病毒名称(中文):
病毒别名:
威胁级别:
★☆☆☆☆
病毒类型:
木马程序
病毒长度:
24576
影响系统:
Win9xWinMeWinNTWin2000WinXPWin2003
病毒行为:
它是一个后门病毒,通过MSN传播
1.拷贝到
%Sys32%\[随机名]\csrss.exe
2.释放
%Sys32%\[随机名]\csrss.dat
%Sys32%\[随机名]\csrss.ini
3.在
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
中添加
"Hidden"="2"
"SuperHidden"="0"
"ShowSuperHidden"="0"
4.在
HKEY_CURRENT_USER\Software\Chode
HKEY_CLASSES_ROOT\Chode
中,添加
"Installed"="1"
5.在
HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\CurrentVersion\Windows
中,添加
"Load"="%System%\[RANDOMFOLDERNAME]\csrss.exe"
"Run"="%System%\[RANDOMFOLDERNAME]\csrss.exe"
6.结束下列进程
msconfig.exe
kav.exe
kavsvc.exe
mcvsshld.exe
mcagent.exe
mcvsrte.exe
mcshield.exe
mcvsftsn.exe
mcdash.exe
mcvsescn.exe
mcinfo.exe
mpfagent.exe
mpftray.exe
mpfservice.exe
mskagent.exe
mcmnhdlr.exe
sndsrvc.exe
usrprmpt.exe
ccapp.exe
ccevtmgr.exe
spbbcsvc.exe
ccsetmgr.exe
symlcsvc.exe
npfmntor.exe
navapsvc.exe
issvc.exe
ccproxy.exe
navapw32.exe
navw32.exe
smc.exe
outpost.exe
zlclient.exe
vsmon.exe
isafe.exe
pandaavengine.exe
msblast.exe
penis32.exe
teekids.exe
bbeagle.exe
d3dupdate.exe
sysmonxp.exe
i11r54n4.exe
irun4.exe
mscvb32.exe
sysinfo.exe
mwincfg32.exe
wincfg32.exe
winsys.exe
zapro.exe
winupd.exe
enterprise.exe
regedit.exe
hijackthis.exe
gcasdtserv.exe
gcasserv.exe
pcctlcom.exe
tmntsrv.exe
tmproxy.exe
pccguide.exe
tmpfw.exe
pcclient.exe
7.删除下列键
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CleanUp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MCAgentExe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MCUpdateExe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VirusScan
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Online
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VSOCheckTask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ccApp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Symantec
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NetDriver
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Monitor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SmcService
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Outpost
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Firewall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gcasServ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pccguide.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KAVPersonal50
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ZoneLabs