[filename.info logo]
[cn wsock32.dll][de wsock32.dll][es wsock32.dll][fr wsock32.dll][gb wsock32.dll][it wsock32.dll][jp wsock32.dll][kr wsock32.dll][nl wsock32.dll][pt wsock32.dll][ru wsock32.dll][us wsock32.dll]
 

wsock32.dll (5.1.2600.0)

ソフトウェアに含まれている

名前:Windows XP Home Edition, Deutsch
免許証:商業
情報リンク:http://www.microsoft.com/windowsxp/

ファイル細部

ファイル道:C:\WINDOWS\system32 \ wsock32.dll
ファイル日付:2002-08-29 14:00:00
版:5.1.2600.0
ファイルサイズ:23.552 バイト

検査合計及びファイルは切り刻む

CRC32:692BCCD3
MD5:26F3 9A4B 55C7 DEEB D258 8F4E 9B63 3E83
SHA1:C758 9388 4760 9646 C1B9 BCDA ECFB D91B CF5D 65C1

版資源情報

会社名前:Microsoft Corporation
ファイル記述:Windows Socket-32-Bit-DLL
ファイルオペレーティングシステム:Windows NT, Windows 2000, Windows XP, Windows 2003
ファイル・タイプ:Dynamic Link Library (DLL)
ファイル版:5.1.2600.0
内部名:wsock32.dll
法的版権: Microsoft Corporation. Alle Rechte vorbehalten.
元のファイル名:wsock32.dll
製品名:Betriebssystem Microsoft Windows
プロダクト版:5.1.2600.0

wsock32.dll は次のレポートで見つけられた:

W97M.Suppl.A / W95.Suppl.16384.A

W97M.Suppl.A / W95.Suppl.16384.A について
...spreads a Microsoft Word 97 macro virus that hooks Winsock32 APIs, by replacing the Wsock32.dll system file. The payload overwrites the...
技術的詳細
...executed on the next Windows startup to delete the dropped Dll.lzh file, renames Wsock32.dll to Wsock33.dll in the %System% folder, and then renames the Dll.tmp to Wsock32.dll....
...All the other APIs are redirected to Wsock33.dll, which is the renamed Wsock32.dll file. Every time a user sends an...
取り外しの指示
...file can safely be deleted. The worm's .dll, the bad Wsock32.dll, is detected as W95.Suppl.16384.A....
...W97M.Suppl.A and W95.Suppl.16384.A. Restore the Wsock32.dll file. For specific details on each...
...computer in Safe Mode." 5. Restoring the Wsock32.dll file To restore the Wsock32.dll...
...show the Hidden and System files, then restore Wsock33.dll to its original name, Wsock32.dll. Configuring Windows to show...
...Renaming Wsock33.dll file back to Wsock32.dll Using Windows Explorer, navigate...
源: http://securityresponse.symantec.com/avcenter/venc/data/w97m.suppl.html

Troj.Polyglot

技術的詳細
...Upon the next system reboot, it will also rename the Wsock32.dll file to Nlhvld.dll and replace it with Proclib16.dll....
...Internet) connection activity. This Trojan hooks four WSOCK32 API functions: connect, recv, send, and closesocket....
取り外しの指示
...Restarting to MS-DOS mode ensures that Wsock32.dll is not loaded (Wsock32.dll is used for Internet connections)....
...the WindowsSystem folder. Type dir wsock32.dll to check the size of Wsock32.dll....
...replaced it with Proclib16.dll. To restore the original Wsock32.dll, type copy nlhvld.dll Wsock32.dll...
源: http://securityresponse.symantec.com/avcenter/venc/data/troj.polyglot.html

W32.Notech

W97M.Suppl.A / W95.Suppl.16384.A について
...W32.Notech is a worm component that is found in infected Wsock32.dll files placed in the same folder as Internet Explorer....
技術的詳細
...W32.Notech is found in infected Wsock32.dll files, where the worm intercepts all the send requests....
...This will delete the infected Wsock32.dll from the system on the next reboot....
源: http://securityresponse.symantec.com/avcenter/venc/data/w32.notech.html

W32.Netlip.Worm

技術的詳細
...It also copies: C:\%System%WSOCK32.DLL to...
...C:\%system%Wsock32.old C:\%windir%Wsock32.dll NOTES:...
...Then it modifies C:\%windir%Wsock32.dll by hooking the send() function of Wsock32.dll As a result, the worm's hooked routine...
...[Rename] NUL=C:WINDOWSSYSTEMWSOCK32.dll C:WINDOWSSYSTEMWSOCK32.dll=C:WINDOWSWSOCK32.dll...
...As a result, the next time that you start Windows, C:\%system%Wsock32.dll is replaced with C:\%windir%Wsock32.dll...
取り外しの指示
...   NUL=C:WINDOWSSYSTEMWSOCK32.dll   C:WINDOWSSYSTEMWSOCK32.dll=C:WINDOWSWSOCK32.dll...
...[Rename] NUL=C:WINDOWSSYSTEMWSOCK32.dll C:WINDOWSSYSTEMWSOCK32.dll=C:WINDOWSWSOCK32.dll...
源: http://securityresponse.symantec.com/avcenter/venc/data/w32.netlip.worm.html

Happy99.Worm Removal Tool

W97M.Suppl.A / W95.Suppl.16384.A について
...is designed to safely remove Happy99.Worm (a.k.a. W32.Ska) files and restore the WSOCK32.DLL in Windows systems. FIXHAPPY accomplishes the...
...installs itself to the system. Restores WSOCK32.DLL. Happy99.Worm modifies WSOCK32.DLL...
...Happy99.Worm adds this Windows Registry entry if WSOCK32.DLL is in use when the worm attempts to modify it (i.e. a user is online or connected...
...is displayed if the tools successfully removed SKA.EXE, SKA.DLL files and restore WSOCK32.DLL file. Although the FIXHAPPY.EXE...
源: http://securityresponse.symantec.com/avcenter/venc/data/fix.happy99.worm.html

PHP.Sysbat

W97M.Suppl.A / W95.Suppl.16384.A について
...Finally, the Trojan tries to delete C:WindowsSystemWsock32.dll. Type: Trojan Horse...
脅威の査定
...Deletes files: C:WindowsSystemWsock32.dll Modifies files:...
技術的詳細
...It then attempts to delete the C:WindowsSystemWsock32.dll file. Finally, the Trojan displays...
取り外しの指示
...were infected by the Trojan. Replace the Wsock32.dll file, if necessary. Write-up by:...
源: http://securityresponse.symantec.com/avcenter/venc/data/php.sysbat.html

W95.Hybris.gen

技術的詳細
...When the worm attachment is executed, the Wsock32.dll file is modified or replaced....
...Once the worm has infected wsock32.dll, it has the ability to monitor the Internet connection as well as incoming and outgoing...
...the temporary executable. In this way, Wsock32.dll is infected with the actual worm body....
...difficult but possible to repair. If Wsock32.dll is being used by the system, the worm cannot modify it....
...The worm hooks onto the following exports of Wsock32.dll: send()...
取り外しの指示
...detected, do the following: When Wsock32.dll is detected as infected, choose Repair....
...NOTE: If NAV cannot repair Wsock32.dll when Windows is in normal mode, then try to repair it in Safe Mode.This is particularly...
...To extract a new copy of the Wsock32.dll file: This is necessary only if...
...Windows 2000/XP, because these systems' File Protection feature should prevent the Wsock32.dll file from being overwritten (unless File Protection was disabled)....
...extract /a d:win98precopy1.cab wsock32.dll /L c:windowssystem If Windows is installed in...
...extract /a x:win98precopy1.cab wsock32.dll /L c:windowssystem If you are using Windows 95,...
...extract /a x:win95win95_02.cab wsock32.dll /L c:windowssystem If you see an error message...
源: http://securityresponse.symantec.com/avcenter/venc/data/w32.hybris.gen.html

W95.MTX Fix Tool

W97M.Suppl.A / W95.Suppl.16384.A について
...W95.MTX Fix Tool repairs the Wsock32.dll by removing the virus code....
...If Wsock32.dll is in use at that time, the tool makes a copy of Wsock32.dll and this copy is repaired....
...When the computer is restarted, the Wsock32.dll will be replaced with the clean copy....
源: http://securityresponse.symantec.com/avcenter/venc/data/w95.mtx.fix.tool.html

W95.Babylonia

技術的詳細
...similar to the W95.CIH virus. Wsock32.dll modifications Another very important detail...
...The virus adds a very short hook routine to the "Send" API of Wsock32.dll similar to the Happy99 worm....
源: http://securityresponse.symantec.com/avcenter/venc/data/w95.babylonia.html

W32.Icecubes.Worm.B

技術的詳細
...the worm does the following: Creates a copy of Wsock32.dll and names this copy Wsock32.inf....
...Appends part of its code to the last section of Wsock32.inf, and hooks into the send() export function....
...Creates a file named Wininit.ini, which causes Windows to replace Wsock32.dll with the modified Wsock32.inf file after the computer is restarted....
......
源: http://securityresponse.symantec.com/avcenter/venc/data/w32.icecubes.worm.b.html



Valid HTML 4.01!