| 導購 | 订阅 | 在线投稿
分享
 
 
 

Win32.Hack.Agent.gt

來源:互聯網  2008-08-14 22:44:47  評論

病毒名稱(中文):

病毒別名:

威脅級別:

★☆☆☆☆

病毒類型:

黑客程序

病毒長度:

62464

影響系統:

Win9xWinMeWinNTWin2000WinXPWin2003

病毒行爲:

這是一個後門病毒,病毒會屏蔽一些安全網站,連接遠程主機,等待黑客命令。

1、病毒複制自身到系統目錄並運行,刪除原病毒文件:

%system%\Winclock.exe

2、修改hosts文件,屏蔽如下安全網站:

www.symantec.com

securityresponse.symantec.com

symantec.com

www.sophos.com

sophos.com

www.mcafee.com

mcafee.com

liveupdate.symantecliveupdate.com

www.viruslist.com

viruslist.com

viruslist.com

f-secure.com

www.f-secure.com

kaspersky.com

kaspersky-labs.com

www.avp.com

www.kaspersky.com

avp.com

www.networkassociates.com

networkassociates.com

www.ca.com

ca.com

mast.mcafee.com

my-etrust.com

www.my-etrust.com

download.mcafee.com

dispatch.mcafee.com

secure.nai.com

nai.com

www.nai.com

update.symantec.com

updates.symantec.com

us.mcafee.com

liveupdate.symantec.com

customer.symantec.com

rads.mcafee.com

trendmicro.com

pandasoftware.com

www.pandasoftware.com

www.trendmicro.com

www.grisoft.com

www.microsoft.com

microsoft.com

www.virustotal.com

virustotal.com

3、修改注冊表使病毒隨系統自啓動:

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]

"MicrosoftWindowsServicesClock"="WinClock.exe"

[HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices]

"MicrosoftWindowsServicesClock"="WinClock.exe"

[HKLM\Software\Microsoft\OLE]

"MicrosoftWindowsServicesClock"="WinClock.exe"

[HKLM\SYSTEM\CurrentControlSet\Control\Lsa]

"MicrosoftWindowsServicesClock"="WinClock.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]

"MicrosoftWindowsServicesClock"="WinClock.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices]

"MicrosoftWindowsServicesClock"="WinClock.exe"

[HKCU\Software\Microsoft\OLE]

"MicrosoftWindowsServicesClock"="WinClock.exe"

[HKCU\SYSTEM\CurrentControlSet\Control\Lsa]

"MicrosoftWindowsServicesClock"="WinClock.exe"

4、連接遠程主機的9797端口,接受黑客命令。

病毒名稱(中文): 病毒別名: 威脅級別: ★☆☆☆☆ 病毒類型: 黑客程序 病毒長度: 62464 影響系統: Win9xWinMeWinNTWin2000WinXPWin2003 病毒行爲: 這是一個後門病毒,病毒會屏蔽一些安全網站,連接遠程主機,等待黑客命令。 1、病毒複制自身到系統目錄並運行,刪除原病毒文件: %system%\Winclock.exe 2、修改hosts文件,屏蔽如下安全網站: www.symantec.com securityresponse.symantec.com symantec.com www.sophos.com sophos.com www.mcafee.com mcafee.com liveupdate.symantecliveupdate.com www.viruslist.com viruslist.com viruslist.com f-secure.com www.f-secure.com kaspersky.com kaspersky-labs.com www.avp.com www.kaspersky.com avp.com www.networkassociates.com networkassociates.com www.ca.com ca.com mast.mcafee.com my-etrust.com www.my-etrust.com download.mcafee.com dispatch.mcafee.com secure.nai.com nai.com www.nai.com update.symantec.com updates.symantec.com us.mcafee.com liveupdate.symantec.com customer.symantec.com rads.mcafee.com trendmicro.com pandasoftware.com www.pandasoftware.com www.trendmicro.com www.grisoft.com www.microsoft.com microsoft.com www.virustotal.com virustotal.com 3、修改注冊表使病毒隨系統自啓動: [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "MicrosoftWindowsServicesClock"="WinClock.exe" [HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices] "MicrosoftWindowsServicesClock"="WinClock.exe" [HKLM\Software\Microsoft\OLE] "MicrosoftWindowsServicesClock"="WinClock.exe" [HKLM\SYSTEM\CurrentControlSet\Control\Lsa] "MicrosoftWindowsServicesClock"="WinClock.exe" [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "MicrosoftWindowsServicesClock"="WinClock.exe" [HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices] "MicrosoftWindowsServicesClock"="WinClock.exe" [HKCU\Software\Microsoft\OLE] "MicrosoftWindowsServicesClock"="WinClock.exe" [HKCU\SYSTEM\CurrentControlSet\Control\Lsa] "MicrosoftWindowsServicesClock"="WinClock.exe" 4、連接遠程主機的9797端口,接受黑客命令。
󰈣󰈤
王朝萬家燈火計劃
期待原創作者加盟
 
 
 
>>返回首頁<<
 
 
 
 
 熱帖排行
 
 
 
靜靜地坐在廢墟上,四周的荒凉一望無際,忽然覺得,淒涼也很美
© 2005- 王朝網路 版權所有