病毒名称(中文):
病毒别名:
威胁级别:
★☆☆☆☆
病毒类型:
木马程序
病毒长度:
29596
影响系统:
Win9xWinMeWinNTWin2000WinXPWin2003
病毒行为:
这是一个恶意广告软件,病毒采用进程互锁,并定时弹出虚假警告,诱惑
用户点击安装其它软件。
1.病毒将自身拷贝两份到%WinDir%目录下,分别命名为wupdmgr.exe和osaupd.exe。
2.病毒的进程一旦运行,通过检查互斥体,互相启动进程,形成进程互锁,不同方法
很难将其终止。
3.病毒在注册表中添加如下键值,作为感染标志,并以此实现开机自启:
[HKEY_CLASSES_ROOT\Balloon.Application]
默认="Balloon.Application"
[CLSID]
默认="1CA7DBAF-B066-4554-977E-5CEBB7FA59C8"
[HKEY_CLASSES_ROOT\CLSID\{1CA7DBAF-B066-4554-977E-5CEBB7FA59C8}]
默认="Balloon.Application"
[InproHandler32]
默认="ole32.dll"
[LocalServer32]
默认="%WinDir%\wudpmgr.exe"
[ProgramId]
默认="Balloon.Application"
4.病毒会定时弹出下面的虚假警告,诱惑用户点击以安装其它广告软件:
"Yourcomputerisinfectedwithmaliciousware,whatcan
causeseriousriskforyoursystemsecurity!"
"Maliciousprogramscanchange,damageanddeleteimportant
systemcomponents,whatcancauseslowerperformance,valuable
dataloss,unstablesystemoperation,irritatingpop-upsrushing
outandyourpasswordsandcreditcardinformationmaybestolen!"
"Click"OK"togetsoftwareandspecialoffersonantivirussoftware.
SecuritysystemdetectedthatyourPCisseriouslyinfectedwith
spyware.Spywaretypicallyreferstovirus-likesoftwarewhich
performshiddentasksonyourPCwithoutyourconsent,bringing
annoyingpopups,collectingpersonalinformationorcausingsluggish
performance.Itishighlyadvisedthatyouuseanti-spywaretoolsto
preventdatalossandsystemcrashes."
"ProtectyourPCnow?downloadanti-spywaretoolsthatwillscanyour
systemforinfectionsandremovethem."
"Click"OK"togetspecialoffersanddownloadlinksonanti-spyware
tools.Spywareinfectiondetected!Windowshasdetectedspywarein
yoursystem.Itisstronglyrecommendedthatyoustopworkingwith
valuabledataandproceedtousingspecialantispywareprogramstoto
preventdataloss."
...