病毒名称(中文):
病毒别名:
Trojan-Downloader.Win32.Small.abt[AVP]
威胁级别:
★★☆☆☆
病毒类型:
木马程序
病毒长度:
7168
影响系统:
Win9xWinNT
病毒行为:
这是一个木马下载器,用于下载并执行木马。
1.在系统目录%system%\下创建文件:
cmd64.exe(本身)
systems32.exe
driver64.exe(Trojan.Win32.Dialer.gd)
mutlo.exe(Trojan.Serpo.a)
commandos.exe(Trojan-Dropper.Win32.Small.ol)
popup_bl.dll(Trojan-Dropper.Win32.Small)
systr.dll
在病毒当前目录下创建文件:
1.dat(systems32.exe)
2.dat(Trojan.Win32.Dialer.gd)
3.dat(Trojan.Serpo.a)
4.dat(Trojan-Dropper.Win32.Small.ol)
gigasoft.dll
2.修改注册表:
添加注册表项:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"ControlPanel"="C:\WINNT\System32\cmd64.exeinternat.dll,LoadKeyboardProfile"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
"SysctlDesktopHandler"="{12345678-0000-0010-8000-00AAFF6D2EA4}"
HKEY_CLASSES_ROOT\CLSID\{12345678-0000-0010-8000-00AAFF6D2EA4}\InProcServer32
"默认"="C:\\WINNT\\System32\\systr.dll"
"ThreadingModel"="Apartment"
3.访问某些预定的网址,下载木马程序并运行。
4.修改主页,并添加某些网址到收藏夹:
%Favorites%\ComputersandPrivacyAdwareRemoval.url
Broadband.url
Cable.url
DomainHosting.url
DomainNames.url
DSL.url
ECommerce.url
InternetAccess.url
PopupBlocker.url
SpywareRemoval.url
WebDesign.url
%Favorites%\FinanceBadCredit.url
CreditCards.url
DebtConsolidation.url
FastCash.url
HomeBusiness.url
HomeMortgage.url
HomeRefinance.url
Investerment.url
PaydayLoan.url
StudentLoan.url
%Favorites%\RealEstateCommercialMortgage.url
Condominiums.url
HomeBusiness.url
HomeEquityLoan.url
HomeImprovement.url
HomeInsurance.url
HomeMortgage.url
InteriorDesign.url
MortgageQuote.url
MortgageRefinancing.url
%Favorites%\SportBaseballBetting.url
BasketballBetting.url
Fishing.url
Fitness.url
FootballBetting.url
Golf.url
HorseRacing.url
PersonalTrainers.url
SportCars.url
Sportsbook.url
%Favorites%\DatingAdultDating.url
ChatDating.url
ChatFlirt.url
Dating.url
Marriage.url
Matchmaking.url
Personals.url
Romance.url
Singles.url
Wedding.url
%Favorites%\GamblingBaccarat.url
Betting.url
Bingo.url
Blackjack.url
HorseRacing.url
OnlineCasinos.url
OnlineRoulette.url
Poker.url
SlotMachines.url
Sportsbook.url
%Favorites%\PharmacyAcneControl.url
BreastEnhancement.url
DietPatch.url
HumanGrowthHormone.url
PenisEnlargement.url
Tramadol.url
Valium.url
Viagra.url
Vicodin.url
Weight.url
%Favorites%\ShoppingAuto.url
Books.url
Clothing.url
Computerssubaff.url
Cosmetics.url
Electronics.url
Gifts.url
Laptops.url
Printers.url
SkinCare.url
TradeShows.url
WeddingGift.url
%Favorites%\TravelAirFlight.url
CaribbeanCruises.url
CruiseTravel.url
DiscountTravel.url
HawaiiVacation.url
Hotels.url
RentalCars.url
CarnivalCruises.url
TravelInsurance.url
VacationPackages.url
5.在桌面上添加链接AdwareRemover,HomeMortgages,OnlineDating,OnlinePharmacy,Poker。
