病毒名称:
Trojan.Win32.OptixKill.20.b
类别: 木马病毒
病毒资料:
破坏方法:
一、病毒拷贝自身为windows目录的“SPOOL32.EXE”,修改注册表以自启动。
HKEY_LOCAL_MACHINE\Software\Microsoft
\Windows\Currentversion\Run
"WinBackup" : %WINDOWS%\SPOOL32.EXE
二、驻留内存,枚举系统所有进程,试图终止系列进程和服务。
ZONEALARM.EXE
ZAPRO.EXE
vsmon
minilog
MINILOG.EXE
VSMON.EXE
BlackICE
BLACKD.EXE
BLACKICE.EXE
NISUM
NISSERV
NISUM.EXE
NISSERV.EXE
NMAIN.EXE
IAMAPP.EXE
IAMSERV.EXE
FRW.EXE
PERSFW.EXE
LOCKDOWN.EXE
LOCKDOWN2000.EXE
SPHINX.EXE
NPROTECT.EXE
NDD32.EXE
SMC.EXE
NETUTILS.EXE
LDNETMON.EXE
PORTMONITOR.EXE
CONNECTIONMONITOR.EXE
DEFWATCH.EXE
RTVSCN95.EXE
VPC32.EXE
VPTRAY.EXE
POPROXY.EXE
_AVP32.EXE
_AVPCC.EXE
_AVPM.EXE
AVPCC.EXE
AVPM.EXE
AVP.EXE
NAV Alert
NAV Auto-Protect
NAVAPW32.EXE
ALERTSVC.EXE
NAVAPSVC.EXE
NAVLU32.EXE
NAVW32.EXE
SweepNet
SWEEPSRV.SYS
SWNETSUP.EXE
ICLOAD95.EXE
ICMON.EXE
ICSUPP95.EXE
ICLOADNT.EXE
ICSUPPNT.EXE
IFACE.EXE
ANTS.EXE
ANTI-TROJAN.EXE
WRCTRL.EXE
WRADMIN.EXE
CLEANER3.EXE
CLEANER.EXE
TC.EXE
TCA.EXE
TCM.EXE
MOOLIVE.EXE
McShield
AvSynMgr
MCSHIELD.EXE
VSHWIN32.EXE
VSMAIN.EXE
SCAN32.EXE
SCRSCAN.EXE
ALOGSERV.EXE
VSECOMR.EXE
WEBSCANX.EXE
AVCONSOL.EXE
VSSTAT.EXE
AVXW.EXE
AVXMONITORNT.EXE
AVXMONITOR9X.EXE
AVXQUAR.EXE.EXE
AMON9X.EXE
AvgServ
AVGSERV.EXE
AVGW.EXE
AVGCC32.EXE
IOMON98.EXE
WEBTRAP.EXE
PCCWIN98.EXE
TDS-3.EXE
SS3EDIT.EXE
DOORS.EXE
JEDI.EXE
MONITOR.EXE
RAV7WIN.EXE
RAV7.EXE
SWEEP95.EXE
MCAGENT.EXE
MCUPDATE.EXE
CLAW95.EXE
CLAW95CF.EXE
NORMIST.EXE
NVC95.EXE
VET95.EXE
VETTRAY.EXE
AUTODOWN.EXE
RESCUE.EXE
AVKSERV.EXE
ACKWIN32.EXE
DVP95.EXE
DVP95_0.EXE
F-AGNT95.EXE
F-PROT95.EXE
EXPERT.EXE
FP-WIN.EXE
F-STOPW.EXE
VIR-HELP.EXE
F-PROT.EXE
SPYXX.EXE
ATWATCH.EXE
ATUPDATER.EXE
ATCON.EXE
PVIEW95.EXE
WGFE95.EXE
AVGCTRL.EXE
LDPROMENU.EXE
LDSCAN.EXE
GENERICS.EXE
PROCESSMONITOR.EXE
PROGRAMAUDITOR.EXE
AVSYNMGR.EXE
GUARD.EXE
TFAK.EXE
LUALL.EXE
LUCOMSERVER.EXE
TRJSCAN.EXE
REGRUN2.EXE
navapsvc
SymProxySvc.exe
WIMMUN32.EXE
ntrtscan.EXE
pccwin97.EXE
pccntmon.EXE
pcscan.EXE
Nui.EXE
AutoTrace.exe
NWService.exe
NTXconfig.exe
NeoWatchLog.exe
NSCHED32.EXE
WATCHDOG.EXE
ISRV95.EXE
REALMON.EXE
PCCIOMON.EXE
POP3TRAP.EXE
NETSTAT.EXE
REGEDIT.EXE
REGEDIT95.EXE
病毒的清除法:
使用光华反病毒软件,彻底删除。
病毒演示:
病毒FAQ:
Windows下的PE病毒。
发现日期:
2003-12-18
