病毒名称(中文):
病毒别名:
威胁级别:
★★☆☆☆
病毒类型:
黑客程序
病毒长度:
74752
影响系统:
Win9xWinNT
病毒行为:
这是一个通过p2p传播的后门程序,能关闭大量安全软件,下载后门程序,开放特定的端口,并把自身作为服务,端,留下安全隐患。
1,释放下列文件
%system%\ipxrbase.exe
%root%\programfiles\internetexplorer\iexplore.exe
%system%\kasgfka.dll
%system%\jobdrkmj.dll
2,修改注册表:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
添加:"AccessWebControl=%system%\ipxrbase.exe"
达到自启动的目的
3关闭以下安全软件:
"mcshield"
"vsstat"
"avconsol"
"mcagent"
"mcvsescn"
"myagtt"
"shstat"
"avpcc"
"avp32"
"avpm"
"avpupd"
"kavi"
"pavsrv"
"apvxdw"
"drweb"
"spider"
"dwwin"
"drwtsn32"
"ccapp"
"vptray"
"navw32"
"navapw"
"pccgu"
"pccl"
"aveage"
"tmlist"
"pccnt"
"ash"
"asv"
"asw"
"avg"
"kwatch"
"kav32."
"*kav6"
"giantanti"
"gcasserv"
"gcasdts"
"spysweeper"
"kpf"
"vsmon"
"zlclient"
"outpost"
"persfw"
"smc.exe"
"smcserv"
"sysgut"
"sygate"
"cpd.exe"
"firewall"
"ca.exe"
"avguard.exe"
"procexp",
"autoruns"
"pskill"
"rootkit"
"wuauclt"
"wuauserv"
"*mcafee"
"*norton"
"*panda"
"*avast"
"*avg",0
"*kerio",0
等等
4从以下网址下载后门程序:
http://www.amazing******.com/counter.php?i=130913&c=393052******
5,通过p2p传播,并开放相应的端口,留下安全隐患。
