來源:互聯網網民 2008-08-14 22:44:47
評論病毒名稱(中文):
病毒別名:
威脅級別:
★☆☆☆☆
病毒類型:
黑客程序
病毒長度:
62464
影響系統:
Win9xWinMeWinNTWin2000WinXPWin2003
病毒行爲:
這是一個後門病毒,病毒會屏蔽一些安全網站,連接遠程主機,等待黑客命令。
1、病毒複制自身到系統目錄並運行,刪除原病毒文件:
%system%\Winclock.exe
2、修改hosts文件,屏蔽如下安全網站:
www.symantec.com
securityresponse.symantec.com
symantec.com
www.sophos.com
sophos.com
www.mcafee.com
mcafee.com
liveupdate.symantecliveupdate.com
www.viruslist.com
viruslist.com
viruslist.com
f-secure.com
www.f-secure.com
kaspersky.com
kaspersky-labs.com
www.avp.com
www.kaspersky.com
avp.com
www.networkassociates.com
networkassociates.com
www.ca.com
ca.com
mast.mcafee.com
my-etrust.com
www.my-etrust.com
download.mcafee.com
dispatch.mcafee.com
secure.nai.com
nai.com
www.nai.com
update.symantec.com
updates.symantec.com
us.mcafee.com
liveupdate.symantec.com
customer.symantec.com
rads.mcafee.com
trendmicro.com
pandasoftware.com
www.pandasoftware.com
www.trendmicro.com
www.grisoft.com
www.microsoft.com
microsoft.com
www.virustotal.com
virustotal.com
3、修改注冊表使病毒隨系統自啓動:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"MicrosoftWindowsServicesClock"="WinClock.exe"
[HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices]
"MicrosoftWindowsServicesClock"="WinClock.exe"
[HKLM\Software\Microsoft\OLE]
"MicrosoftWindowsServicesClock"="WinClock.exe"
[HKLM\SYSTEM\CurrentControlSet\Control\Lsa]
"MicrosoftWindowsServicesClock"="WinClock.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"MicrosoftWindowsServicesClock"="WinClock.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices]
"MicrosoftWindowsServicesClock"="WinClock.exe"
[HKCU\Software\Microsoft\OLE]
"MicrosoftWindowsServicesClock"="WinClock.exe"
[HKCU\SYSTEM\CurrentControlSet\Control\Lsa]
"MicrosoftWindowsServicesClock"="WinClock.exe"
4、連接遠程主機的9797端口,接受黑客命令。
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
病毒名稱(中文):
病毒別名:
威脅級別:
★☆☆☆☆
病毒類型:
黑客程序
病毒長度:
62464
影響系統:
Win9xWinMeWinNTWin2000WinXPWin2003
病毒行爲:
這是一個後門病毒,病毒會屏蔽一些安全網站,連接遠程主機,等待黑客命令。
1、病毒複制自身到系統目錄並運行,刪除原病毒文件:
%system%\Winclock.exe
2、修改hosts文件,屏蔽如下安全網站:
www.symantec.com
securityresponse.symantec.com
symantec.com
www.sophos.com
sophos.com
www.mcafee.com
mcafee.com
liveupdate.symantecliveupdate.com
www.viruslist.com
viruslist.com
viruslist.com
f-secure.com
www.f-secure.com
kaspersky.com
kaspersky-labs.com
www.avp.com
www.kaspersky.com
avp.com
www.networkassociates.com
networkassociates.com
www.ca.com
ca.com
mast.mcafee.com
my-etrust.com
www.my-etrust.com
download.mcafee.com
dispatch.mcafee.com
secure.nai.com
nai.com
www.nai.com
update.symantec.com
updates.symantec.com
us.mcafee.com
liveupdate.symantec.com
customer.symantec.com
rads.mcafee.com
trendmicro.com
pandasoftware.com
www.pandasoftware.com
www.trendmicro.com
www.grisoft.com
www.microsoft.com
microsoft.com
www.virustotal.com
virustotal.com
3、修改注冊表使病毒隨系統自啓動:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"MicrosoftWindowsServicesClock"="WinClock.exe"
[HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices]
"MicrosoftWindowsServicesClock"="WinClock.exe"
[HKLM\Software\Microsoft\OLE]
"MicrosoftWindowsServicesClock"="WinClock.exe"
[HKLM\SYSTEM\CurrentControlSet\Control\Lsa]
"MicrosoftWindowsServicesClock"="WinClock.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"MicrosoftWindowsServicesClock"="WinClock.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices]
"MicrosoftWindowsServicesClock"="WinClock.exe"
[HKCU\Software\Microsoft\OLE]
"MicrosoftWindowsServicesClock"="WinClock.exe"
[HKCU\SYSTEM\CurrentControlSet\Control\Lsa]
"MicrosoftWindowsServicesClock"="WinClock.exe"
4、連接遠程主機的9797端口,接受黑客命令。