病毒名称(中文):
苏瑞拉
病毒别名:
威胁级别:
★☆☆☆☆
病毒类型:
黑客程序
病毒长度:
89113
影响系统:
Win9xWinNT
病毒行为:
这是一个后门病毒,该病毒会窃取用户机器上的重要信息,并且会关闭大量的进程,其中包括一些后门病毒的进程,会在下载文件对该病毒进行更新.
1.在开始菜单里面加入病毒:
C:\DocumentsandSettings\AllUsers\「开始」菜单\程序\启动\ra32helpb.exe
2.修改注册表,禁止使用注册表工具.
3.修改host:
127.0.0.1www.avp.com
127.0.0.1www.avp.ru
127.0.0.1www.viruslist.com
127.0.0.1viruslist.com
127.0.0.1www.symantec.com
127.0.0.1networkassociates.com
127.0.0.1secure.nai.com
127.0.0.1downloads1.kaspersky-labs.com
127.0.0.1downloads2.kaspersky-labs.com
127.0.0.1downloads3.kaspersky-labs.com
127.0.0.1downloads4.kaspersky-labs.com
127.0.0.1downloads-us1.kaspersky-labs.com
127.0.0.1downloads-eu1.kaspersky-labs.com
127.0.0.1kaspersky-labs.com
127.0.0.1www.networkassociates.com
127.0.0.1us.mcafee.com
127.0.0.1f-secure.com
127.0.0.1avp.com
127.0.0.1www.sophos.com
127.0.0.1sophos.com
127.0.0.1www.ca.com
127.0.0.1ca.com
127.0.0.1securityresponse.symantec.com
127.0.0.1symantec.com
127.0.0.1mast.mcafee.com
127.0.0.1my-etrust.com
127.0.0.1www.kaspersky.com
127.0.0.1www.f-secure.com
127.0.0.1dispatch.mcafee.com
127.0.0.1update.symantec.com
127.0.0.1nai.com
127.0.0.1www.nai.com
127.0.0.1liveupdate.symantec.com
127.0.0.1customer.symantec.com
127.0.0.1rads.mcafee.com
127.0.0.1trendmicro.com
127.0.0.1liveupdate.symantecliveupdate.com
127.0.0.1www.mcafee.com
127.0.0.1mcafee.com
127.0.0.1viruslist.com
127.0.0.1www.my-etrust.com
127.0.0.1download.mcafee.com
127.0.0.1updates.symantec.com
127.0.0.1kaspersky.com
127.0.0.1www.trendmicro.com
4.结束大量的进程,其中还包括一些后门进程:
F-AGOBOT.EXE
HIJACKTHIS.EXE
_AVPM.EXE
_AVPCC.EXE
_AVP32.EXE
ZONEALARM.EXE
ZONALM2601.EXE
ZATUTOR.EXE
ZAPSETUP3001.EXE
ZAPRO.EXE
XPF202EN.EXE
WYVERNWORKSFIREWALL.EXE
WUPDT.EXE
WUPDATER.EXE
WRCTRL.EXE
WRADMIN.EXE
WNT.EXE
WNAD.EXE
WKUFIND.EXE
WINUPDATE.EXE
WINTSK32.EXE
WINSTART001.EXE
WINSTART.EXE
WINSSK32.EXE
WINRECON.EXE
WINPPR32.EXE
WINMAIN.EXE
WINLOGIN.EXE
WININITX.EXE
WININIT.EXE
WININETD.EXE
WINDOWS.EXE
WINDOW.EXE
WINACTIVE.EXE
WIN32US.EXE
WIN32.EXE
WIN-BUGSFIX.EXE
VisualGuard.exe
GfxAcc.exe
RAVMOND.exe
Systra.exe
MCUPDATE.EXE
CFIAUDIT.EXE
AVXQUAR.EXE
AUTOUPDATE.EXE
AUTOTRACE.EXE
AUTODOWN.EXE
AUPDATE.EXE
UPDATE.EXE
ICSUPP95.EXE
ICSSUPPNT.EXE
DRWEBUPW.EXE
LUALL.EXE
AVPUPD.EXE
AVWUPD32.EXE
wuamga.exe
taskmanagr.exe
wuamgrd.exe
wowpos32.exe
dailin.exe
rasmngr.exe
msssss.exe
backdoor.rbot.gen_(17).exe
backdoor.rbot.gen.exe
RB.EXE
IAOIN.EXE
OUTPOST.EXE
ra32help.exe
NUPGRADE.EXE
ATUPDATER.EXE
ra32helpa.exe