Win32.Troj.Agent.k

病毒名称(中文):

木马下载器

病毒别名:

TrojanDropper.Win32.Agent.k【AVP】

威胁级别:

★☆☆☆☆

病毒类型:

木马程序

病毒长度:

影响系统:

Win9xWinMeWinNTWin2000WinXPWin2003

病毒行为:

编写工具:

传染条件:

发作条件:

系统修改:

A、在%SystemRoot%目录下或者%System%目录下生成的几个文件名变化的文件：

1098字节的exe文件(文件释放)

2891字节的exe文件(文件释放)

2907字节的exe文件

7314字节的exe文件

B、在%System%目录下生成的文件：

winmm64.exe

favico.dat

C、在当前用户的收藏夹内添加连接：

AdultPicsandMoviesoo.url

FreeAdultPicsandMoviesIncest.url

FreeAdultPicsandMoviesDateRape.url

FreeAdultPicsandMoviesAnalRape.url

FreeAdultPicsandMoviesSex.url

FreeAdultPicsandMoviesFreePorn.url

FreeAdultPicsandMoviesEscorts.url

FreeAdultPicsandMoviesPenisEnlargement.url

FreeAdultPicsandMoviesSingleGirls.url

FreeAdultPicsandMoviesSexVideo.url

FreeAdultPicsandMoviesHardcore.url

FreeAdultPicsandMoviesAmateurSex.url

FreeAdultPicsandMoviesPorn.url

FreeAdultPicsandMoviesTeenSex.url

FreeAdultPicsandMoviesGay.url

FreeAdultPicsandMoviesFreeSex.url

FreeAdultPicsandMoviesPussy.url

FreeAdultPicsandMoviesAnimalSex.url

FreeAdultPicsandMoviesAsianSex.url

FreeAdultPicsandMoviesMatureSex.url

FreeAdultPicsandMoviesGroupSex.url

FreeAdultPicsandMoviesAnal.url

E-BusinessNewsOnlineTrading.url

E-BusinessNewsInternet.url

E-BusinessNewsWebSiteDesign.url

E-BusinessNewsWebHosting.url

E-BusinessNewsAffiliateProgram.url

E-BusinessNewsDomainNames.url

HealthNewsHealthInsurance.url

HealthNewsFitness.url

HealthNewsWomenHealth.url

HealthNewsNutrition.url

HealthNewsDiet.url

HealthNewsMenHealth.url

ShoppingNewsSkinCare.url

ShoppingNewsComputers.url

ShoppingNewsCosmetics.url

ShoppingNewsGifts.url

ShoppingNewsElectronics.url

ShoppingNewsAuto.url

ShoppingNewsBooks.url

ShoppingNewsClothing.url

OnlinePharmacyNewsOnlinePharmacy.url

OnlinePharmacyNewsViagra.url

OnlinePharmacyNewsTramadol.url

OnlinePharmacyNewsPhentermine.url

OnlinePharmacyNewsValium.url

OnlinePharmacyNewsXanax.url

OnlinePharmacyNewsAdipex.url

OnlinePharmacyNewsPenisPills.url

OnlinePharmacyNewsCarisoprodol.url

OnlinePharmacyNewsDrug.url

OnlineGamblingNewsPoker.url

OnlineGamblingNewsOnlineCasino.url

OnlineGamblingNewsOnlineGambling.url

OnlineGamblingNewsCasino.url

OnlineGamblingNewsOnlinePoker.url

OnlineGamblingNewsBlackJack.url

OnlineGamblingNewsCasinoGames.url

OnlineGamblingNewsHomeBusinessandFinances.url

Antiviruses,Software,ComputersAntivirus.url

Antiviruses,Software,ComputersSpyware.url

Antiviruses,Software,ComputersSpywareRemover.url

Antiviruses,Software,ComputersSoftware.url

Antiviruses,Software,ComputersHosting.url

100%FREERANDOMADULTSITE!.url

FREEANIMALSEX,INCEST,TEENSEX,MATURESEXANDMORE!.url

Animalsex.url

AnalRape(rapedteens).url

incestsex(Dadanddaughter,Momandson).url

Spywareremover.url

ElitePorno!.url

EliteHardcoreVideo.url

SweetBabesfucking.url

D、在注册表主键：

HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun和

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun

下添加与生成文件同名的键值，并指向该文件名，以及：

"SpywareGuardPlus"="C:WINNTsystem32winmm64.exe"

发作现象:

A、连接到预定义的网址（82.146.48.224，81.9.3.82）下载木马程序并运行。

B、在用户收藏夹里面添加许多病毒网址和恶意网址。

非凡说明:

• ·Worm.Mydoom.s
• ·Worm.Mydoom.t
• ·Win32.Hack.NetAngle10Sv
• ·Win32.Troj.Mspao
• ·Win32.Hack.MiFeng823
• ·Win32.Troj.Delf.af
• ·Worm.NetSky.r
• ·Win32.Troj.Francette.n
• ·Worm.Mydoom.AB
• ·Worm.Mydoom.AB