分享
 
 
 

Win32.Hack.NetDoor.s

王朝c#·作者佚名  2008-08-14
窄屏简体版  字體: |||超大  

病毒名稱(中文):

病毒別名:

威脅級別:

★☆☆☆☆

病毒類型:

黑客程序

病毒長度:

743669

影響系統:

Win9xWinMeWinNTWin2000WinXPWin2003

病毒行為:

這是一個黑客後門病毒。該病毒的主要危害是在用戶主機留下後門,供黑客的遠程連接控制,並下載其它病毒感染計算機。該病毒為圖片圖標,發作時會真的打開一個圖片來迷惑用戶,而在後臺進行感染用戶主機。該病毒還會結束大量殺軟進程,降低系統的安全等級。

1,生成文件

%widndows%\SYN.exe

%system%\drivers\npf.sys

%system%\MyPic.jpg

%system%\Packet.dll

%system%\WanPacket.dll

%system%\wpcap.dll

%widndows%\HLP.exe

C:\ProgramFiles\WindowsNT\svchost.exe

C:\ProgramFiles\WindowsNT\lsass.exe

C:\ProgramFiles\WindowsNT\ICWUT.DLL

2,添加啟動項

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Internet

"ImagePath"=""C:\ProgramFiles\WindowsNT\lsass.exe"ServiceStart"

3,設置下列項的註冊表值

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{EF6205C1-3F17-4829-BCB5-1336ED89E356}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{E689D735-1487-420D-9049-16ED198FE411}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{E4F500BF-C1A3-11D6-9697-0090961B771E}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{DDA166FA-B3EA-4A3B-8EE2-4F552CDEEE81}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{DA984A6D-508E-11D6-AA49-0050FF3C628D}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{C8BD9ACB-F7EC-48E6-BB2F-DAADC6789E9A}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{BA52B914-B692-46C4-B683-905236F6F655}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{B5A34A93-D538-43A7-8371-864CB6148D12}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{9BDBC41E-C335-4263-83C0-ECE78EE28A33}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{7584C670-2274-4EFB-B00B-D6AABA6D3850}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{6E5A37BF-FD42-463A-877C-4EB7002E68AE}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{644E432F-49D3-41A1-8DD5-E099162EEEC5}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{6414512B-B978-451D-A0D8-FCFDF33E833C}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{5DD731E6-D4F0-11D3-BE3F-00105A6FDA50}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{2359626E-7524-4F87-B04E-22CD38A0C88C}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{17492023-C23A-453E-A040-C7C580BBF700}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{0C568603-D79D-11D2-87A7-00C04FF158BB}

"CompatibilityFlags"=0x400

4,刪除下列殺軟啟動項

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SKYNETPersonalFireWall

RavTask

RavMon

RavTimer

RfwMain

URLLSTCK.exe

ccApp

KAVPersonal50

Kavrun

KavPFW

KavStart

iDubaPersonalFireWall

KVFW

KvXP

KvMonXP

5,刪除下列服務

SYSTEM\CurrentControlSet\Services\RsCCenter

SYSTEM\CurrentControlSet\Services\RsRavMon

SYSTEM\CurrentControlSet\Services\RfwProxySrv

SYSTEM\CurrentControlSet\Services\RfwService

SYSTEM\CurrentControlSet\Services\SymantecCoreLC

SYSTEM\CurrentControlSet\Services\SPBBCSvc

SYSTEM\CurrentControlSet\Services\SNDSrvc

SYSTEM\CurrentControlSet\Services\SAVScan

SYSTEM\CurrentControlSet\Services\NSCService

SYSTEM\CurrentControlSet\Services\navapsvc

SYSTEM\CurrentControlSet\Services\comHost

SYSTEM\CurrentControlSet\Services\ccSetMgr

SYSTEM\CurrentControlSet\Services\ccProxy

SYSTEM\CurrentControlSet\Services\ccISPwdSvc

SYSTEM\CurrentControlSet\Services\ccEvtMgr

SYSTEM\CurrentControlSet\Services\kavsvc

SYSTEM\CurrentControlSet\Services\KWatchSvc

SYSTEM\CurrentControlSet\Services\KPfwSvc

SYSTEM\CurrentControlSet\Services\IDriverT

SYSTEM\CurrentControlSet\Services\KVWSC

SYSTEM\CurrentControlSet\Services\KVSrvXP

SYSTEM\CurrentControlSet\Services\srservice

SYSTEM\CurrentControlSet\Services\BITS

SYSTEM\CurrentControlSet\Services\wuauserv

SYSTEM\CurrentControlSet\Services\SharedAccess

SYSTEM\CurrentControlSet\Services\wscsvc

6,結束下列進程

UpdateAssist.exe

PFWLiveUpdate.exe

PFW.exe

RavQuick.exe

RavCopy.exe

RavUSB.exe

rfwcfg.exe

RavHDBak.exe

ScanBD.exe

MakeBoot.exe

RegClean.exe

RavStore.exe

SmartUp.exe

RsConfig.exe

RsAgent.exe

Rav.exe

RegGuide.exe

RavTask.exe

RavTimer.exe

RavStub.exe

rfwmain.exe

RavMon.exe

rfwproxy.exe

CCenter.exe

RavMonD.exe

rfwsrv.exe

LUCOMS~1.EXE

LUALL.EXE

NMain.exe

ccApp.exe

SPBBCSvc.exe

ccSetMgr.exe

ccProxy.exe

SNDSrvc.exe

ccEvtMgr.exe

symlcsvc.exe

navapsvc.exe

ccPwdSvc.exe

SAVScan.exe

NSCSRVCE.EXE

comHost.exe

kav.exe

kavsvc.exe

KAVLog2.EXE

Rescue.EXE

KRecycle.EXE

Update.EXE

KSAMain.EXE

KATMain.EXE

KASMain.EXE

KAVPFW.EXE

KAV32.EXE

KMailMon.EXE

KPFW32.EXE

KAVStart.EXE

KWatch.EXE

KPFWSvc.EXE

VirusBox.kxp

kvupload.exe

KVStub.kxp

KVScan.kxp

KvReport.kxp

KVLSUI.kxp

KVHiStory.kxp

kvdisk.kxp

KvDetect.exe

KVOL.exe

KVCenter.kxp

KRegEx.exe

kvinit.exe

kvfw.exe

KvXP.kxp

TrojDie.kxp

KvMailMag.kxp

KVMonXP.kxp

UIHost.exe

IDriverT.exe

kvwsc.exe

KVSrvXP.exe

agentsvr.exe

SymantecCoreLC

SPBBCSvc

SNDSrvc

SAVScan

NSCService

navapsvc

comHost

ccSetMgr

ccProxy

ccISPwdSvc

ccEvtMgr

kavsvc

KWatchSvc

KPfwSvc

IDriverT

KVWSC

KVSrvXP

srservice

BITS

wuauserv

SharedAccess

wscsvc

8,其它

%system%\drivers\npf.sys、%system%\Packet.dll、%system%\WanPacket.dll、%system%\wpcap.dll為一組網絡工具程序,非病毒,用戶可以自己刪除。

 
 
 
免責聲明:本文為網絡用戶發布,其觀點僅代表作者個人觀點,與本站無關,本站僅提供信息存儲服務。文中陳述內容未經本站證實,其真實性、完整性、及時性本站不作任何保證或承諾,請讀者僅作參考,並請自行核實相關內容。
2023年上半年GDP全球前十五強
 百态   2023-10-24
美眾議院議長啟動對拜登的彈劾調查
 百态   2023-09-13
上海、濟南、武漢等多地出現不明墜落物
 探索   2023-09-06
印度或要將國名改為「巴拉特」
 百态   2023-09-06
男子為女友送行,買票不登機被捕
 百态   2023-08-20
手機地震預警功能怎麽開?
 干货   2023-08-06
女子4年賣2套房花700多萬做美容:不但沒變美臉,面部還出現變形
 百态   2023-08-04
住戶一樓被水淹 還衝來8頭豬
 百态   2023-07-31
女子體內爬出大量瓜子狀活蟲
 百态   2023-07-25
地球連續35年收到神秘規律性信號,網友:不要回答!
 探索   2023-07-21
全球鎵價格本周大漲27%
 探索   2023-07-09
錢都流向了那些不缺錢的人,苦都留給了能吃苦的人
 探索   2023-07-02
倩女手遊刀客魅者強控制(強混亂強眩暈強睡眠)和對應控制抗性的關系
 百态   2020-08-20
美國5月9日最新疫情:美國確診人數突破131萬
 百态   2020-05-09
荷蘭政府宣布將集體辭職
 干货   2020-04-30
倩女幽魂手遊師徒任務情義春秋猜成語答案逍遙觀:鵬程萬裏
 干货   2019-11-12
倩女幽魂手遊師徒任務情義春秋猜成語答案神機營:射石飲羽
 干货   2019-11-12
倩女幽魂手遊師徒任務情義春秋猜成語答案昆侖山:拔刀相助
 干货   2019-11-12
倩女幽魂手遊師徒任務情義春秋猜成語答案天工閣:鬼斧神工
 干货   2019-11-12
倩女幽魂手遊師徒任務情義春秋猜成語答案絲路古道:單槍匹馬
 干货   2019-11-12
倩女幽魂手遊師徒任務情義春秋猜成語答案鎮郊荒野:與虎謀皮
 干货   2019-11-12
倩女幽魂手遊師徒任務情義春秋猜成語答案鎮郊荒野:李代桃僵
 干货   2019-11-12
倩女幽魂手遊師徒任務情義春秋猜成語答案鎮郊荒野:指鹿為馬
 干货   2019-11-12
倩女幽魂手遊師徒任務情義春秋猜成語答案金陵:小鳥依人
 干货   2019-11-12
倩女幽魂手遊師徒任務情義春秋猜成語答案金陵:千金買鄰
 干货   2019-11-12
 
>>返回首頁<<
 
靜靜地坐在廢墟上,四周的荒凉一望無際,忽然覺得,淒涼也很美
© 2005- 王朝網路 版權所有