKB826939$ \ hh.exe
Date de dossier:2002-08-29 14:00:00
Version: 5.2.3644.0
Volume de fichier:10.752 bytes

La somme et le dossier hache

MD5:0324 5A0A F7BB 8D55 913B 17AC 297C 38C5
SHA1:FB32 ECCB 0F59 35C7 D0DA 864D F9EB 1E51 0EA2 FDF1

L'information de ressource de version

Nom de compagnie:Microsoft Corporation
Description de dossier:Microsoft® HTML Help Executable
Drapeaux de dossier:PRIVATE-BUILD
Logiciel d'exploitation de dossier:Windows NT, Windows 2000, Windows XP, Windows 2003
Type de dossier:Application
Version de dossier:5.2.3644.0
Nom interne:HH 1.4
Copyright lĂ©gal:© Microsoft Corporation. All rights reserved.
Nom de fichier original:HH.exe
Nom de produit:HTML Help
Version de produit:5.2.3644.0

hh.exe a été trouvé dans les rapports suivants:


DĂ©tails techniques
...the following Windows files: C:\%Windir%hh.exe is copied as C:\%Windir%Fontsh.exe....
...Copies itself as: C:\%Windir%hh.exe and sets its attribute to Hidden....
Instructions de déplacement
...Restore these files: C:\%Windir%Fontshh.exe to C:\%Windir%hh.exe C:\%Windir%FontsNotepa.exe...
...C:\%Windir%Fontsh.exe to C:\%Windir%hh.exe C:\%Windir%FontsNotepa.exe...
Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.dexec.html


DĂ©tails techniques
...The worm specifically infects Hh.exe, which is a standard Windows executable file....
...When it sends the email message, the worm attaches the infected Hh.exe file as Binladen_brasil.exe....
Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.toal.a@mm.html


DĂ©tails techniques
...When executed, the Myromeo.exe file looks for the running copy of HH.exe (that is associated with .chm files) and tries to stop it in order to hide its activity....
Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.blebla.worm.html


DĂ©tails techniques
...Winhlp32.exe HH.exe If it finds those files, it...
...Winhlp32.vir Hh.vir If the Trojan finds them,...
Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.nosys.html


Instructions de déplacement
...box and replace it with the path to the Windows installation folder followed by hh.exe" %1. This will vary with the operating system and where it is installed....
...Windows NT/2000: C:WINNThh.exe" %1 Windows 95/98/Me/XP: C:WINDOWShh.exe"...
Source: http://securityresponse.symantec.com/avcenter/venc/data/trojan.pws.qqpass.c.html


DĂ©tails techniques
...F-Stopw.exe HH.exe Iamapp.exe...
Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.maax@mm.html


DĂ©tails techniques
...To hide its activity, the Melh32.exe file attempts to terminate the HH.exe process. The worm then queries the...
Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.blebla.j.worm.html


DĂ©tails techniques
...Changes the value: (Default) %Windir%hh.exe %1 to:...
Instructions de déplacement
...to: (Default) %Windir%hh.exe %1 Navigate to the key:...
Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.benpao.trojan.html


DĂ©tails techniques
...Replaces the references to hh.exe with one of the random filenames that the worm created....
Instructions de déplacement
...HKEY_CLASSES_ROOTchm.fileshellopencommand Restore value to: hh.exe %1 Key: HKEY_CLASSES_ROOTscrfileshellopencommand...
Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.benfgame.b.html


DĂ©tails techniques
...HKEY_CLASSES_ROOTApplicationsHH.exeShellopencommand @=%Windir%Myvwa.com...
Instructions de déplacement
...HKEY_CLASSES_ROOTApplicationsHH.exeShellopencommand HKEY_CLASSES_ROOTApplicationsIamapp.exeShellopencommand...
Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.faisal@mm.html

Valid HTML 4.01!