病毒名称:
Trojan.StartPage.l
类别: 木马病毒
病毒资料:
破坏方法:
启动后将IE隐藏在后台运行,修改了IE的默认首页。释放出一个文件PCSEARCH.REG到%Windows%目录下
1.修改注册表:
1
HKEY_CURRENT_USER\Software\Microsoft\Internet EXPlorer\Main
"SearchURL" : HTTP://***WWW.I--SEARCH.COM/IE/
2
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
"search page" : HTTP://***WWW.I--SEARCH.COM/IE/
3
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
"search page" : HTTP://***WWW.I--SEARCH.COM/IE/
4
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
"search bar" : HTTP://***WWW.I--SEARCH.COM/IE/
5
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
"default_search_url" : HTTP://***WWW.I--SEARCH.COM/IE/
6
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
"default_search_url" : HTTP://***WWW.I--SEARCH.COM/IE/
7
HKEY_CURRENT_USER\Software\Microsoft\internet explorer
"searchurl" : HTTP://***WWW.I--SEARCH.COM/IE/
8
HKEY_LOCAL_MACHINE\Software\Microsoft\internet explorer\search
"searchassistant" : HTTP://***WWW.I--SEARCH.COM/IE/
9
HKEY_CURRENT_USER\Software\Microsoft\internet explorer\search
"searchassistant" : HTTP://***WWW.I--SEARCH.COM/IE/
10
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
\Currentversion\Run
"SysSearch" : REGEDIT.EXE -S C:/WINNT/PCSEARCH.REG
病毒的清除法:
使用光华反病毒软件,彻底删除。
病毒演示:
病毒FAQ:
Windows下的PE病毒。
发现日期:
2004-11-12
