病毒名称:
Backdoor.Carufax.l
类别: 后门病毒
病毒资料:
破坏方法:
调用病毒动态库,动态库含钩子,能钩住本地窗口发送的所有的消息。
从本地机器上网后留下的临时文件中搜索一些有用的信息,如银行账号,各大网站账号等,将获得的信息通过http协议发送到外部主机。
下载文件http://***www.projecx.net/update6.exe到本地并执行。
查找的网站名包括:
abbeynational.co.uk,abbeynational_co_uk.pst,bankcardservices.co.uk,bankcardservices_co_uk.pst,
e-bullion.come_bullion_com.pst,netpay.tv,netpay_tv.pst,vocash.com,evocash_com.pst,anz.com,
anz.pstolb.westpac.com.au,olb_westpac_com_au.pst,
e-gold.com,e_gold_com.pst,hsbc.com.au,
hsbc_com_au.pst,ibank.cahoot.com,ibank_cahoot_com.pst,hsbc.co.uk,HSBC_CO_UK.pst,barclays.co.uk,
BARCLAYS_CO_UK.pst,nwolb.com,NATWEST_COM.pst,lloydstsb.co.uk,LLOYDSTSB_CO_UK.pst,ib.cbonline.co.uk,
ib_cbonline_co_uk.pst,halifax-online.co.uk,halifax_online_co_uk.pst,ingdirect.com,instant1f.pst,
ltblv.com,instant1f.pst,westpactrust.co.nz,instant1f.pst,scotiabank.com,instant1f.pst,
winglungbank.com,instant1f.pst,fortisbank.com,instant1f.pst,handelsbanken.se,instant1f.pst,
vietcombank.com.vn,instant1f.pst,usbank.com,instant1f.pst,telebank1.ubs.com,instant1f.pst,banknorth.com.
instant1f.pst,scotiabank.com,instant1f.pst,
sparkasse-banking.de,instant1f.pst,
royalbank.com,instant1f.pst,hsbc,instant1f.pst,pbebank.com,instant1f.pst,banKOFamerica.com,
instant1f.pst,instant1f.pst,nationalcity.com,instant1f.pst,mandtbank.com,instant1f.pst,
huntington.com,instant1f.pst,
barrington-bank.com.....
等424个,主要是国外网站,没有国内的。
结束下列杀毒软件和防火墙:
ARMOR2NET.EXE,SAVSCAN.EXE,NPROTECT.EXE,
NVSVC32.EXE,_AVP32.EXE,_AVPCC.EXE,_AVPM.EXE,
ACKWIN32.EXE,ANTI-TROJAN.EXE,
PVXDWIN.EXE,AUTODOWN.EXE,AVCONSOL.EXE,
AVE32.EXE,AVGCTRL.EXE,AVKSERV.EXE,AVNT.EXE,
AVP.EXE,AVP32.EXE,AVPCC.EXE,AVPDOS32.EXE,
AVPM.EXE,AVPTC32.EXE,AVPUPD.EXE,AVSCHED32.EXE,
AVWIN95.EXE,AVWUPD32.EXE,BLACKD.EXE,BLACKICE.EXE,
CFIADMIN.EXE,CFIAUDIT.EXE,CFINET.EXE,CFINET32.EXE,CLAW95.EXE,CLAW95CF.EXE,CLEANER.EXE,
CLEANER3.EXE,DVP95.EXE,DVP95_0.EXE,ECENGINE.EXE,ESAFE.EXE,ESPWATCH.EXE,F-AGNT95.EXE,
FINDVIRU.EXE,FPROT.EXE,F-PROT.EXE,F-PROT95.EXE,
FP-WIN.EXE,FRW.EXE,F-STOPW.EXE,IAMAPP.EXE,
IAMSERV.EXE,IBMASN.EXE,IBMAVSP.EXE,ICLOAD95.EXE,ICLOADNT.EXE,ICMON.EXE,ICSUPP95.EXE,
ICSUPPNT.EXE,IFACE.EXE,IOMON98.EXE,JEDI.EXE,LOCKDOWN2000.EXE,LOOKOUT.EXE,LUALL.EXE,
MOOLIVE.EXE,MPFTRAY.EXE,N32SCANW.EXE,
NAVAPW32.EXE,NAVLU32.EXE,NAVNT.EXE,NAVW32.EXE,
NAVWNT.EXE,NISUM.EXE,NMAIN.EXE,NORMIST.EXE,NUPGRADE.EXE,NVC95.EXE,OUTPOST.EXE,PADMIN.EXE,
PAVCL.EXE,PAVSCHED.EXE,PAVW.EXE,PCCWIN98.EXE,PCFWALLICON.EXE,PERSFW.EXE,RAV7.EXE,
RAV7WIN.EXE,RESCUE.EXE,SAFEWEB.EXE,SCAN32.EXE,SCAN95.EXE,SCANPM.EXE,SCRSCAN.EXE,
SERV95.EXE,SMC.EXE,SPHINX.EXE,SWEEP95.EXE,TBSCAN.EXE,TCA.EXE,TDS2-98.EXE,TDS2-NT.EXE,
VET95.EXE,VETTRAY.EXE,VSCAN40.EXE,VSECOMR.EXE,VSHWIN32.EXE,VSSTAT.EXE,WEBSCANX.EXE,
WFINDV32.EXE,ZONEALARM.EXE.....
病毒的清除法:
使用光华反病毒软件,彻底删除。
病毒演示:
病毒FAQ:
Windows下的PE病毒。
发现日期:
2004-9-2
