[filename.info logo]
[cn hh.exe][de hh.exe][es hh.exe][fr hh.exe][gb hh.exe][it hh.exe][jp hh.exe][kr hh.exe][nl hh.exe][pt hh.exe][ru hh.exe][us hh.exe]

hh.exe (5.2.3644.0)

Contenu dans le logiciel

Nom:Windows XP Home Edition, Deutsch
Lien de l'information:http://www.microsoft.com/windowsxp/

DĂ©tails de dossier

Chemin de dossier:C:\WINDOWS\system32\dllcache \ hh.exe
Date de dossier:2002-11-09 13:47:56
Volume de fichier:10.752 bytes

La somme et le dossier hache

MD5:ED97 F327 6D9F ABCF 0068 DE21 72DF 8DA5
SHA1:1E38 7DD1 3B7B 9C98 0EEC 101C 48A9 2E84 2A08 DFF9

L'information de ressource de version

Nom de compagnie:Microsoft Corporation
Description de dossier:Microsoft® HTML Help Executable
Drapeaux de dossier:PRIVATE-BUILD
Logiciel d'exploitation de dossier:Windows NT, Windows 2000, Windows XP, Windows 2003
Type de dossier:Application
Version de dossier:5.2.3644.0
Nom interne:HH 1.4
Copyright lĂ©gal:© Microsoft Corporation. All rights reserved.
Nom de fichier original:HH.exe
Nom de produit:HTML Help
Version de produit:5.2.3644.0

hh.exe a été trouvé dans les rapports suivants:


DĂ©tails techniques
...the following Windows files: C:\%Windir%hh.exe is copied as C:\%Windir%Fontsh.exe....
...Copies itself as: C:\%Windir%hh.exe and sets its attribute to Hidden....
Instructions de déplacement
...Restore these files: C:\%Windir%Fontshh.exe to C:\%Windir%hh.exe C:\%Windir%FontsNotepa.exe...
...C:\%Windir%Fontsh.exe to C:\%Windir%hh.exe C:\%Windir%FontsNotepa.exe...
Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.dexec.html


DĂ©tails techniques
...The worm specifically infects Hh.exe, which is a standard Windows executable file....
...When it sends the email message, the worm attaches the infected Hh.exe file as Binladen_brasil.exe....
Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.toal.a@mm.html


DĂ©tails techniques
...When executed, the Myromeo.exe file looks for the running copy of HH.exe (that is associated with .chm files) and tries to stop it in order to hide its activity....
Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.blebla.worm.html


DĂ©tails techniques
...Winhlp32.exe HH.exe If it finds those files, it...
...Winhlp32.vir Hh.vir If the Trojan finds them,...
Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.nosys.html


Instructions de déplacement
...box and replace it with the path to the Windows installation folder followed by hh.exe" %1. This will vary with the operating system and where it is installed....
...Windows NT/2000: C:WINNThh.exe" %1 Windows 95/98/Me/XP: C:WINDOWShh.exe"...
Source: http://securityresponse.symantec.com/avcenter/venc/data/trojan.pws.qqpass.c.html


DĂ©tails techniques
...F-Stopw.exe HH.exe Iamapp.exe...
Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.maax@mm.html


DĂ©tails techniques
...To hide its activity, the Melh32.exe file attempts to terminate the HH.exe process. The worm then queries the...
Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.blebla.j.worm.html


DĂ©tails techniques
...Changes the value: (Default) %Windir%hh.exe %1 to:...
Instructions de déplacement
...to: (Default) %Windir%hh.exe %1 Navigate to the key:...
Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.benpao.trojan.html


DĂ©tails techniques
...Replaces the references to hh.exe with one of the random filenames that the worm created....
Instructions de déplacement
...HKEY_CLASSES_ROOTchm.fileshellopencommand Restore value to: hh.exe %1 Key: HKEY_CLASSES_ROOTscrfileshellopencommand...
Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.benfgame.b.html


DĂ©tails techniques
...HKEY_CLASSES_ROOTApplicationsHH.exeShellopencommand @=%Windir%Myvwa.com...
Instructions de déplacement
...HKEY_CLASSES_ROOTApplicationsHH.exeShellopencommand HKEY_CLASSES_ROOTApplicationsIamapp.exeShellopencommand...
Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.faisal@mm.html

Valid HTML 4.01!