病毒名称:
TrojanClicker.Win32.Delf.d
类别: 木马
病毒资料:
破坏方法:
一、拷贝自身为windows目录的“svchost.exe”,并隐藏运行新的病毒,把自身删除。
二、病毒Sleep 5秒钟才开始发作。
三、 破坏hosts文件,把几十个网址指向“213.159.118.226”
1-se.com
58q.com
aifind.cc
aifind.info
allneedsearch.com
approvedlinks.com
auto.ie.searchforge.com
awebfind.biz
best.royalsearch.net
cracks.am
default-homepage-network.com
find.microgirls.com
find4u.net
freshvideogals.com
i-lookup.com
ie-search.com
in.webcounter.cc
itseasy.us
just.find-itnow.com
link.startmake.com
mysearchnow.com
nativehardcore.com
qwertysearch123.biz
search.ieplugin.com
search.psn.cn
searchbar.findthewebsiteyouneed.com
searchcentrix.com
searchmyrequest.com
super-spider.com
t.rack.cc
teen-biz.com
teenhqpics.com
tits.hardcore4ever.net
webcoolsearch.com
wmmse.com
www.008i.com
www.2fastsearch.net
www.8095.com
www.alfa-search.com
www.boredlife.com
www.couldnotfind.com
www.cracks.am
www.daum.net
www.dreamwiz.com
www.find-itnow.com
www.find-itnow.com
www.find4u.net
www.firstbookmark.com
www.gajai.com
www.hand-book.com
www.hao123.com
www.hotsearchbox.com
www.hotwebsearch.com
www.hugesearch.net
www.iquicksearch.com
www.lookfor.cc
www.maxxxhosters.com
www.naver.com
www.nkvd.us
www.novafUCk.com
www.ohcorea.com
www.omega-search.com
www.onet.pl
www.power-search.info
www.rightfinder.net
www.search-1.net
www.search-and-go.com
www.search-dot.com
www.search-space.com
www.searchforge.com
www.searching-the-net.com
www.searchv.com
www.searchxl.com
www.seznam.cz
www.slotch.com
www.spidersearch.com
www.startium.com
www.therealsearch.com
www.ttjj.com
www.viewpornkey.com
www.wazzupnet.com
www.websearch.com
www.windowws.cc
www.xgmm.com
xwebsearch.biz
yourbookmarks.ws
四、每隔5分钟,下载http://***81.211.105.49/down/yxgb44dc4qyxgb44dc4q.0g3 到本地运行
五、修改IE的主页设置,添加自启动项
1 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet EXPlorer\Main
"start page" : HTTP://FREEDNSHOST.INFO
2 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
"start page" : HTTP://FREEDNSHOST.INFO
3 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
"search page" : HTTP://FREEDNSHOST.INFO/PAGE/
4 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
"search page" : HTTP://FREEDNSHOST.INFO/PAGE/
5 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
"search bar" : HTTP://FREEDNSHOST.INFO/PAGE/
6 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
"search bar" : HTTP://FREEDNSHOST.INFO/PAGE/
7 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
"default_page_url" : HTTP://FREEDNSHOST.INFO
8 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
"default_page_url" : HTTP://FREEDNSHOST.INFO
9 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
"default_search_url" : HTTP://FREEDNSHOST.INFO/PAGE/
10 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
"default_search_url" : HTTP:/
病毒的清除法:
使用光华反病毒软件,彻底删除。
病毒演示:
病毒FAQ:
Windows下的PE病毒。
发现日期:
2004-4-19