分享
 
 
 

Win32.Troj.Bagle.l

王朝system·作者佚名  2008-08-14
窄屏简体版  字體: |||超大  

病毒名称(中文):

病毒别名:

威胁级别:

★☆☆☆☆

病毒类型:

木马程序

病毒长度:

9042

影响系统:

Win9xWinMeWinNTWin2000WinXPWin2003

病毒行为:

这是一个通过电子邮件传播的蠕虫病毒,该病毒会以邮件附件的形式发送到用户机器上,诱使用户运行该病毒。一旦运行,病毒会释放病毒文件anti_troj.exe到系统目录,同时把自身添加到注册表的自启动项。anti_troj.exe是一个常驻内存的病毒文件,它首先从特定网页上下载病毒文件winlog.exe和winlog.dll,并运行。winlog.exe能关闭大量安全软件和常用程序,修改host文件,导致用户无法访问特定网站,该用户带来很大影响。

1,生成下列病毒文件:

%system%\anti_troj.exe

2,从下列地址下载病毒文件:

http://www.*150m.com/b..php

http://www.*encansbelec.com/b..php

http://www.**bakelit.hu/b..php

http://www.**nuclear.com.pl/b..php

http://www.*batlground.com/b..php

http://www.*bbrealservis.sk/b..php

http://www.*befag.ru/b..php

http://www.*benininfo.com/b..php

http://www.*bennylife.com/b..php

http://www.*bestcheapdomainregistration.info/b..php

http://www.*bidsforbaby.com/b..php

http://www.*binhaigolf.com/b..php

http://www.*biotenk.com/b..php

http://www.*bitsolution.ro/b..php

http://www.*nmtltd.com/b..php

http://www.*vnettools.com/b..php

http://www.*boldrussell.com/b..php

http://www.*bronko-m.ru/b..php

http://www.*bulkemailservicenow.com/b..php

http://www.*bulkemaildirectmarketing.com/b..php

http://www.*calidad.biz/b..php

http://www.*cansew.ca/b..php

http://www.*cansultdubai.ae/b..php

http://www.*casaquecanta.com/b..php

http://www.*chilotitomarino.cl/b..php

http://www.*chinaculturedpearl.com/b..php

http://www.*casino-malibu.ru/b..php

http://www.*colin18.com/b..php

http://www.*khonkaenpoc.com/b..php

http://www.*connectesl.com/b..php

http://abtechsafety.com/b..php

http://acentrum.pl/b..php

http://www.*adamant-np.ru/b..php

http://80.146.233.41/b..php

http://www.*leap.co.il/b..php

http://virt33.kei.pl/b..php

http://209.126.128.203/b..php

http://65.108.195.73/b..php

http://www.*ubu.pl/b..php

http://kepter.kz/b..php

http://ahava.cafe24.com/b..php

http://mijusungdo.net/b..php

http://aibsnlea.org/b..php

http://aikidan.com/b..php

http://202.44.52.38/b..php

http://drinkwater.ru/b..php

http://ala-bg.net/b..php

http://allinfo.com.au/b..php

http://eleceltek.com/b..php

http://alevibirligi.ch/b..php

http://alfaclassic.sk/b..php

http://allanconi.it/b..php

http://www.*americarising.com/b..php

http://americasenergyco.com/b..php

http://amerykaameryka.com/b..php

http://amistra.com/b..php

http://analisisyconsultoria.com/b..php

http://calamarco.com/b..php

3,关闭下列安全软件和常用程序:

ATUPDATER.EXE

ATUPDATER.EXE

AUPDATE.EXE

AUTODOWN.EXE

AUTOTRACE.EXE

AUTOUPDATE.EXE

AVLTMAIN.EXE

AVPUPD.EXE

AVWUPD32.EXE

AVXQUAR.EXE

CFIAUDIT.EXE

DRWEBUPW.EXE

ICSSUPPNT.EXE

ICSUPP95.EXE

LUALL.EXE

MCUPDATE.EXE

NUPGRADE.EXE

NUPGRADE.EXE

OUTPOST.EXE

UPDATE.EXE

等等

4,修改host文件:

"ad.doubleclick.net"

"upgrade.bitdefender.com"

"report.bitdefender.com"

"ad.fastclick.net"

"ads.fastclick.net"

"ar.atwola.com"

"atdmt.com"

"avp.ch"

"banner.fastclick.net"

"banners.fastclick.net"

"www.ca.com"

"click.atdmt.com"

"clicks.atdmt.com"

"customer.symantec.com"

"dispatch.mcafee.com"

"downloads-eu1.kaspersky-labs.com"

"downloads-us1.kaspersky-labs.com"

"downloads-us2.kaspersky-labs.com"

"downloads-us3.kaspersky-labs.com"

"downloads.microsoft.com"

"downloads1.kaspersky-labs.com"

"downloads2.kaspersky-labs.com"

"downloads2.kaspersky-labs.com"

"ftp.downloads2.kaspersky-labs.com"

"go.microsoft.com"

"ids.kaspersky-labs.com"

"kaspersky-labs.com"

"liveupdate.symantec.com"

"liveupdate.symantecliveupdate.com"

"mast.mcafee.com"

"mcafee.com"

"media.fastclick.net"

"msdn.microsoft.com"

"my-etrust.com"

"networkassociates.com"

"office.microsoft.com"

"phx.corporate-ir.net"

"support.microsoft.com"

"trendmicro.com"

"updates1.kaspersky-labs.com"

"viruslist.com"

"www.awaps.net"

"www.f-secure.com"

"www.fastclick.net"

"www.kaspersky.com"

"www.symantec.com"

等等

5,把自身添加到boot.ini文件

6,把自身添加注册表项目:

HKLM\SoftWare\Microsoft\Windows\CurrentVersion\Run

anti_troj=%system%\anti_troj.exe

HKLM\software\\firstrrrun

firstrrun=anti_troj.exe

7,修改下列注册表项目:

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,SymantececNetDriverMonitor"

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ccApp"

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,NAVCfgWiz"

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,APVXDWIN"

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,KAV50"

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,avg7_cc"

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,avg7_emc"

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ZoneLabsClient"

"HKLM\SOFTWARE\Symantec"

"HKLM\SOFTWARE\McAfee"

"HKLM\SOFTWARE\KasperskyLab"

"HKLM\SOFTWARE\Agnitum"

"HKLM\SOFTWARE\PandaSoftware"

"HKLM\SOFTWARE\ZoneLabs"

"HKLM\SOFTWARE\TrendMicro"

8弹出windows自带图片:

ntimage.gif

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
2023年上半年GDP全球前十五强
 百态   2023-10-24
美众议院议长启动对拜登的弹劾调查
 百态   2023-09-13
上海、济南、武汉等多地出现不明坠落物
 探索   2023-09-06
印度或要将国名改为“巴拉特”
 百态   2023-09-06
男子为女友送行,买票不登机被捕
 百态   2023-08-20
手机地震预警功能怎么开?
 干货   2023-08-06
女子4年卖2套房花700多万做美容:不但没变美脸,面部还出现变形
 百态   2023-08-04
住户一楼被水淹 还冲来8头猪
 百态   2023-07-31
女子体内爬出大量瓜子状活虫
 百态   2023-07-25
地球连续35年收到神秘规律性信号,网友:不要回答!
 探索   2023-07-21
全球镓价格本周大涨27%
 探索   2023-07-09
钱都流向了那些不缺钱的人,苦都留给了能吃苦的人
 探索   2023-07-02
倩女手游刀客魅者强控制(强混乱强眩晕强睡眠)和对应控制抗性的关系
 百态   2020-08-20
美国5月9日最新疫情:美国确诊人数突破131万
 百态   2020-05-09
荷兰政府宣布将集体辞职
 干货   2020-04-30
倩女幽魂手游师徒任务情义春秋猜成语答案逍遥观:鹏程万里
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案神机营:射石饮羽
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案昆仑山:拔刀相助
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案天工阁:鬼斧神工
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案丝路古道:单枪匹马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:与虎谋皮
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:李代桃僵
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:指鹿为马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:小鸟依人
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:千金买邻
 干货   2019-11-12
 
推荐阅读
 
 
 
>>返回首頁<<
 
靜靜地坐在廢墟上,四周的荒凉一望無際,忽然覺得,淒涼也很美
© 2005- 王朝網路 版權所有