| 導購 | 订阅 | 在线投稿
分享
 
 
 

Win32.Hack.NetDoor.s

2008-08-14 22:36:51  編輯來源:互聯網  简体版  手機版  評論  字體: ||
 
  病毒名稱(中文):

  

  病毒別名:

  

  

  威脅級別:

  ★☆☆☆☆

  病毒類型:

  黑客程序

  病毒長度:

  743669

  影響系統:

  Win9xWinMeWinNTWin2000WinXPWin2003

  

  病毒行爲:

  這是一個黑客後門病毒。該病毒的主要危害是在用戶主機留下後門,供黑客的遠程連接控制,並下載其它病毒感染計算機。該病毒爲圖片圖標,發作時會真的打開一個圖片來迷惑用戶,而在後台進行感染用戶主機。該病毒還會結束大量殺軟進程,降低系統的安全等級。

  1,生成文件

  %widndows%\SYN.exe

  %system%\drivers\npf.sys

  %system%\MyPic.jpg

  %system%\Packet.dll

  %system%\WanPacket.dll

  %system%\wpcap.dll

  %widndows%\HLP.exe

  C:\ProgramFiles\WindowsNT\svchost.exe

  C:\ProgramFiles\WindowsNT\lsass.exe

  C:\ProgramFiles\WindowsNT\ICWUT.DLL

  2,添加啓動項

  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Internet

  "ImagePath"=""C:\ProgramFiles\WindowsNT\lsass.exe"ServiceStart"

  3,設置下列項的注冊表值

  HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{EF6205C1-3F17-4829-BCB5-1336ED89E356}

  HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{E689D735-1487-420D-9049-16ED198FE411}

  HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{E4F500BF-C1A3-11D6-9697-0090961B771E}

  HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153}

  HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{DDA166FA-B3EA-4A3B-8EE2-4F552CDEEE81}

  HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{DA984A6D-508E-11D6-AA49-0050FF3C628D}

  HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{C8BD9ACB-F7EC-48E6-BB2F-DAADC6789E9A}

  HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{BA52B914-B692-46C4-B683-905236F6F655}

  HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{B5A34A93-D538-43A7-8371-864CB6148D12}

  HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{9BDBC41E-C335-4263-83C0-ECE78EE28A33}

  HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}

  HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{7584C670-2274-4EFB-B00B-D6AABA6D3850}

  HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}

  HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{6E5A37BF-FD42-463A-877C-4EB7002E68AE}

  HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

  HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{644E432F-49D3-41A1-8DD5-E099162EEEC5}

  HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{6414512B-B978-451D-A0D8-FCFDF33E833C}

  HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{5DD731E6-D4F0-11D3-BE3F-00105A6FDA50}

  HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

  HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}

  HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{2359626E-7524-4F87-B04E-22CD38A0C88C}

  HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{17492023-C23A-453E-A040-C7C580BBF700}

  HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}

  HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{0C568603-D79D-11D2-87A7-00C04FF158BB}

  "CompatibilityFlags"=0x400

  4,刪除下列殺軟啓動項

  HKLM\Software\Microsoft\Windows\CurrentVersion\Run

  SKYNETPersonalFireWall

  RavTask

  RavMon

  RavTimer

  RfwMain

  URLLSTCK.exe

  ccApp

  KAVPersonal50

  Kavrun

  KavPFW

  KavStart

  iDubaPersonalFireWall

  KVFW

  KvXP

  KvMonXP

  5,刪除下列服務

  SYSTEM\CurrentControlSet\Services\RsCCenter

  SYSTEM\CurrentControlSet\Services\RsRavMon

  SYSTEM\CurrentControlSet\Services\RfwProxySrv

  SYSTEM\CurrentControlSet\Services\RfwService

  SYSTEM\CurrentControlSet\Services\SymantecCoreLC

  SYSTEM\CurrentControlSet\Services\SPBBCSvc

  SYSTEM\CurrentControlSet\Services\SNDSrvc

  SYSTEM\CurrentControlSet\Services\SAVScan

  SYSTEM\CurrentControlSet\Services\NSCService

  SYSTEM\CurrentControlSet\Services\navapsvc

  SYSTEM\CurrentControlSet\Services\comHost

  SYSTEM\CurrentControlSet\Services\ccSetMgr

  SYSTEM\CurrentControlSet\Services\ccProxy

  SYSTEM\CurrentControlSet\Services\ccISPwdSvc

  SYSTEM\CurrentControlSet\Services\ccEvtMgr

  SYSTEM\CurrentControlSet\Services\kavsvc

  SYSTEM\CurrentControlSet\Services\KWatchSvc

  SYSTEM\CurrentControlSet\Services\KPfwSvc

  SYSTEM\CurrentControlSet\Services\IDriverT

  SYSTEM\CurrentControlSet\Services\KVWSC

  SYSTEM\CurrentControlSet\Services\KVSrvXP

  SYSTEM\CurrentControlSet\Services\srservice

  SYSTEM\CurrentControlSet\Services\BITS

  SYSTEM\CurrentControlSet\Services\wuauserv

  SYSTEM\CurrentControlSet\Services\SharedAccess

  SYSTEM\CurrentControlSet\Services\wscsvc

  6,結束下列進程

  UpdateAssist.exe

  PFWLiveUpdate.exe

  PFW.exe

  RavQuick.exe

  RavCopy.exe

  RavUSB.exe

  rfwcfg.exe

  RavHDBak.exe

  ScanBD.exe

  MakeBoot.exe

  RegClean.exe

  RavStore.exe

  SmartUp.exe

  RsConfig.exe

  RsAgent.exe

  Rav.exe

  RegGuide.exe

  RavTask.exe

  RavTimer.exe

  RavStub.exe

  rfwmain.exe

  RavMon.exe

  rfwproxy.exe

  CCenter.exe

  RavMonD.exe

  rfwsrv.exe

  LUCOMS~1.EXE

  LUALL.EXE

  NMain.exe

  ccApp.exe

  SPBBCSvc.exe

  ccSetMgr.exe

  ccProxy.exe

  SNDSrvc.exe

  ccEvtMgr.exe

  symlcsvc.exe

  navapsvc.exe

  ccPwdSvc.exe

  SAVScan.exe

  NSCSRVCE.EXE

  comHost.exe

  kav.exe

  kavsvc.exe

  KAVLog2.EXE

  Rescue.EXE

  KRecycle.EXE

  Update.EXE

  KSAMain.EXE

  KATMain.EXE

  KASMain.EXE

  KAVPFW.EXE

  KAV32.EXE

  KMailMon.EXE

  KPFW32.EXE

  KAVStart.EXE

  KWatch.EXE

  KPFWSvc.EXE

  VirusBox.kxp

  kvupload.exe

  KVStub.kxp

  KVScan.kxp

  KvReport.kxp

  KVLSUI.kxp

  KVHiStory.kxp

  kvdisk.kxp

  KvDetect.exe

  KVOL.exe

  KVCenter.kxp

  KRegEx.exe

  kvinit.exe

  kvfw.exe

  KvXP.kxp

  TrojDie.kxp

  KvMailMag.kxp

  KVMonXP.kxp

  UIHost.exe

  IDriverT.exe

  kvwsc.exe

  KVSrvXP.exe

  agentsvr.exe

  SymantecCoreLC

  SPBBCSvc

  SNDSrvc

  SAVScan

  NSCService

  navapsvc

  comHost

  ccSetMgr

  ccProxy

  ccISPwdSvc

  ccEvtMgr

  kavsvc

  KWatchSvc

  KPfwSvc

  IDriverT

  KVWSC

  KVSrvXP

  srservice

  BITS

  wuauserv

  SharedAccess

  wscsvc

  8,其它

  %system%\drivers\npf.sys、%system%\Packet.dll、%system%\WanPacket.dll、%system%\wpcap.dll爲一組網絡工具程序,非病毒,用戶可以自己刪除。
 
病毒名稱(中文): 病毒別名: 威脅級別: ★☆☆☆☆ 病毒類型: 黑客程序 病毒長度: 743669 影響系統: Win9xWinMeWinNTWin2000WinXPWin2003 病毒行爲: 這是一個黑客後門病毒。該病毒的主要危害是在用戶主機留下後門,供黑客的遠程連接控制,並下載其它病毒感染計算機。該病毒爲圖片圖標,發作時會真的打開一個圖片來迷惑用戶,而在後台進行感染用戶主機。該病毒還會結束大量殺軟進程,降低系統的安全等級。 1,生成文件 %widndows%\SYN.exe %system%\drivers\npf.sys %system%\MyPic.jpg %system%\Packet.dll %system%\WanPacket.dll %system%\wpcap.dll %widndows%\HLP.exe C:\ProgramFiles\WindowsNT\svchost.exe C:\ProgramFiles\WindowsNT\lsass.exe C:\ProgramFiles\WindowsNT\ICWUT.DLL 2,添加啓動項 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Internet "ImagePath"=""C:\ProgramFiles\WindowsNT\lsass.exe"ServiceStart" 3,設置下列項的注冊表值 HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{EF6205C1-3F17-4829-BCB5-1336ED89E356} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{E689D735-1487-420D-9049-16ED198FE411} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{E4F500BF-C1A3-11D6-9697-0090961B771E} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{DDA166FA-B3EA-4A3B-8EE2-4F552CDEEE81} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{DA984A6D-508E-11D6-AA49-0050FF3C628D} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{C8BD9ACB-F7EC-48E6-BB2F-DAADC6789E9A} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{BA52B914-B692-46C4-B683-905236F6F655} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{B5A34A93-D538-43A7-8371-864CB6148D12} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{9BDBC41E-C335-4263-83C0-ECE78EE28A33} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{7584C670-2274-4EFB-B00B-D6AABA6D3850} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{74D05D43-3236-11D4-BDCD-00C04F9A3B61} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{6E5A37BF-FD42-463A-877C-4EB7002E68AE} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{644E432F-49D3-41A1-8DD5-E099162EEEC5} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{6414512B-B978-451D-A0D8-FCFDF33E833C} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{2359626E-7524-4F87-B04E-22CD38A0C88C} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{17492023-C23A-453E-A040-C7C580BBF700} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{0C568603-D79D-11D2-87A7-00C04FF158BB} "CompatibilityFlags"=0x400 4,刪除下列殺軟啓動項 HKLM\Software\Microsoft\Windows\CurrentVersion\Run SKYNETPersonalFireWall RavTask RavMon RavTimer RfwMain URLLSTCK.exe ccApp KAVPersonal50 Kavrun KavPFW KavStart iDubaPersonalFireWall KVFW KvXP KvMonXP 5,刪除下列服務 SYSTEM\CurrentControlSet\Services\RsCCenter SYSTEM\CurrentControlSet\Services\RsRavMon SYSTEM\CurrentControlSet\Services\RfwProxySrv SYSTEM\CurrentControlSet\Services\RfwService SYSTEM\CurrentControlSet\Services\SymantecCoreLC SYSTEM\CurrentControlSet\Services\SPBBCSvc SYSTEM\CurrentControlSet\Services\SNDSrvc SYSTEM\CurrentControlSet\Services\SAVScan SYSTEM\CurrentControlSet\Services\NSCService SYSTEM\CurrentControlSet\Services\navapsvc SYSTEM\CurrentControlSet\Services\comHost SYSTEM\CurrentControlSet\Services\ccSetMgr SYSTEM\CurrentControlSet\Services\ccProxy SYSTEM\CurrentControlSet\Services\ccISPwdSvc SYSTEM\CurrentControlSet\Services\ccEvtMgr SYSTEM\CurrentControlSet\Services\kavsvc SYSTEM\CurrentControlSet\Services\KWatchSvc SYSTEM\CurrentControlSet\Services\KPfwSvc SYSTEM\CurrentControlSet\Services\IDriverT SYSTEM\CurrentControlSet\Services\KVWSC SYSTEM\CurrentControlSet\Services\KVSrvXP SYSTEM\CurrentControlSet\Services\srservice SYSTEM\CurrentControlSet\Services\BITS SYSTEM\CurrentControlSet\Services\wuauserv SYSTEM\CurrentControlSet\Services\SharedAccess SYSTEM\CurrentControlSet\Services\wscsvc 6,結束下列進程 UpdateAssist.exe PFWLiveUpdate.exe PFW.exe RavQuick.exe RavCopy.exe RavUSB.exe rfwcfg.exe RavHDBak.exe ScanBD.exe MakeBoot.exe RegClean.exe RavStore.exe SmartUp.exe RsConfig.exe RsAgent.exe Rav.exe RegGuide.exe RavTask.exe RavTimer.exe RavStub.exe rfwmain.exe RavMon.exe rfwproxy.exe CCenter.exe RavMonD.exe rfwsrv.exe LUCOMS~1.EXE LUALL.EXE NMain.exe ccApp.exe SPBBCSvc.exe ccSetMgr.exe ccProxy.exe SNDSrvc.exe ccEvtMgr.exe symlcsvc.exe navapsvc.exe ccPwdSvc.exe SAVScan.exe NSCSRVCE.EXE comHost.exe kav.exe kavsvc.exe KAVLog2.EXE Rescue.EXE KRecycle.EXE Update.EXE KSAMain.EXE KATMain.EXE KASMain.EXE KAVPFW.EXE KAV32.EXE KMailMon.EXE KPFW32.EXE KAVStart.EXE KWatch.EXE KPFWSvc.EXE VirusBox.kxp kvupload.exe KVStub.kxp KVScan.kxp KvReport.kxp KVLSUI.kxp KVHiStory.kxp kvdisk.kxp KvDetect.exe KVOL.exe KVCenter.kxp KRegEx.exe kvinit.exe kvfw.exe KvXP.kxp TrojDie.kxp KvMailMag.kxp KVMonXP.kxp UIHost.exe IDriverT.exe kvwsc.exe KVSrvXP.exe agentsvr.exe SymantecCoreLC SPBBCSvc SNDSrvc SAVScan NSCService navapsvc comHost ccSetMgr ccProxy ccISPwdSvc ccEvtMgr kavsvc KWatchSvc KPfwSvc IDriverT KVWSC KVSrvXP srservice BITS wuauserv SharedAccess wscsvc 8,其它 %system%\drivers\npf.sys、%system%\Packet.dll、%system%\WanPacket.dll、%system%\wpcap.dll爲一組網絡工具程序,非病毒,用戶可以自己刪除。
󰈣󰈤
 
 
 
>>返回首頁<<
 
 
 
 
 熱帖排行
 
王朝網路微信公眾號
微信掃碼關註本站公眾號 wangchaonetcn
 
  免責聲明:本文僅代表作者個人觀點,與王朝網絡無關。王朝網絡登載此文出於傳遞更多信息之目的,並不意味著贊同其觀點或證實其描述,其原創性以及文中陳述文字和內容未經本站證實,對本文以及其中全部或者部分內容、文字的真實性、完整性、及時性本站不作任何保證或承諾,請讀者僅作參考,並請自行核實相關內容。
 
© 2005- 王朝網路 版權所有