Trojan.Meheerwar

病毒名称:

Trojan.Meheerwar

类别： 木马病毒

病毒资料：

该病毒长度 15,237 字节，感染windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows xp 系统，它修改 IE 设置，创建空目录，交换鼠标左右键，当收到、打开此病毒后，有以下现象:

A 复制自身到系统目录的 winupdate\csrss.exe

B 复制自身到系统所在盘符的根目录的

Open me.exe

Del.exe

Winfile.exe

MSN.exe

msnpaint.exe

Notedpad.exe

Dont Delete me.exe

C 增加注册表项 "Update" = "％System％\winupdate\csrss.exe" 到

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

使得病毒每次开机后执行

D 生成文件d.bmp到系统所在盘符的根目录，内容见图一

E 修改注册表HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main的值

"Window Title" = "Warrior !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! By Mr.X"

使得IE的标题为(图二)

F 修改注册表 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs 的值

"url1" = "www.sex.nl"

"url2" = "www.sex.nl"

"url3" = "www.sex.nl"

"url4" = "www.sex.nl"

"url5" = "www.sex.nl"

"url6" = "www.sex.nl"

"url7" = "www.sex.nl"

"url8" = "www.sex.nl"

"url9" = "www.sex.nl"

"url10" = "www.sex.nl"

"url11" = "www.sex.nl"

"url12" = "www.sex.nl"

"url13" = "www.sex.nl"

使得 IE 地址栏下拉历史记录为 www.sex.nl

G 修改注册表 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main 的值

"Start Page" = "www.mrx-server.com"

使得打开 IE 后的默认页面为 www.mrx-server.com

H 在桌面上创建以下空目录

Afghanistan

ASHB

ben jij gay

Call of Duty(R) 2 Singleplayer

DAMN

Darn zeg

Delete LOL

DELETE ME Please

DONT DELETE ME

DRIVERS

GAY

Global Pc Terror

GPT

GTA San Andreas

Hersens

Holland

I OWN

ik weet niks anders

IMC

IMF

Ja jij stink

JIj Stinkt

LESBIE

LOL

LOLz

LOLZA

LOLZAAAAAAA

Lozer

Made in Holland

Master

MASTER WARRIOR

Mister X

MOHAHAHAHAHAHA

Mr.X

Mrx.Afghanistan

Msn Messenger

noem eens wat op

NOOB

OMG

OMG jij bent dom

OMG OMG

omg vet saai

OMLA

Porno MAP

POWER

PRogram files

STINKERD

System32

Terror

VIRUS

waarom ben je homo

Waarom open je virus

WARRIOR

Windows

YOU homo bestanden

You sUCks

I 在我的文档里创建以下空目录

2005

DARN

Desktop

Deze Computer

Emoticosn

Font

Hardeschijf

HDD

HELP ME

Ik weet niks

Leeg

LOL

LoLza

Made By mrx

Mijn fotos

mijn vriendin

Mr.X

Mrx 2005

Msn

My files

Omg

omG 2005

Open me

Rotzooi

Save game

Shit

Warrior

Weet ff niks

wie ben jij

Your files

Zwak

J 交换鼠标左右键

K 突然打开和关闭光驱

L 过段时间后结束自己

病毒的清除法：

使用光华反病毒软件，彻底删除。

病毒演示：

病毒FAQ：

Windows下的PE病毒。

发现日期：

2006-2-27

• ·Trojan.PPDropper
• ·Win32.Troj.PSWQQ.fn
• ·Worm.Bobic.d
• ·PWSteal.Metafisher
• ·Trojan.Goldun.K
• ·Trojan.Alemod.B
• ·Keylogger.Mose
• ·Trojan/Patched.cu
• ·Trojan/Agent.tw
• ·TrojanDownloader.JS.Phe