病毒名称(中文):
QQ杀手
病毒别名:
威胁级别:
★☆☆☆☆
病毒类型:
木马程序
病毒长度:
158712
影响系统:
Win9xWin2000
病毒行为:
编写工具:
vb
传染条件:
将自己伪装成flash动画,诱使用户双击运行
发作条件:
当用户登陆QQ时,此木马将记录用户的qq密码并通过邮件发送给攻击者.
系统修改:
1,拷贝自身到:
C:wel.txt
C:DebugFi.txt
C:ProgramFilestRtlRu.EXE
D:DocumentsandSettingsillMMifz.EXE
%system%EXPLOREA.EXE
E:DocumentsandSettingsGTduayy.EXE
E:ProgramFilesEazr.EXE
E:ProgramFilesswbp.EXE
E:RECYCLERlYUiEcO.EXE
E:SystemVolumeInformationVKal.EXE
F:BackupgAQCH.EXE
2,修改下列注册表键值:
HKEY_CLASSES_ROOTchm.fileshellopencommand""D:WINNThh.exe"%1""F:BackupgAQCH.EXE%1"
HKEY_CLASSES_ROOTexefileshellopencommand""%1"%*""E:SystemVolumeInformationVKal.EXE%1%*"
HKEY_CLASSES_ROOTinifileshellopencommand"E:ProgramFilesEazr.EXE%1"
HKEY_CLASSES_ROOT
egfileshellopencommand"regedit.exe"%1"""D:DocumentsandSettingsillMMifz.EXE%1"
HKEY_CLASSES_ROOTscrfileshellopencommand""%1"/S""E:ProgramFilesswbp.EXE%1"
HKEY_CLASSES_ROOTxtfileshellopencommand"E:RECYCLERlYUiEcO.EXE%1"
HKEY_LOCAL_MACHINESOFTWAREClasseschm.fileshellopencommand""D:WINNThh.exe"%1""F:BackupgAQCH.EXE%1"
HKEY_LOCAL_MACHINESOFTWAREClassesexefileshellopencommand""%1"%*""E:SystemVolumeInformationVKal.EXE%1%*"
HKEY_LOCAL_MACHINESOFTWAREClassesinifileshellopencommand"E:ProgramFilesEazr.EXE%1"
HKEY_LOCAL_MACHINESOFTWAREClasses
egfileshellopencommand"regedit.exe"%1"""D:DocumentsandSettingsillMMifz.EXE%1"
HKEY_LOCAL_MACHINESOFTWAREClassesscrfileshellopencommand""%1"/S""E:ProgramFilesswbp.EXE%1"
HKEY_LOCAL_MACHINESOFTWAREClassesxtfileshellopencommand"E:RECYCLERlYUiEcO.EXE%1"
这样当用户打开扩展名为chmexeiniregsrctxt文件时,木马就会自动运行
3,病毒运行后将会用windows的记事本打开一个自己生成的文件C:wel.txt,内容为Welcome!
发作现象:
木马运行后会自动打开一个windows的记事本,标题问wel.txt,内容为welcome!
非凡说明: