Win32.Troj.AdSetup.dx

王朝百科·作者佚名  2010-01-26
窄屏简体版  字體: |||超大  

处理时间:2007-02-08

威胁级别:★

病毒类型:木马

影响系统:Win 9x/ME,Win 2000/NT,Win XP,Win 2003

病毒行为:

这是个流氓软件安装包。运行病毒读会再系统中安装多宽流氓软件。建议电脑用户不要随便运行不明程序,以免中毒受害。

1、生成的文件

%Program Files%Common FilesSystemUpdaterun.exe

%SystemRoot%system32wbemocmor.dll

%SystemRoot%system32wbemjqtyi.dll

%SystemRoot%system32

undllfromwin2000.exe

%Documents and Settings%administratorFavorites多特软件站-最安全放心的软件站.url

%SystemRoot%ar.exe

%Program Files%superutilbarsuperutilbar.dll

%Program Files%superutilbaruninst.exe

2、添加启动项

HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun

"System" = "%Program Files%Common FilesSystemUpdaterun.exe"

3、添加伪系统服务

HKLMSystemCurrentControlSetServicesBRGNS

"Type" = "0x10"

HKLMSystemCurrentControlSetServicesBRGNS

"Start" = "0x2"

HKLMSystemCurrentControlSetServicesBRGNS

"ImagePath" = "%SystemRoot%SYSTEM32RUNDLLFROMWIN2000.EXE %SystemRoot%SYSTEM32WBEMJQTYI.DLL,Export 1087"

HKLMSystemCurrentControlSetServicesBRGNS

"DisplayName" = "Microsoft Update Service"

HKLMSystemCurrentControlSetServicesBRGNS

"Description" = "提供Microsoft(R) Windows 及应用程序的升级和安全漏洞修复服务。"

4、添加注册信息

HKCUSOFTWAREMicrosoftInternet ExplorerypedUrls

"url5" = "http://www.3839.***/index.html"

HKCR6781.TOOLBAR.1

"(Default)" = "实用搜索工具条2.0"

HKCR6781.TOOLBAR.1CLSID

"(Default)" = "{03465FF5-00AE-411a-9C34-960ED566EC03}"

HKCR6781.TOOLBARLOADER.1

"(Default)" = "实用搜索"

HKCR6781.TOOLBARLOADERCLSID

"(Default)" = "{6CFD436C-7AAD-4e50-992F-C0C87A94CAD2}"

HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall实用搜索工具条

"URLInfoAbout" = "http://www.shiyongsousuo.***"

5、注册CLSID组件

HKCRCLSID{03465FF5-00AE-411a-9C34-960ED566EC03}

"(Default)" = "实用搜索工具条2.0"

HKCRCLSID{03465FF5-00AE-411a-9C34-960ED566EC03}InprocServer32

"(Default)" = "%Program Files%superutilbarsuperutilbar.dll"

HKCRCLSID{6CFD436C-7AAD-4e50-992F-C0C87A94CAD2}

"(Default)" = "实用搜索"

HKCRCLSID{6CFD436C-7AAD-4e50-992F-C0C87A94CAD2}InprocServer32

"(Default)" = "%Program Files%superutilbarsuperutilbar.dll"

6、添加BHO组建

HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{6CFD436C-7AAD-4e50-992F-C0C87A94CAD2}

"(Default)" = "实用搜索"

7、添加工具条

HKLMSoftwareMicrosoftInternet ExplorerToolbar

"{03465FF5-00AE-411a-9C34-960ED566EC03}" = "实用搜索工具条2.0"

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
 
 
© 2005- 王朝網路 版權所有 導航