病毒名称(中文):
病毒别名:
威胁级别:
★★☆☆☆
病毒类型:
黑客程序
病毒长度:
77934
影响系统:
Win9xWinNT
病毒行为:
这是一个通过irc和ipc共享传播的黑客程序,自动关闭大量安全软件和常用软件,接受黑客的远程控制,下载病毒程序,给用户主机带来很大危害。
1,释放下列文件
%system%\Explorer.exe
2,添加注册表项:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
HKLM\Software\Microsoft\OLE
HKLM\SYSTEM\CurrentControlSet\Control\Lsa
"EXPLORER"="Explorer.exe"
3,关闭下列安全软件和常用软件
"ACKWIN32.EXE"
"ADAWARE.EXE"
"ADVXDWIN.EXE"
"ALERTSVC.EXE"
"AVP.EXE"
"AVP32.EXE"
"AVWUPSRV.EXE"
"BARGAINS.EXE"
"BPC.EXE"
"BRASIL.EXE"
"BS120.EXE"
"CCEVTMGR.EXE"
"CCPXYSVC.EXE"
"CFIAUDIT.EXE"
"CFIAUDIT.EXE"
"DCOMX.EXE"
"DEPUTY.EXE"
"DRWATSON.EXE"
"EFPEADM.EXE"
"ESPWATCH.EXE"
"EXE.AVXW.EXE"
"F-STOPW.EXE"
"FCH32.EXE"
"FNRB32.EXE"
"GBMENU.EXE"
"HACKTRACERSETUP.EXE"
"ICSUPPNT.EXE"
"IOMON98.EXE"
"LUSPT.EXE"
"LUSPT.EXE"
"NETSPYHUNTER-1.2.EXE"
"PCCWIN98.EXE"
"TC.EXE"
"WEBSCANX.EXE"
"WINACTIVE.EXE"
"WKUFIND.EXE"
等等
4,黑客通过irc控制用户机器,进行破坏,如下载病毒程序,窃取用户信息等等。
5,感染病毒的机器会自动扫描网络上开启了ipc共享的主机,假如找到,则把病毒程序拷贝过去。
