| 導購 | 订阅 | 在线投稿
分享
 
 
 

Win32.Hack.NetDoor.s

2008-08-14 22:36:51  編輯來源:互聯網  简体版  手機版  移動版  評論  字體: ||
 

病毒名稱(中文):

病毒別名:

威脅級別:

★☆☆☆☆

病毒類型:

黑客程序

病毒長度:

743669

影響系統:

Win9xWinMeWinNTWin2000WinXPWin2003

病毒行爲:

這是一個黑客後門病毒。該病毒的主要危害是在用戶主機留下後門,供黑客的遠程連接控制,並下載其它病毒感染計算機。該病毒爲圖片圖標,發作時會真的打開一個圖片來迷惑用戶,而在後台進行感染用戶主機。該病毒還會結束大量殺軟進程,降低系統的安全等級。

1,生成文件

%widndows%\SYN.exe

%system%\drivers\npf.sys

%system%\MyPic.jpg

%system%\Packet.dll

%system%\WanPacket.dll

%system%\wpcap.dll

%widndows%\HLP.exe

C:\ProgramFiles\WindowsNT\svchost.exe

C:\ProgramFiles\WindowsNT\lsass.exe

C:\ProgramFiles\WindowsNT\ICWUT.DLL

2,添加啓動項

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Internet

"ImagePath"=""C:\ProgramFiles\WindowsNT\lsass.exe"ServiceStart"

3,設置下列項的注冊表值

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{EF6205C1-3F17-4829-BCB5-1336ED89E356}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{E689D735-1487-420D-9049-16ED198FE411}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{E4F500BF-C1A3-11D6-9697-0090961B771E}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{DDA166FA-B3EA-4A3B-8EE2-4F552CDEEE81}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{DA984A6D-508E-11D6-AA49-0050FF3C628D}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{C8BD9ACB-F7EC-48E6-BB2F-DAADC6789E9A}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{BA52B914-B692-46C4-B683-905236F6F655}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{B5A34A93-D538-43A7-8371-864CB6148D12}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{9BDBC41E-C335-4263-83C0-ECE78EE28A33}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{7584C670-2274-4EFB-B00B-D6AABA6D3850}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{6E5A37BF-FD42-463A-877C-4EB7002E68AE}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{644E432F-49D3-41A1-8DD5-E099162EEEC5}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{6414512B-B978-451D-A0D8-FCFDF33E833C}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{5DD731E6-D4F0-11D3-BE3F-00105A6FDA50}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{2359626E-7524-4F87-B04E-22CD38A0C88C}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{17492023-C23A-453E-A040-C7C580BBF700}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}

HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{0C568603-D79D-11D2-87A7-00C04FF158BB}

"CompatibilityFlags"=0x400

4,刪除下列殺軟啓動項

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SKYNETPersonalFireWall

RavTask

RavMon

RavTimer

RfwMain

URLLSTCK.exe

ccApp

KAVPersonal50

Kavrun

KavPFW

KavStart

iDubaPersonalFireWall

KVFW

KvXP

KvMonXP

5,刪除下列服務

SYSTEM\CurrentControlSet\Services\RsCCenter

SYSTEM\CurrentControlSet\Services\RsRavMon

SYSTEM\CurrentControlSet\Services\RfwProxySrv

SYSTEM\CurrentControlSet\Services\RfwService

SYSTEM\CurrentControlSet\Services\SymantecCoreLC

SYSTEM\CurrentControlSet\Services\SPBBCSvc

SYSTEM\CurrentControlSet\Services\SNDSrvc

SYSTEM\CurrentControlSet\Services\SAVScan

SYSTEM\CurrentControlSet\Services\NSCService

SYSTEM\CurrentControlSet\Services\navapsvc

SYSTEM\CurrentControlSet\Services\comHost

SYSTEM\CurrentControlSet\Services\ccSetMgr

SYSTEM\CurrentControlSet\Services\ccProxy

SYSTEM\CurrentControlSet\Services\ccISPwdSvc

SYSTEM\CurrentControlSet\Services\ccEvtMgr

SYSTEM\CurrentControlSet\Services\kavsvc

SYSTEM\CurrentControlSet\Services\KWatchSvc

SYSTEM\CurrentControlSet\Services\KPfwSvc

SYSTEM\CurrentControlSet\Services\IDriverT

SYSTEM\CurrentControlSet\Services\KVWSC

SYSTEM\CurrentControlSet\Services\KVSrvXP

SYSTEM\CurrentControlSet\Services\srservice

SYSTEM\CurrentControlSet\Services\BITS

SYSTEM\CurrentControlSet\Services\wuauserv

SYSTEM\CurrentControlSet\Services\SharedAccess

SYSTEM\CurrentControlSet\Services\wscsvc

6,結束下列進程

UpdateAssist.exe

PFWLiveUpdate.exe

PFW.exe

RavQuick.exe

RavCopy.exe

RavUSB.exe

rfwcfg.exe

RavHDBak.exe

ScanBD.exe

MakeBoot.exe

RegClean.exe

RavStore.exe

SmartUp.exe

RsConfig.exe

RsAgent.exe

Rav.exe

RegGuide.exe

RavTask.exe

RavTimer.exe

RavStub.exe

rfwmain.exe

RavMon.exe

rfwproxy.exe

CCenter.exe

RavMonD.exe

rfwsrv.exe

LUCOMS~1.EXE

LUALL.EXE

NMain.exe

ccApp.exe

SPBBCSvc.exe

ccSetMgr.exe

ccProxy.exe

SNDSrvc.exe

ccEvtMgr.exe

symlcsvc.exe

navapsvc.exe

ccPwdSvc.exe

SAVScan.exe

NSCSRVCE.EXE

comHost.exe

kav.exe

kavsvc.exe

KAVLog2.EXE

Rescue.EXE

KRecycle.EXE

Update.EXE

KSAMain.EXE

KATMain.EXE

KASMain.EXE

KAVPFW.EXE

KAV32.EXE

KMailMon.EXE

KPFW32.EXE

KAVStart.EXE

KWatch.EXE

KPFWSvc.EXE

VirusBox.kxp

kvupload.exe

KVStub.kxp

KVScan.kxp

KvReport.kxp

KVLSUI.kxp

KVHiStory.kxp

kvdisk.kxp

KvDetect.exe

KVOL.exe

KVCenter.kxp

KRegEx.exe

kvinit.exe

kvfw.exe

KvXP.kxp

TrojDie.kxp

KvMailMag.kxp

KVMonXP.kxp

UIHost.exe

IDriverT.exe

kvwsc.exe

KVSrvXP.exe

agentsvr.exe

SymantecCoreLC

SPBBCSvc

SNDSrvc

SAVScan

NSCService

navapsvc

comHost

ccSetMgr

ccProxy

ccISPwdSvc

ccEvtMgr

kavsvc

KWatchSvc

KPfwSvc

IDriverT

KVWSC

KVSrvXP

srservice

BITS

wuauserv

SharedAccess

wscsvc

8,其它

%system%\drivers\npf.sys、%system%\Packet.dll、%system%\WanPacket.dll、%system%\wpcap.dll爲一組網絡工具程序,非病毒,用戶可以自己刪除。

 
病毒名稱(中文): 病毒別名: 威脅級別: ★☆☆☆☆ 病毒類型: 黑客程序 病毒長度: 743669 影響系統: Win9xWinMeWinNTWin2000WinXPWin2003 病毒行爲: 這是一個黑客後門病毒。該病毒的主要危害是在用戶主機留下後門,供黑客的遠程連接控制,並下載其它病毒感染計算機。該病毒爲圖片圖標,發作時會真的打開一個圖片來迷惑用戶,而在後台進行感染用戶主機。該病毒還會結束大量殺軟進程,降低系統的安全等級。 1,生成文件 %widndows%\SYN.exe %system%\drivers\npf.sys %system%\MyPic.jpg %system%\Packet.dll %system%\WanPacket.dll %system%\wpcap.dll %widndows%\HLP.exe C:\ProgramFiles\WindowsNT\svchost.exe C:\ProgramFiles\WindowsNT\lsass.exe C:\ProgramFiles\WindowsNT\ICWUT.DLL 2,添加啓動項 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Internet "ImagePath"=""C:\ProgramFiles\WindowsNT\lsass.exe"ServiceStart" 3,設置下列項的注冊表值 HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{EF6205C1-3F17-4829-BCB5-1336ED89E356} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{E689D735-1487-420D-9049-16ED198FE411} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{E4F500BF-C1A3-11D6-9697-0090961B771E} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{DDA166FA-B3EA-4A3B-8EE2-4F552CDEEE81} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{DA984A6D-508E-11D6-AA49-0050FF3C628D} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{C8BD9ACB-F7EC-48E6-BB2F-DAADC6789E9A} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{BA52B914-B692-46C4-B683-905236F6F655} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{B5A34A93-D538-43A7-8371-864CB6148D12} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{9BDBC41E-C335-4263-83C0-ECE78EE28A33} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{7584C670-2274-4EFB-B00B-D6AABA6D3850} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{74D05D43-3236-11D4-BDCD-00C04F9A3B61} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{6E5A37BF-FD42-463A-877C-4EB7002E68AE} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{644E432F-49D3-41A1-8DD5-E099162EEEC5} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{6414512B-B978-451D-A0D8-FCFDF33E833C} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{2359626E-7524-4F87-B04E-22CD38A0C88C} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{17492023-C23A-453E-A040-C7C580BBF700} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{0C568603-D79D-11D2-87A7-00C04FF158BB} "CompatibilityFlags"=0x400 4,刪除下列殺軟啓動項 HKLM\Software\Microsoft\Windows\CurrentVersion\Run SKYNETPersonalFireWall RavTask RavMon RavTimer RfwMain URLLSTCK.exe ccApp KAVPersonal50 Kavrun KavPFW KavStart iDubaPersonalFireWall KVFW KvXP KvMonXP 5,刪除下列服務 SYSTEM\CurrentControlSet\Services\RsCCenter SYSTEM\CurrentControlSet\Services\RsRavMon SYSTEM\CurrentControlSet\Services\RfwProxySrv SYSTEM\CurrentControlSet\Services\RfwService SYSTEM\CurrentControlSet\Services\SymantecCoreLC SYSTEM\CurrentControlSet\Services\SPBBCSvc SYSTEM\CurrentControlSet\Services\SNDSrvc SYSTEM\CurrentControlSet\Services\SAVScan SYSTEM\CurrentControlSet\Services\NSCService SYSTEM\CurrentControlSet\Services\navapsvc SYSTEM\CurrentControlSet\Services\comHost SYSTEM\CurrentControlSet\Services\ccSetMgr SYSTEM\CurrentControlSet\Services\ccProxy SYSTEM\CurrentControlSet\Services\ccISPwdSvc SYSTEM\CurrentControlSet\Services\ccEvtMgr SYSTEM\CurrentControlSet\Services\kavsvc SYSTEM\CurrentControlSet\Services\KWatchSvc SYSTEM\CurrentControlSet\Services\KPfwSvc SYSTEM\CurrentControlSet\Services\IDriverT SYSTEM\CurrentControlSet\Services\KVWSC SYSTEM\CurrentControlSet\Services\KVSrvXP SYSTEM\CurrentControlSet\Services\srservice SYSTEM\CurrentControlSet\Services\BITS SYSTEM\CurrentControlSet\Services\wuauserv SYSTEM\CurrentControlSet\Services\SharedAccess SYSTEM\CurrentControlSet\Services\wscsvc 6,結束下列進程 UpdateAssist.exe PFWLiveUpdate.exe PFW.exe RavQuick.exe RavCopy.exe RavUSB.exe rfwcfg.exe RavHDBak.exe ScanBD.exe MakeBoot.exe RegClean.exe RavStore.exe SmartUp.exe RsConfig.exe RsAgent.exe Rav.exe RegGuide.exe RavTask.exe RavTimer.exe RavStub.exe rfwmain.exe RavMon.exe rfwproxy.exe CCenter.exe RavMonD.exe rfwsrv.exe LUCOMS~1.EXE LUALL.EXE NMain.exe ccApp.exe SPBBCSvc.exe ccSetMgr.exe ccProxy.exe SNDSrvc.exe ccEvtMgr.exe symlcsvc.exe navapsvc.exe ccPwdSvc.exe SAVScan.exe NSCSRVCE.EXE comHost.exe kav.exe kavsvc.exe KAVLog2.EXE Rescue.EXE KRecycle.EXE Update.EXE KSAMain.EXE KATMain.EXE KASMain.EXE KAVPFW.EXE KAV32.EXE KMailMon.EXE KPFW32.EXE KAVStart.EXE KWatch.EXE KPFWSvc.EXE VirusBox.kxp kvupload.exe KVStub.kxp KVScan.kxp KvReport.kxp KVLSUI.kxp KVHiStory.kxp kvdisk.kxp KvDetect.exe KVOL.exe KVCenter.kxp KRegEx.exe kvinit.exe kvfw.exe KvXP.kxp TrojDie.kxp KvMailMag.kxp KVMonXP.kxp UIHost.exe IDriverT.exe kvwsc.exe KVSrvXP.exe agentsvr.exe SymantecCoreLC SPBBCSvc SNDSrvc SAVScan NSCService navapsvc comHost ccSetMgr ccProxy ccISPwdSvc ccEvtMgr kavsvc KWatchSvc KPfwSvc IDriverT KVWSC KVSrvXP srservice BITS wuauserv SharedAccess wscsvc 8,其它 %system%\drivers\npf.sys、%system%\Packet.dll、%system%\WanPacket.dll、%system%\wpcap.dll爲一組網絡工具程序,非病毒,用戶可以自己刪除。
󰈣󰈤
王朝萬家燈火計劃
期待原創作者加盟
 
 
 
>>返回首頁<<
 
 
 
 
 熱帖排行
 
王朝網路微信公眾號
微信掃碼關註本站公眾號 wangchaonetcn
 
 
靜靜地坐在廢墟上,四周的荒凉一望無際,忽然覺得,淒涼也很美
© 2005- 王朝網路 版權所有