病毒名称:
Trojan.IEStartPage
类别: 木马
病毒资料:
破坏方法:
修改IE的默认配置如下
1 HKEY_LOCAL_MACHINE
\Software\Microsoft\Internet EXPlorer\Main
"start page" : HTTP://AWEBFIND.BIZ/
2 HKEY_CURRENT_USER
\Software\Microsoft\Internet Explorer\Main
"start page" : HTTP://AWEBFIND.BIZ/
3 HKEY_LOCAL_MACHINE
\Software\Microsoft\Internet Explorer\Main
"search page" : HTTP://AWEBFIND.BIZ/SP.HTM
4 HKEY_CURRENT_USER
\Software\Microsoft\Internet Explorer\Main
"search page" : HTTP://AWEBFIND.BIZ/SP.HTM
5 HKEY_LOCAL_MACHINE
\Software\Microsoft\Internet Explorer\Main
"search bar" : HTTP://AWEBFIND.BIZ/SP.HTM
6 HKEY_CURRENT_USER
\Software\Microsoft\Internet Explorer\Main
"search bar" : HTTP://AWEBFIND.BIZ/SP.HTM
7 HKEY_LOCAL_MACHINE
\Software\Microsoft\Internet Explorer\Main
"default_page_url" : HTTP://AWEBFIND.BIZ/
8 HKEY_CURRENT_USER
\Software\Microsoft\Internet Explorer\Main
"default_page_url" : HTTP://AWEBFIND.BIZ/
9 HKEY_LOCAL_MACHINE
\Software\Microsoft\Internet Explorer\Main
"default_search_url" : HTTP://AWEBFIND.BIZ/SP.HTM
10 HKEY_CURRENT_USER
\Software\Microsoft\Internet Explorer\Main
"default_search_url" : HTTP://AWEBFIND.BIZ/SP.HTM
11 HKEY_LOCAL_MACHINE
\Software\Microsoft\internet explorer
"searchurl" : HTTP://AWEBFIND.BIZ/SP.HTM
12 HKEY_CURRENT_USER
\Software\Microsoft\internet explorer
"searchurl" : HTTP://AWEBFIND.BIZ/SP.HTM
13 HKEY_LOCAL_MACHINE
\Software\Microsoft\internet explorer\search
"searchassistant" : HTTP://AWEBFIND.BIZ/SP.HTM
14 HKEY_LOCAL_MACHINE
\Software\Microsoft\internet explorer\search
"CustomizeSearch" : HTTP://AWEBFIND.BIZ/SP.HTM
病毒的清除法:
使用光华反病毒软件,彻底删除。
病毒演示:
病毒FAQ:
Windows下的PE病毒。
发现日期:
2004-2-26
