Win32.Hack.NetDoor.s

病毒名稱(中文): 病毒別名: 威脅級別: ★☆☆☆☆ 病毒類型: 黑客程序 病毒長度: 743669 影響系統: Win9xWinMeWinNTWin2000WinXPWin2003 病毒行爲: 這是一個黑客後門病毒。該病毒的主要危害是在用戶主機留下後門，供黑客的遠程連接控制，並下載其它病毒感染計算機。該病毒爲圖片圖標，發作時會真的打開一個圖片來迷惑用戶，而在後台進行感染用戶主機。該病毒還會結束大量殺軟進程，降低系統的安全等級。 1，生成文件 %widndows%\SYN.exe %system%\drivers\npf.sys %system%\MyPic.jpg %system%\Packet.dll %system%\WanPacket.dll %system%\wpcap.dll %widndows%\HLP.exe C:\ProgramFiles\WindowsNT\svchost.exe C:\ProgramFiles\WindowsNT\lsass.exe C:\ProgramFiles\WindowsNT\ICWUT.DLL 2，添加啓動項 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Internet "ImagePath"=""C:\ProgramFiles\WindowsNT\lsass.exe"ServiceStart" 3，設置下列項的注冊表值 HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{EF6205C1-3F17-4829-BCB5-1336ED89E356} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{E689D735-1487-420D-9049-16ED198FE411} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{E4F500BF-C1A3-11D6-9697-0090961B771E} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{DDA166FA-B3EA-4A3B-8EE2-4F552CDEEE81} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{DA984A6D-508E-11D6-AA49-0050FF3C628D} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{C8BD9ACB-F7EC-48E6-BB2F-DAADC6789E9A} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{BA52B914-B692-46C4-B683-905236F6F655} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{B5A34A93-D538-43A7-8371-864CB6148D12} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{9BDBC41E-C335-4263-83C0-ECE78EE28A33} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{7584C670-2274-4EFB-B00B-D6AABA6D3850} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{74D05D43-3236-11D4-BDCD-00C04F9A3B61} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{6E5A37BF-FD42-463A-877C-4EB7002E68AE} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{644E432F-49D3-41A1-8DD5-E099162EEEC5} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{6414512B-B978-451D-A0D8-FCFDF33E833C} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{2359626E-7524-4F87-B04E-22CD38A0C88C} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{17492023-C23A-453E-A040-C7C580BBF700} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{0C568603-D79D-11D2-87A7-00C04FF158BB} "CompatibilityFlags"=0x400 4，刪除下列殺軟啓動項 HKLM\Software\Microsoft\Windows\CurrentVersion\Run SKYNETPersonalFireWall RavTask RavMon RavTimer RfwMain URLLSTCK.exe ccApp KAVPersonal50 Kavrun KavPFW KavStart iDubaPersonalFireWall KVFW KvXP KvMonXP 5，刪除下列服務 SYSTEM\CurrentControlSet\Services\RsCCenter SYSTEM\CurrentControlSet\Services\RsRavMon SYSTEM\CurrentControlSet\Services\RfwProxySrv SYSTEM\CurrentControlSet\Services\RfwService SYSTEM\CurrentControlSet\Services\SymantecCoreLC SYSTEM\CurrentControlSet\Services\SPBBCSvc SYSTEM\CurrentControlSet\Services\SNDSrvc SYSTEM\CurrentControlSet\Services\SAVScan SYSTEM\CurrentControlSet\Services\NSCService SYSTEM\CurrentControlSet\Services\navapsvc SYSTEM\CurrentControlSet\Services\comHost SYSTEM\CurrentControlSet\Services\ccSetMgr SYSTEM\CurrentControlSet\Services\ccProxy SYSTEM\CurrentControlSet\Services\ccISPwdSvc SYSTEM\CurrentControlSet\Services\ccEvtMgr SYSTEM\CurrentControlSet\Services\kavsvc SYSTEM\CurrentControlSet\Services\KWatchSvc SYSTEM\CurrentControlSet\Services\KPfwSvc SYSTEM\CurrentControlSet\Services\IDriverT SYSTEM\CurrentControlSet\Services\KVWSC SYSTEM\CurrentControlSet\Services\KVSrvXP SYSTEM\CurrentControlSet\Services\srservice SYSTEM\CurrentControlSet\Services\BITS SYSTEM\CurrentControlSet\Services\wuauserv SYSTEM\CurrentControlSet\Services\SharedAccess SYSTEM\CurrentControlSet\Services\wscsvc 6，結束下列進程 UpdateAssist.exe PFWLiveUpdate.exe PFW.exe RavQuick.exe RavCopy.exe RavUSB.exe rfwcfg.exe RavHDBak.exe ScanBD.exe MakeBoot.exe RegClean.exe RavStore.exe SmartUp.exe RsConfig.exe RsAgent.exe Rav.exe RegGuide.exe RavTask.exe RavTimer.exe RavStub.exe rfwmain.exe RavMon.exe rfwproxy.exe CCenter.exe RavMonD.exe rfwsrv.exe LUCOMS~1.EXE LUALL.EXE NMain.exe ccApp.exe SPBBCSvc.exe ccSetMgr.exe ccProxy.exe SNDSrvc.exe ccEvtMgr.exe symlcsvc.exe navapsvc.exe ccPwdSvc.exe SAVScan.exe NSCSRVCE.EXE comHost.exe kav.exe kavsvc.exe KAVLog2.EXE Rescue.EXE KRecycle.EXE Update.EXE KSAMain.EXE KATMain.EXE KASMain.EXE KAVPFW.EXE KAV32.EXE KMailMon.EXE KPFW32.EXE KAVStart.EXE KWatch.EXE KPFWSvc.EXE VirusBox.kxp kvupload.exe KVStub.kxp KVScan.kxp KvReport.kxp KVLSUI.kxp KVHiStory.kxp kvdisk.kxp KvDetect.exe KVOL.exe KVCenter.kxp KRegEx.exe kvinit.exe kvfw.exe KvXP.kxp TrojDie.kxp KvMailMag.kxp KVMonXP.kxp UIHost.exe IDriverT.exe kvwsc.exe KVSrvXP.exe agentsvr.exe SymantecCoreLC SPBBCSvc SNDSrvc SAVScan NSCService navapsvc comHost ccSetMgr ccProxy ccISPwdSvc ccEvtMgr kavsvc KWatchSvc KPfwSvc IDriverT KVWSC KVSrvXP srservice BITS wuauserv SharedAccess wscsvc 8，其它 %system%\drivers\npf.sys、%system%\Packet.dll、%system%\WanPacket.dll、%system%\wpcap.dll爲一組網絡工具程序，非病毒，用戶可以自己刪除。