病毒名称(中文):
魔盒
病毒别名:
DDoS.Win32.Boxed.b[AVP]
威胁级别:
★★☆☆☆
病毒类型:
黑客程序
病毒长度:
26182
影响系统:
WinNT
病毒行为:
该病毒将自己注册为开机启动的服务“NetworkClient”,驻留后台运行。它频繁的向指定的某些网站发动拒绝服务DoS(DenialofService)攻击。
1.修改注册表,并将自身注册为开机启动的服务“NetworkClient”。
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetworkClient]
"Type"=dword:00000010
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"="<病毒全路径>"
"DisplayName"="NetworkClient"
"ObjectName"="LocalSystem"
"Description"="Createsandmaintainsclientnetworkconnectionstoremoteservers.Ifthisserviceisstopped,these
connectionswillbeunavailable.Ifthisserviceisdisabled,anyservicesthatexplicitlydependonitwillfailtostart."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetworkClient\Security]
"Security"="<系统相关>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetworkClient\Enum]
"0"="Root\\LEGACY_NETWORK_CLIENT\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_CLIENT]
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_CLIENT\0000]
"Service"="NetworkClient"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="<系统相关>"
"DeviceDesc"="NetworkClient"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_CLIENT\0000\Control]
"*NewlyCreated*"=dword:00000000
"ActiveService"="NetworkClient"
2.该病毒驻留内存,频繁的对下列网站发送恶意数据包,试图进行拒绝服务DoS(DenialofService)攻击:
216.109.127.60
www.bootcom.com
ftp.bootcom.com
mail.bootcom.com
pop3.bootcom.com
secure.bootcom.com
