订阅 病毒名稱(中文):
病毒別名:
威脅級別:
★☆☆☆☆
病毒類型:
黑客程序
病毒長度:
743669
影響系統:
Win9xWinMeWinNTWin2000WinXPWin2003
病毒行爲:
這是一個黑客後門病毒。該病毒的主要危害是在用戶主機留下後門,供黑客的遠程連接控制,並下載其它病毒感染計算機。該病毒爲圖片圖標,發作時會真的打開一個圖片來迷惑用戶,而在後台進行感染用戶主機。該病毒還會結束大量殺軟進程,降低系統的安全等級。
1,生成文件
%widndows%\SYN.exe
%system%\drivers\npf.sys
%system%\MyPic.jpg
%system%\Packet.dll
%system%\WanPacket.dll
%system%\wpcap.dll
%widndows%\HLP.exe
C:\ProgramFiles\WindowsNT\svchost.exe
C:\ProgramFiles\WindowsNT\lsass.exe
C:\ProgramFiles\WindowsNT\ICWUT.DLL
2,添加啓動項
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Internet
"ImagePath"=""C:\ProgramFiles\WindowsNT\lsass.exe"ServiceStart"
3,設置下列項的注冊表值
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{EF6205C1-3F17-4829-BCB5-1336ED89E356}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{E689D735-1487-420D-9049-16ED198FE411}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{E4F500BF-C1A3-11D6-9697-0090961B771E}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{DDA166FA-B3EA-4A3B-8EE2-4F552CDEEE81}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{DA984A6D-508E-11D6-AA49-0050FF3C628D}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{C8BD9ACB-F7EC-48E6-BB2F-DAADC6789E9A}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{BA52B914-B692-46C4-B683-905236F6F655}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{B5A34A93-D538-43A7-8371-864CB6148D12}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{9BDBC41E-C335-4263-83C0-ECE78EE28A33}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{7584C670-2274-4EFB-B00B-D6AABA6D3850}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{6E5A37BF-FD42-463A-877C-4EB7002E68AE}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{644E432F-49D3-41A1-8DD5-E099162EEEC5}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{6414512B-B978-451D-A0D8-FCFDF33E833C}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{5DD731E6-D4F0-11D3-BE3F-00105A6FDA50}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{2359626E-7524-4F87-B04E-22CD38A0C88C}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{17492023-C23A-453E-A040-C7C580BBF700}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{0C568603-D79D-11D2-87A7-00C04FF158BB}
"CompatibilityFlags"=0x400
4,刪除下列殺軟啓動項
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SKYNETPersonalFireWall
RavTask
RavMon
RavTimer
RfwMain
URLLSTCK.exe
ccApp
KAVPersonal50
Kavrun
KavPFW
KavStart
iDubaPersonalFireWall
KVFW
KvXP
KvMonXP
5,刪除下列服務
SYSTEM\CurrentControlSet\Services\RsCCenter
SYSTEM\CurrentControlSet\Services\RsRavMon
SYSTEM\CurrentControlSet\Services\RfwProxySrv
SYSTEM\CurrentControlSet\Services\RfwService
SYSTEM\CurrentControlSet\Services\SymantecCoreLC
SYSTEM\CurrentControlSet\Services\SPBBCSvc
SYSTEM\CurrentControlSet\Services\SNDSrvc
SYSTEM\CurrentControlSet\Services\SAVScan
SYSTEM\CurrentControlSet\Services\NSCService
SYSTEM\CurrentControlSet\Services\navapsvc
SYSTEM\CurrentControlSet\Services\comHost
SYSTEM\CurrentControlSet\Services\ccSetMgr
SYSTEM\CurrentControlSet\Services\ccProxy
SYSTEM\CurrentControlSet\Services\ccISPwdSvc
SYSTEM\CurrentControlSet\Services\ccEvtMgr
SYSTEM\CurrentControlSet\Services\kavsvc
SYSTEM\CurrentControlSet\Services\KWatchSvc
SYSTEM\CurrentControlSet\Services\KPfwSvc
SYSTEM\CurrentControlSet\Services\IDriverT
SYSTEM\CurrentControlSet\Services\KVWSC
SYSTEM\CurrentControlSet\Services\KVSrvXP
SYSTEM\CurrentControlSet\Services\srservice
SYSTEM\CurrentControlSet\Services\BITS
SYSTEM\CurrentControlSet\Services\wuauserv
SYSTEM\CurrentControlSet\Services\SharedAccess
SYSTEM\CurrentControlSet\Services\wscsvc
6,結束下列進程
UpdateAssist.exe
PFWLiveUpdate.exe
PFW.exe
RavQuick.exe
RavCopy.exe
RavUSB.exe
rfwcfg.exe
RavHDBak.exe
ScanBD.exe
MakeBoot.exe
RegClean.exe
RavStore.exe
SmartUp.exe
RsConfig.exe
RsAgent.exe
Rav.exe
RegGuide.exe
RavTask.exe
RavTimer.exe
RavStub.exe
rfwmain.exe
RavMon.exe
rfwproxy.exe
CCenter.exe
RavMonD.exe
rfwsrv.exe
LUCOMS~1.EXE
LUALL.EXE
NMain.exe
ccApp.exe
SPBBCSvc.exe
ccSetMgr.exe
ccProxy.exe
SNDSrvc.exe
ccEvtMgr.exe
symlcsvc.exe
navapsvc.exe
ccPwdSvc.exe
SAVScan.exe
NSCSRVCE.EXE
comHost.exe
kav.exe
kavsvc.exe
KAVLog2.EXE
Rescue.EXE
KRecycle.EXE
Update.EXE
KSAMain.EXE
KATMain.EXE
KASMain.EXE
KAVPFW.EXE
KAV32.EXE
KMailMon.EXE
KPFW32.EXE
KAVStart.EXE
KWatch.EXE
KPFWSvc.EXE
VirusBox.kxp
kvupload.exe
KVStub.kxp
KVScan.kxp
KvReport.kxp
KVLSUI.kxp
KVHiStory.kxp
kvdisk.kxp
KvDetect.exe
KVOL.exe
KVCenter.kxp
KRegEx.exe
kvinit.exe
kvfw.exe
KvXP.kxp
TrojDie.kxp
KvMailMag.kxp
KVMonXP.kxp
UIHost.exe
IDriverT.exe
kvwsc.exe
KVSrvXP.exe
agentsvr.exe
SymantecCoreLC
SPBBCSvc
SNDSrvc
SAVScan
NSCService
navapsvc
comHost
ccSetMgr
ccProxy
ccISPwdSvc
ccEvtMgr
kavsvc
KWatchSvc
KPfwSvc
IDriverT
KVWSC
KVSrvXP
srservice
BITS
wuauserv
SharedAccess
wscsvc
8,其它
%system%\drivers\npf.sys、%system%\Packet.dll、%system%\WanPacket.dll、%system%\wpcap.dll爲一組網絡工具程序,非病毒,用戶可以自己刪除。
| 笑話軍事旅遊美容女性百態母嬰家電遊戲互聯網財經美女幹貨家飾健康探索資源娛樂學院 數碼美食景區養生手機購車首飾美妝裝修情感篇廚房科普動物植物編程百科知道汽車珠寶 健康評測品位娛樂居家情感星座服飾美體奢侈品美容達人親子圖庫折扣生活美食花嫁風景 | |
Win32.Hack.NetDoor.s
日版寵物情人2017的插曲,很帶節奏感,日語的,女生唱的。 最後聽見是在第8集的時候女主手割傷了,然後男主用嘴幫她吸了一下,插曲就出來了。 歌手:Def...
把牛仔褲磨出有線的破洞 1、具體工具就是磨腳石,下面墊一個硬物,然後用磨腳石一直磨一直磨,到把那塊磨薄了,用手撕開就好了。出來的洞啊很自然的。需要貓須的話調幾...
你就是我最愛的寶寶 - 李溪芮 (電視劇《極品家丁》片尾曲) 作詞:常馨內 作曲:常馨內 你的眉 又鬼馬的挑 你的嘴 又壞壞的笑 上一秒吵鬧 下...
烏梅,又稱春梅,中醫認爲,烏梅味酸,性溫,無毒,具有安心、除熱、下氣、祛痰、止渴調中、殺蟲的功效,治肢體痛、肺痨病。烏梅泡水喝能治傷寒煩熱、止吐瀉,與幹姜一起制...
來源:中國青年報 新的攻擊方法不斷湧現,黑客幾乎永遠占據網絡攻擊的上風,我們不可能通過技術手段杜絕網絡攻擊。國家安全保障的主要方向是打擊犯罪,而不是處置和懲罰...
夫妻網絡直播“造人”爆紅 1月9日,溫嶺城北派出所接到南京警方的協查通告,他們近期打掉了一個涉黃直播APP平台。而根據掌握的線索,其中有一對涉案的夫妻主播...
觀點一:破日本銷售量的“鮮肌之謎” 非日本生産 近一段時間,淘寶上架了一款名爲“鮮肌之謎的” 鲑魚卵巢美容液,號稱是最近日本的一款推出的全新護膚品,産品本身所...
據英國《每日快報》報道,一位科學家兼理論家Robert Lanza博士宣稱,世界上並不存在人類死亡,死亡的只是身體。他認爲我們的意識借助我們體內的能量生存,而且...
《屏裏狐》片頭曲《我愛狐狸精》歌詞是什麽?
《我愛狐狸精》 - 劉馨棋 (電視劇《屏裏狐》主題曲) 作詞:金十三&李旦 作曲:劉嘉 狐狸精 狐狸仙 千年修...
病毒名稱(中文):
病毒別名:
威脅級別:
★☆☆☆☆
病毒類型:
黑客程序
病毒長度:
743669
影響系統:
Win9xWinMeWinNTWin2000WinXPWin2003
病毒行爲:
這是一個黑客後門病毒。該病毒的主要危害是在用戶主機留下後門,供黑客的遠程連接控制,並下載其它病毒感染計算機。該病毒爲圖片圖標,發作時會真的打開一個圖片來迷惑用戶,而在後台進行感染用戶主機。該病毒還會結束大量殺軟進程,降低系統的安全等級。
1,生成文件
%widndows%\SYN.exe
%system%\drivers\npf.sys
%system%\MyPic.jpg
%system%\Packet.dll
%system%\WanPacket.dll
%system%\wpcap.dll
%widndows%\HLP.exe
C:\ProgramFiles\WindowsNT\svchost.exe
C:\ProgramFiles\WindowsNT\lsass.exe
C:\ProgramFiles\WindowsNT\ICWUT.DLL
2,添加啓動項
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Internet
"ImagePath"=""C:\ProgramFiles\WindowsNT\lsass.exe"ServiceStart"
3,設置下列項的注冊表值
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{EF6205C1-3F17-4829-BCB5-1336ED89E356}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{E689D735-1487-420D-9049-16ED198FE411}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{E4F500BF-C1A3-11D6-9697-0090961B771E}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{DDA166FA-B3EA-4A3B-8EE2-4F552CDEEE81}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{DA984A6D-508E-11D6-AA49-0050FF3C628D}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{C8BD9ACB-F7EC-48E6-BB2F-DAADC6789E9A}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{BA52B914-B692-46C4-B683-905236F6F655}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{B5A34A93-D538-43A7-8371-864CB6148D12}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{9BDBC41E-C335-4263-83C0-ECE78EE28A33}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{7584C670-2274-4EFB-B00B-D6AABA6D3850}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{6E5A37BF-FD42-463A-877C-4EB7002E68AE}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{644E432F-49D3-41A1-8DD5-E099162EEEC5}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{6414512B-B978-451D-A0D8-FCFDF33E833C}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{5DD731E6-D4F0-11D3-BE3F-00105A6FDA50}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{2359626E-7524-4F87-B04E-22CD38A0C88C}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{17492023-C23A-453E-A040-C7C580BBF700}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}
HKLM\SOFTWARE\Microsoft\InternetExplorer\ActiveXCompatibility\{0C568603-D79D-11D2-87A7-00C04FF158BB}
"CompatibilityFlags"=0x400
4,刪除下列殺軟啓動項
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SKYNETPersonalFireWall
RavTask
RavMon
RavTimer
RfwMain
URLLSTCK.exe
ccApp
KAVPersonal50
Kavrun
KavPFW
KavStart
iDubaPersonalFireWall
KVFW
KvXP
KvMonXP
5,刪除下列服務
SYSTEM\CurrentControlSet\Services\RsCCenter
SYSTEM\CurrentControlSet\Services\RsRavMon
SYSTEM\CurrentControlSet\Services\RfwProxySrv
SYSTEM\CurrentControlSet\Services\RfwService
SYSTEM\CurrentControlSet\Services\SymantecCoreLC
SYSTEM\CurrentControlSet\Services\SPBBCSvc
SYSTEM\CurrentControlSet\Services\SNDSrvc
SYSTEM\CurrentControlSet\Services\SAVScan
SYSTEM\CurrentControlSet\Services\NSCService
SYSTEM\CurrentControlSet\Services\navapsvc
SYSTEM\CurrentControlSet\Services\comHost
SYSTEM\CurrentControlSet\Services\ccSetMgr
SYSTEM\CurrentControlSet\Services\ccProxy
SYSTEM\CurrentControlSet\Services\ccISPwdSvc
SYSTEM\CurrentControlSet\Services\ccEvtMgr
SYSTEM\CurrentControlSet\Services\kavsvc
SYSTEM\CurrentControlSet\Services\KWatchSvc
SYSTEM\CurrentControlSet\Services\KPfwSvc
SYSTEM\CurrentControlSet\Services\IDriverT
SYSTEM\CurrentControlSet\Services\KVWSC
SYSTEM\CurrentControlSet\Services\KVSrvXP
SYSTEM\CurrentControlSet\Services\srservice
SYSTEM\CurrentControlSet\Services\BITS
SYSTEM\CurrentControlSet\Services\wuauserv
SYSTEM\CurrentControlSet\Services\SharedAccess
SYSTEM\CurrentControlSet\Services\wscsvc
6,結束下列進程
UpdateAssist.exe
PFWLiveUpdate.exe
PFW.exe
RavQuick.exe
RavCopy.exe
RavUSB.exe
rfwcfg.exe
RavHDBak.exe
ScanBD.exe
MakeBoot.exe
RegClean.exe
RavStore.exe
SmartUp.exe
RsConfig.exe
RsAgent.exe
Rav.exe
RegGuide.exe
RavTask.exe
RavTimer.exe
RavStub.exe
rfwmain.exe
RavMon.exe
rfwproxy.exe
CCenter.exe
RavMonD.exe
rfwsrv.exe
LUCOMS~1.EXE
LUALL.EXE
NMain.exe
ccApp.exe
SPBBCSvc.exe
ccSetMgr.exe
ccProxy.exe
SNDSrvc.exe
ccEvtMgr.exe
symlcsvc.exe
navapsvc.exe
ccPwdSvc.exe
SAVScan.exe
NSCSRVCE.EXE
comHost.exe
kav.exe
kavsvc.exe
KAVLog2.EXE
Rescue.EXE
KRecycle.EXE
Update.EXE
KSAMain.EXE
KATMain.EXE
KASMain.EXE
KAVPFW.EXE
KAV32.EXE
KMailMon.EXE
KPFW32.EXE
KAVStart.EXE
KWatch.EXE
KPFWSvc.EXE
VirusBox.kxp
kvupload.exe
KVStub.kxp
KVScan.kxp
KvReport.kxp
KVLSUI.kxp
KVHiStory.kxp
kvdisk.kxp
KvDetect.exe
KVOL.exe
KVCenter.kxp
KRegEx.exe
kvinit.exe
kvfw.exe
KvXP.kxp
TrojDie.kxp
KvMailMag.kxp
KVMonXP.kxp
UIHost.exe
IDriverT.exe
kvwsc.exe
KVSrvXP.exe
agentsvr.exe
SymantecCoreLC
SPBBCSvc
SNDSrvc
SAVScan
NSCService
navapsvc
comHost
ccSetMgr
ccProxy
ccISPwdSvc
ccEvtMgr
kavsvc
KWatchSvc
KPfwSvc
IDriverT
KVWSC
KVSrvXP
srservice
BITS
wuauserv
SharedAccess
wscsvc
8,其它
%system%\drivers\npf.sys、%system%\Packet.dll、%system%\WanPacket.dll、%system%\wpcap.dll爲一組網絡工具程序,非病毒,用戶可以自己刪除。
免責聲明:本文僅代表作者個人觀點,與王朝網路無關。王朝網路登載此文出於傳遞更多信息之目的,並不意味著贊同其觀點或證實其描述,其原創性以及文中陳述文字和內容未經本站證實,對本文以及其中全部或者部分內容、文字的真實性、完整性、及時性本站不作任何保證或承諾,請讀者僅作參考,並請自行核實相關內容。
© 2005- 王朝網路 版權所有