TrojanDownloader.Small.kx
病毒长度:4,096 字节 , 27,136 字节
病毒类型:木马
危害等级:**
影响平台:Win9X/2000/XP/NT/Me/2003
TrojanDownloader.Small.kx至少有两个文件组成,一个是4,096 字节的下载部分,一个是27,136 字节的木马部分。下载部分将首先进入系统,并从预定的网站下载该木马程序的木马部分,它是经过UPX压缩的。
木马通过电子邮件进行传播,该邮件声称是来自微软公司的关于Windows XP操作系统的补丁程序,附件的文件名为winxp_sp1.exe(4,096 KB)当附件中的winxp_sp1.exe文件被执行后,它将到预定的网站下载并执行木马程序部分。
传播过程及特征:
1.在系统目录下生成一个名为msvchost.exe的木马文件,该文件的作用是传递系统信息、从预定的网站下载并执行另一个文件。
2.修改注册表:
在系统注册表添加键值以使木马文件可以在每次Windows系统启动后自动运行
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun] "msvcc" = "%system%msvchost.exe"
3.携带木马程序的电子邮件的特征如下:
发件人: windowsupdate@microsoft.com
主题: Windows XP Service Pack 1 (Express) - Critical Update.
正文:
Window Update has determined that you are running
a beta version of Windows XP Service Pack 1
(SP1). To help improve the stability of your
computer, Microsoft recommends that you remove
the beta version of Windows XP SP1 and re-install
Windows XP SP1. If you cannot remove the beta
version, you should still reinstall Windows XP
SP1.
Windows XP SP1 provides the latest security,
reliability, and performance updates to the
Windows XP family of operating systems. Windows
XP SP1 is designed to ensure Windows XP platform
compatibility with newly released software and
hardware, and includes updates to resolve issues discovered by customers or by Microsoft's
internal testing team.
The maximum download size is approximately 3 MB,
however the size of the download and time
required may be less for computers that have had
updates previously installed.
To minimize the download time needed for
installation, setup will only download those
files which are required to bring your computer
up to date. Windows XP SP1 includes Internet
Explorer 6 SP1. Anti-virus software programs may
interfere with the installation of Windows XP
SP1. Please disable anti-virus software while
installing the service pack.
Just run the file winxp_sp1.exe in attach and
make sure to restart your PC after installation
will be completed.
?2004 Microsoft Corporation. All rights reserved.
Terms of Use
<http://www.microsoft.com/info/cpyright.htm>
Privacy Statement
<http://www.microsoft.com/info/privacy.htm>
附件: winxp_sp1.exe (4,096 字节)