Win32.Troj.Small.ab

王朝system·作者佚名  2008-08-14
窄屏简体版  字體: |||超大  

病毒名称(中文):

病毒别名:

Trojan-Downloader.Win32.Small.abt[AVP]

威胁级别:

★★☆☆☆

病毒类型:

木马程序

病毒长度:

7168

影响系统:

Win9xWinNT

病毒行为:

这是一个木马下载器,用于下载并执行木马。

1.在系统目录%system%\下创建文件:

cmd64.exe(本身)

systems32.exe

driver64.exe(Trojan.Win32.Dialer.gd)

mutlo.exe(Trojan.Serpo.a)

commandos.exe(Trojan-Dropper.Win32.Small.ol)

popup_bl.dll(Trojan-Dropper.Win32.Small)

systr.dll

在病毒当前目录下创建文件:

1.dat(systems32.exe)

2.dat(Trojan.Win32.Dialer.gd)

3.dat(Trojan.Serpo.a)

4.dat(Trojan-Dropper.Win32.Small.ol)

gigasoft.dll

2.修改注册表:

添加注册表项:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

"ControlPanel"="C:\WINNT\System32\cmd64.exeinternat.dll,LoadKeyboardProfile"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler

"SysctlDesktopHandler"="{12345678-0000-0010-8000-00AAFF6D2EA4}"

HKEY_CLASSES_ROOT\CLSID\{12345678-0000-0010-8000-00AAFF6D2EA4}\InProcServer32

"默认"="C:\\WINNT\\System32\\systr.dll"

"ThreadingModel"="Apartment"

3.访问某些预定的网址,下载木马程序并运行。

4.修改主页,并添加某些网址到收藏夹:

%Favorites%\ComputersandPrivacyAdwareRemoval.url

Broadband.url

Cable.url

DomainHosting.url

DomainNames.url

DSL.url

ECommerce.url

InternetAccess.url

PopupBlocker.url

SpywareRemoval.url

WebDesign.url

%Favorites%\FinanceBadCredit.url

CreditCards.url

DebtConsolidation.url

FastCash.url

HomeBusiness.url

HomeMortgage.url

HomeRefinance.url

Investerment.url

PaydayLoan.url

StudentLoan.url

%Favorites%\RealEstateCommercialMortgage.url

Condominiums.url

HomeBusiness.url

HomeEquityLoan.url

HomeImprovement.url

HomeInsurance.url

HomeMortgage.url

InteriorDesign.url

MortgageQuote.url

MortgageRefinancing.url

%Favorites%\SportBaseballBetting.url

BasketballBetting.url

Fishing.url

Fitness.url

FootballBetting.url

Golf.url

HorseRacing.url

PersonalTrainers.url

SportCars.url

Sportsbook.url

%Favorites%\DatingAdultDating.url

ChatDating.url

ChatFlirt.url

Dating.url

Marriage.url

Matchmaking.url

Personals.url

Romance.url

Singles.url

Wedding.url

%Favorites%\GamblingBaccarat.url

Betting.url

Bingo.url

Blackjack.url

HorseRacing.url

OnlineCasinos.url

OnlineRoulette.url

Poker.url

SlotMachines.url

Sportsbook.url

%Favorites%\PharmacyAcneControl.url

BreastEnhancement.url

DietPatch.url

HumanGrowthHormone.url

PenisEnlargement.url

Tramadol.url

Valium.url

Viagra.url

Vicodin.url

Weight.url

%Favorites%\ShoppingAuto.url

Books.url

Clothing.url

Computerssubaff.url

Cosmetics.url

Electronics.url

Gifts.url

Laptops.url

Printers.url

SkinCare.url

TradeShows.url

WeddingGift.url

%Favorites%\TravelAirFlight.url

CaribbeanCruises.url

CruiseTravel.url

DiscountTravel.url

HawaiiVacation.url

Hotels.url

RentalCars.url

CarnivalCruises.url

TravelInsurance.url

VacationPackages.url

5.在桌面上添加链接AdwareRemover,HomeMortgages,OnlineDating,OnlinePharmacy,Poker。

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
 
 
© 2005- 王朝網路 版權所有 導航