病毒别名:
处理时间:
威胁级别:★★
中文名称:
病毒类型:木马
影响系统:Win9x/Win2000/WinXP/Win2003
病毒行为:
编写工具: VB6
传染条件:
发作条件:
系统修改:
释放文件到 %System%author.exe 和 c:explorer.exe
添加注册表:
HKEY_CLASSES_ROOTdocfileshellopencommand
"C:WINDOWSSYSTEM32AUTHOR.exe %1"
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun
author "C:WINDOWSSYSTEM32AUTHOR.exe"
HKEY_LOCAL_MACHINESoftwareCLASSESdocfileshellopencommand
"C:WINDOWSSYSTEM32AUTHOR.exe %1"
修改文件关联:
HKEY_CLASSES_ROOTdocfile
HKEY_CLASSES_ROOTdocfileshell
HKEY_CLASSES_ROOTdocfileshellopen
HKEY_LOCAL_MACHINESoftwareCLASSESdocfile
HKEY_LOCAL_MACHINESoftwareCLASSESdocfileshell
HKEY_LOCAL_MACHINESoftwareCLASSESdocfileshellopen
HKEY_CLASSES_ROOT xtfileshellopencommand
"C:WINDOWSNOTEPAD.EXE %1" "C:WINDOWSSYSTEM32AUTHOR.exe %1"
HKEY_CLASSES_ROOTexefileshellopencommand
""%1" %*" "C:WINDOWSSYSTEM32AUTHOR.exe %1"
HKEY_CLASSES_ROOT
egfileshellopencommand
"regedit.exe "%1"" "C:WINDOWSSYSTEM32AUTHOR.exe %1"
HKEY_CLASSES_ROOTcomfileshellopencommand
""%1" %*" "C:WINDOWSSYSTEM32AUTHOR.exe %1"
HKEY_LOCAL_MACHINESoftwareCLASSES xtfileshellopencommand
"C:WINDOWSNOTEPAD.EXE %1" "C:WINDOWSSYSTEM32AUTHOR.exe %1"
HKEY_LOCAL_MACHINESoftwareCLASSESexefileshellopencommand
""%1" %*" "C:WINDOWSSYSTEM32AUTHOR.exe %1"
HKEY_LOCAL_MACHINESoftwareCLASSES
egfileshellopencommand
"regedit.exe "%1"" "C:WINDOWSSYSTEM32AUTHOR.exe %1"
HKEY_LOCAL_MACHINESoftwareCLASSEScomfileshellopencommand
""%1" %*" "C:WINDOWSSYSTEM32AUTHOR.exe %1"
发作现象:
弹出对话框“您好:感谢您下载软件并运行了他,我们会常常见面的,不信??后会有期!”,当结束时打开资源管理器,多个进程运行。
特别说明: