Win32.Troj.Agent.k - 王朝网络宽屏版

病毒别名：TrojanDropper.Win32.Agent.k【AVP】

处理时间：

威胁级别：★

中文名称：木马下载器

病毒类型：木马

影响系统：Win9X/ME/2000/XP/NT/2003

病毒行为:

编写工具:

传染条件:

发作条件:

系统修改:

A、在%SystemRoot%目录下或者%System%目录下生成的几个文件名变化的文件：

1098字节的exe文件(文件释放)

2891字节的exe文件(文件释放)

2907字节的exe文件

7314字节的exe文件

B、在%System%目录下生成的文件：

winmm64.exe

favico.dat

C、在当前用户的收藏夹内添加连接：

Adult Pics and Moviesoo.url

Free Adult Pics and MoviesIncest.url

Free Adult Pics and MoviesDate Rape.url

Free Adult Pics and MoviesAnal Rape.url

Free Adult Pics and MoviesSex.url

Free Adult Pics and MoviesFree Porn.url

Free Adult Pics and MoviesEscorts.url

Free Adult Pics and MoviesPenis Enlargement.url

Free Adult Pics and MoviesSingle Girls.url

Free Adult Pics and MoviesSex Video.url

Free Adult Pics and MoviesHardcore.url

Free Adult Pics and MoviesAmateur Sex.url

Free Adult Pics and MoviesPorn.url

Free Adult Pics and MoviesTeen Sex.url

Free Adult Pics and MoviesGay.url

Free Adult Pics and MoviesFree Sex.url

Free Adult Pics and MoviesPussy.url

Free Adult Pics and MoviesAnimal Sex.url

Free Adult Pics and MoviesAsian Sex.url

Free Adult Pics and MoviesMature Sex.url

Free Adult Pics and MoviesGroup Sex.url

Free Adult Pics and MoviesAnal.url

E-Business NewsOnline Trading.url

E-Business NewsInternet.url

E-Business NewsWeb Site Design.url

E-Business NewsWeb Hosting.url

E-Business NewsAffiliate Program.url

E-Business NewsDomain Names.url

Health NewsHealth Insurance.url

Health NewsFitness.url

Health NewsWomen Health.url

Health NewsNutrition.url

Health NewsDiet.url

Health NewsMen Health.url

Shopping NewsSkin Care.url

Shopping NewsComputers.url

Shopping NewsCosmetics.url

Shopping NewsGifts.url

Shopping NewsElectronics.url

Shopping NewsAuto.url

Shopping NewsBooks.url

Shopping NewsClothing.url

Online Pharmacy NewsOnline Pharmacy.url

Online Pharmacy NewsViagra.url

Online Pharmacy NewsTramadol.url

Online Pharmacy NewsPhentermine.url

Online Pharmacy NewsValium.url

Online Pharmacy NewsXanax.url

Online Pharmacy NewsAdipex.url

Online Pharmacy NewsPenis Pills.url

Online Pharmacy NewsCarisoprodol.url

Online Pharmacy NewsDrug.url

Online Gambling NewsPoker.url

Online Gambling NewsOnline Casino.url

Online Gambling NewsOnline Gambling.url

Online Gambling NewsCasino.url

Online Gambling NewsOnline Poker.url

Online Gambling NewsBlack Jack.url

Online Gambling NewsCasino Games.url

Online Gambling NewsHome Business and Finances.url

Antiviruses, Software, ComputersAntivirus.url

Antiviruses, Software, ComputersSpyware.url

Antiviruses, Software, ComputersSpyware Remover.url

Antiviruses, Software, ComputersSoftware.url

Antiviruses, Software, ComputersHosting.url

100% FREE RANDOM ADULT SITE!.url

FREE ANIMAL SEX, INCEST, TEEN SEX, MATURE SEX AND MORE!.url

Animal sex.url

Anal Rape (raped teens).url

incest sex (Dad and daughter, Mom and son).url

Spyware remover.url

Elite Porno!.url

Elite Hardcore Video.url

Sweet Babes fucking.url

D、在注册表主键：

HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun和

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun

下添加与生成文件同名的键值，并指向该文件名，以及：

"SpywareGuardPlus"="C:WINNTsystem32winmm64.exe"

发作现象:

A、连接到预定义的网址（82.146.48.224，81.9.3.82）下载木马程序并运行。

B、在用户收藏夹里面添加许多病毒网址和恶意网址。

特别说明: