病毒名称(中文):
病毒别名:
威胁级别:
★☆☆☆☆
病毒类型:
黑客程序
病毒长度:
62762
影响系统:
Win9xWinMeWinNTWin2000WinXPWin2003
病毒行为:
Win32.Hack.Durlen.d是一个宏病毒,能删除正常文件,并降低计算机安全等级.
1,删除下列目录中的.com和.exe文件:
%windows%
%system%
%sysntenRoot%
2,删除c:\windows中,含有下列后缀名称的文件
.xls
.rar
.ini
.htm
.bmp
.gif
3,删除msoffice的Excel.exe和Powerpnt.exe文件
C:\ProgramFiles\MicrosoftOffice\Office\Excel.exe
C:\ProgramFiles\MicrosoftOffice\Office\Powerpnt.exe
4,关闭任务栏
5,添加注册表项:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
"DisableTaskMgr"="1"
"DisableRegistryTools"="1"
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
"EnableFirewall"="0"
HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsFirewall\DomainProfile
"EnableFirewall"="0"
HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsFirewall\StandardProfile
"EnableFirewall"="0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
"NoRun"="1"
"DisallowRun"="1"
"NoFind"="5"
"NoCloseKey"="5"
"NoClose"="5"
"NoDesktop"="3"
"NoSaveSettings"="3"
"NoViewContextMenu"="3"
"NoSetFolders"="2"
"NoFavoritesMenu"="2"
"NoSetTaskbar"="2"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
"NoDesktop"="2"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityCenter
"AntiVirusOverride"="1"
"FirewallOverride"="1"
"UpdatesDisableNotify"="1"
6,释放文件到下列目录:
%Windows%\Hzjl\News.doc
%Windows%\Vnbz\Girls.doc
%Windows%\Sgba\Joke.doc
%Windows%\Texts\Exemple.doc
%Windows%ApplicationData\Music.doc
7,显示下列对话框:
Title:Today!
Message:Haveaniceday!
