病毒名称(中文):
QQ狂盗王
病毒别名:
威胁级别:
★★☆☆☆
病毒类型:
木马程序
病毒长度:
389121
影响系统:
Win9xWinNTWin2000WinXPWin2003
病毒行为:
编写工具:VB6.0
传染条件:该木马将图标改成网页图标
发作条件:
系统修改:
1.添加键值:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsNTCurrentVersionWindows
"Run"="%SYSTEM%uqslkgw.exe"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
%filename%="%filepath%\%filename%.exe"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
"ediinn"="%SYSTEM%ediinn.exe"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
"iqhx"="%SYSTEM%iqhx.exe"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
"oiqjvog"="C:ProgramFilesoiqjvog.exe"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunservices
%filename%="%filepath%\%filename%.exe"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunservices
ediinn"="%SYSTEM%ediinn.exe"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunservices
"iqhx"="%SYSTEM%iqhx.exe"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunservices
"oiqjvog"="C:ProgramFilesoiqjvog.exe"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
%filename%="%filepath%\%filename%.exe"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
"ediinn"="%SYSTEM%ediinn.exe"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
"iqhx"="%SYSTEM%iqhx.exe"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
"oiqjvog"="C:ProgramFilesoiqjvog.exe"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunservices
%filename%="%filepath%\%filename%.exe"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunservices
"ediinn"="%SYSTEM%ediinn.exe"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunservices
"iqhx"="%SYSTEM%iqhx.exe"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunservicesoiqjvog
"oiqjvog"="C:ProgramFilesoiqjvog.exe"
2.向病毒所在的当前目录添加oiqjvog.exe,ediinn.exe,iqhx.exe三个隐藏文件,
向C:ProgramFiles添加oiqjvog.exe,
向%SYSTEM%添加ediinn.exe,iqhx.exe,uqslkgw.exe文件
发作现象:病毒运行后弹出QQ的界面(和QQ界面一模一样),
伪装成QQ,假如用户输入了密码,那么该信息被发送到指定的油箱
非凡说明: