病毒名称(中文):
病毒别名:
威胁级别:
★★☆☆☆
病毒类型:
木马程序
病毒长度:
61440
影响系统:
Win9xWin2000WinXPWin2003
病毒行为:
编写工具:VB6
传染条件:
发作条件:
系统修改:
释放文件到%System%author.exe和c:explorer.exe
添加注册表:
HKEY_CLASSES_ROOTdocfileshellopencommand
"C:WINDOWSSYSTEM32AUTHOR.exe%1"
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun
author"C:WINDOWSSYSTEM32AUTHOR.exe"
HKEY_LOCAL_MACHINESoftwareCLASSESdocfileshellopencommand
"C:WINDOWSSYSTEM32AUTHOR.exe%1"
修改文件关联:
HKEY_CLASSES_ROOTdocfile
HKEY_CLASSES_ROOTdocfileshell
HKEY_CLASSES_ROOTdocfileshellopen
HKEY_LOCAL_MACHINESoftwareCLASSESdocfile
HKEY_LOCAL_MACHINESoftwareCLASSESdocfileshell
HKEY_LOCAL_MACHINESoftwareCLASSESdocfileshellopen
HKEY_CLASSES_ROOTxtfileshellopencommand
"C:WINDOWSNOTEPAD.EXE%1""C:WINDOWSSYSTEM32AUTHOR.exe%1"
HKEY_CLASSES_ROOTexefileshellopencommand
""%1"%*""C:WINDOWSSYSTEM32AUTHOR.exe%1"
HKEY_CLASSES_ROOT
egfileshellopencommand
"regedit.exe"%1"""C:WINDOWSSYSTEM32AUTHOR.exe%1"
HKEY_CLASSES_ROOTcomfileshellopencommand
""%1"%*""C:WINDOWSSYSTEM32AUTHOR.exe%1"
HKEY_LOCAL_MACHINESoftwareCLASSESxtfileshellopencommand
"C:WINDOWSNOTEPAD.EXE%1""C:WINDOWSSYSTEM32AUTHOR.exe%1"
HKEY_LOCAL_MACHINESoftwareCLASSESexefileshellopencommand
""%1"%*""C:WINDOWSSYSTEM32AUTHOR.exe%1"
HKEY_LOCAL_MACHINESoftwareCLASSES
egfileshellopencommand
"regedit.exe"%1"""C:WINDOWSSYSTEM32AUTHOR.exe%1"
HKEY_LOCAL_MACHINESoftwareCLASSEScomfileshellopencommand
""%1"%*""C:WINDOWSSYSTEM32AUTHOR.exe%1"
发作现象:
弹出对话框“您好:感谢您下载软件并运行了他,我们会经常见面的,不信??后会有期!”,当结束时打开资源治理器,多个进程运行。
非凡说明: