病毒名称(中文):
病毒别名:
威胁级别:
★☆☆☆☆
病毒类型:
木马程序
病毒长度:
105472
影响系统:
Win9xWinMeWinNTWin2000WinXPWin2003
病毒行为:
这是一个盗取多种游戏密码的木马病毒,病毒通过向多种流行软件(包括系统进程)
注入病毒代码,利用搜索注册表等方法,获取多种游戏的密码等相关信息。
1.病毒首先在%WinDir%目录下释放动态链接文件thedll.dll(毒霸可查,
Win32.Troj.Harvester.a.84032)。盗取游戏密码的病毒代码就存在于
这个动态链接库文件中。
2.病毒搜索以下流行软件(包括系统进程)进程,并将thedll.dll代码
注入这些进程:
iexplore.exe
firefox.exe
Opera.exe
netscape.exe
miranda32.exe
icq.exe
ICQLite.exe
trillian.exe
aim.exe
thunderbird.exe
msimn.exe
emule.exe
WinMX.exe
KazaaLite.exe
skype.exe
TeamSpeak.exe
假如系统中找不到这些进程,病毒将病毒代码注入自身。
3.病毒代码在注册表中寻找游戏密码等相关信息,这些游戏包括:
[HKLM\SOFTWARE\ElectronicArts\EAGames\Battlefield2\ergc]
[HKLM\SOFTWARE\ElectronicArts\EAGAMES\Battlefield1942\ergc]
[HKLM\SOFTWARE\ElectronicArts\EAGames\Battlefield1942TheRoadtoRome\ergc]
[HKLM\SOFTWARE\ElectronicArts\EAGames\Battlefield1942SecretWeaponsofWWII\ergc]
[HKLM\SOFTWARE\ElectronicArts\EAGames\BattlefieldVietnam\ergc]
[HKLM\SOFTWARE\Activision\CallofDutyUnitedOffensive]
[HKLM\SOFTWARE\Activision\CallofDuty]
[HKLM\SOFTWARE\Activision\CallofDuty2]
[HKLM\Software\Techland\Chrome]
[HKLM\SOFTWARE\Westwood\RedAlert2]
[HKLM\Software\Westwood\TiberianSun]
[HKLM\SOFTWARE\ElectronicArts\EAGames\Generals\ergc]
[HKLM\SOFTWARE\ElectronicArts\EAGames\CommandandConquerGeneralsZeroHour\ergc]
[HKLM\Software\Valve\CounterStrike\Settings]
[HKLM\SOFTWARE\Crytek\FarCry\Ubi.com]
[HKLM\SOFTWARE\ElectronicArts\EASports\FIFA2002\ergc]
[SOFTWARE\ElectronicArts\EASports\FIFA2003\ergc]
[SOFTWARE\ElectronicArts\EASPORTS\FIFA06\ergc]
[SOFTWARE\ElectronicArts\EADistribution\FreedomForce\ergc]
[SOFTWARE\ElectronicArts\EAGAMES\GlobalOperations\ergc]
[Software\Valve\Gunman\Settings]
[Software\Valve\Half-Life\Settings]
[SOFTWARE\Microsoft\MicrosoftGames\Halo]
[SOFTWARE\IllusionSoftworks\Hidden&Dangerous2]
[Software\JoWooD\InstalledGames\IG2]
[SOFTWARE\ElectronicArts\EAGAMES\JamesBond007Nightfire\ergc]
[SOFTWARE\ElectronicArts\EAGames\TheBattleforMiddle-earth\ergc]
[SOFTWARE\ElectronicArts\EAGames\MedalofHonorAlliedAssault\ergc]
[SOFTWARE\ElectronicArts\EAGames\MedalofHonorAlliedAssaultBreakthrough\ergc]
[SOFTWARE\ElectronicArts\EAGames\MedalofHonorPacificAssaulttm\ergc]
[SOFTWARE\ElectronicArts\EAGames\MedalofHonorAlliedAssaultSpearhead\ergc]
[Software\ElectronicArts\EASports\NascarRacing2002\ergc]
[Software\ElectronicArts\EASports\NascarRacing2003\ergc]
[SOFTWARE\ElectronicArts\EAGAMES\NeedForSpeedHotPursuit2\ergc]
[SOFTWARE\ElectronicArts\EAGames\NeedForSpeedUnderground\ergc]
[SOFTWARE\ElectronicArts\EAGames\NeedForSpeedUnderground2\ergc]
[SOFTWARE\ElectronicArts\EASports\MaddenNFL06\ergc]
[Software\ElectronicArts\EASports\NHL2002\ergc]
[Software\ElectronicArts\EASports\NHL2003\ergc]
[SOFTWARE\ElectronicArts\EASPORTS\NHL06\ergc]
[Software\Westwood\Nox]
[SOFTWARE\UnrealTechnology\InstalledApps\Pariah]
[SOFTWARE\KONAMIPES5\PES5]
[SOFTWARE\id\Quake4]
[SOFTWARE\RedStormEntertainment\RAVENSHIELD]
[SOFTWARE\ElectronicArts\EAGAMES\ShogunTotalWar-WarlordEdition\ergc]
[SOFTWARE\SilverStyleEntertainment\SoldiersofAnarchy\Settings]
[SOFTWARE\LucasArts\StarWarsBattlefront\1.0]
[Software\LucasArts\StarWarsRepublicCommando\1.0]
[Software\EugenSystems\TheGladiators]
[SOFTWARE\UnrealTechnology\InstalledApps\UT2003]
[SOFTWARE\UnrealTechnology\InstalledApps\UT2004]
