病毒别名:
处理时间:2005-09-19
威胁级别:★
中文名称:
病毒类型:黑客程序
影响系统:Win 9x/ME,Win 2000/NT,Win XP,Win 2003
病毒行为:
该病毒是一个后门木马,该病毒运行后,拷贝自身到%system%poker3.exe,然后添加启动项,使自身能够开机启动;该病毒通过IRC聊天室接受黑客命令;该病毒会盗取一些软件、游戏的cd key。
1,生成文件
%system%poker3.exe
2,添加启动项
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
"Microsoft Windows DLL Services Configuration" = "poker3.exe"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices
"Microsoft Windows DLL Services Configuration" = "poker3.exe"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
"Microsoft Windows DLL Services Configuration" = "poker3.exe"
3,盗取下列软件的cdKey
Command & Conquer Generals
FIFA 2003
NFSHP2
COD
SOF2
NWN
Battlefield 1942 Road To Rome
Battlefield 1942
Project IGI 2
Counter-Strike ( Retail )
Unreal Tournament 2003
Half-Life