Win32.Hack.Agobot.Ge

王朝system·作者佚名  2008-08-14
窄屏简体版  字體: |||超大  

病毒名称(中文):

安哥变种

病毒别名:

Backdoor.Agobot.gen[AVP]

威胁级别:

★☆☆☆☆

病毒类型:

黑客程序

病毒长度:

195

影响系统:

WinNTWin2000WinXPWin2003

病毒行为:

编写工具:VC6.0,PECompact压缩

传染条件:

A、该病毒通过已知的以下微软漏洞进行主动传播:

RemoteProcedureCall(RPC)DistributedComponentObjectModel(DCOM)缓冲区溢出漏洞(MS03-26)

IIS5/WEBDAV缓冲区溢出漏洞(MS03-07)

TheWorkstationservicebufferoverrun漏洞(MS03-49)

TheMicrosoftMessengerService缓冲区溢出漏洞(MS03-43)

TheLocatorservice漏洞(MS03-001)

TheUPnP漏洞(MS01-059)

MicrosoftSQLServer2000或MSDE2000audit内的漏洞(MS02-61)

B、病毒还可以通过弱密码攻击远程系统进行主动传播

C、可利用mIRC软件进行远程控制或是传播

D、通过恶鹰留下的后端口进行传播

发作条件:

系统修改:

A、在注册表主键:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun

HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunServices

中添加如下键值:

"MicrsoftBUSPCFG32"="buspcom32.exe"

以便病毒可以自启动

B、拷贝自身到系统目录:

%System%uspcom32.exe

发作现象:

A、终止大量反病毒软件的病毒防火墙和杀毒主程、升级程序,以及网络防火墙

ZONEALARM.EXE

WFINDV32.EXE

WEBSCANX.EXE

VSSTAT.EXE

VSHWIN32.EXE

VSECOMR.EXE

VSCAN40.EXE

VETTRAY.EXE

VET95.EXE

TDS2-NT.EXE

TDS2-98.EXE

TCA.EXE

TBSCAN.EXE

SWEEP95.EXE

SPHINX.EXE

SMC.EXE

SERV95.EXE

SCRSCAN.EXE

SCANPM.EXE

SCAN95.EXE

SCAN32.EXE

SAFEWEB.EXE

RESCUE.EXE

RAV7WIN.EXE

RAV7.EXE

PERSFW.EXE

PCFWALLICON.EXE

PCCWIN98.EXE

PAVW.EXE

PAVSCHED.EXE

PAVCL.EXE

PADMIN.EXE

OUTPOST.EXE

NVC95.EXE

NUPGRADE.EXE

NORMIST.EXE

NMAIN.EXE

NISUM.EXE

NAVWNT.EXE

NAVW32.EXE

NAVNT.EXE

NAVLU32.EXE

NAVAPW32.EXE

N32SCANW.EXE

MPFTRAY.EXE

MOOLIVE.EXE

LUALL.EXE

LOOKOUT.EXE

LOCKDOWN2000.EXE

JEDI.EXE

IOMON98.EXE

IFACE.EXE

ICSUPPNT.EXE

ICSUPP95.EXE

ICMON.EXE

ICLOADNT.EXE

ICLOAD95.EXE

IBMAVSP.EXE

IBMASN.EXE

IAMSERV.EXE

IAMAPP.EXE

FRW.EXE

FPROT.EXE

FP-WIN.EXE

FINDVIRU.EXE

F-STOPW.EXE

F-PROT95.EXE

F-PROT.EXE

F-AGNT95.EXE

ESPWATCH.EXE

ESAFE.EXE

ECENGINE.EXE

DVP95_0.EXE

DVP95.EXE

CLEANER3.EXE

CLEANER.EXE

CLAW95CF.EXE

CLAW95.EXE

CFINET32.EXE

CFINET.EXE

CFIAUDIT.EXE

CFIADMIN.EXE

BLACKICE.EXE

BLACKD.EXE

AVWUPD32.EXE

AVWIN95.EXE

AVSCHED32.EXE

AVPUPD.EXE

AVPTC32.EXE

AVPM.EXE

AVPDOS32.EXE

AVPCC.EXE

AVP32.EXE

AVP.EXE

AVNT.EXE

AVKSERV.EXE

AVGCTRL.EXE

AVE32.EXE

AVCONSOL.EXE

AUTODOWN.EXE

APVXDWIN.EXE

ANTI-TROJAN.EXE

ACKWIN32.EXE

_AVPM.EXE

_AVPCC.EXE

_AVP32.EXE

B、将会稍扫描局域网内的IP,并向它们发送信使服务,弹出的对话框如下:

非凡说明:

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
 
 
© 2005- 王朝網路 版權所有 導航