Win32.Hack.Agent.gt

病毒名稱(中文): 病毒別名: 威脅級別: ★☆☆☆☆ 病毒類型: 黑客程序 病毒長度: 62464 影響系統: Win9xWinMeWinNTWin2000WinXPWin2003 病毒行爲: 這是一個後門病毒，病毒會屏蔽一些安全網站，連接遠程主機，等待黑客命令。 1、病毒複制自身到系統目錄並運行，刪除原病毒文件： %system%\Winclock.exe 2、修改hosts文件,屏蔽如下安全網站: www.symantec.com securityresponse.symantec.com symantec.com www.sophos.com sophos.com www.mcafee.com mcafee.com liveupdate.symantecliveupdate.com www.viruslist.com viruslist.com viruslist.com f-secure.com www.f-secure.com kaspersky.com kaspersky-labs.com www.avp.com www.kaspersky.com avp.com www.networkassociates.com networkassociates.com www.ca.com ca.com mast.mcafee.com my-etrust.com www.my-etrust.com download.mcafee.com dispatch.mcafee.com secure.nai.com nai.com www.nai.com update.symantec.com updates.symantec.com us.mcafee.com liveupdate.symantec.com customer.symantec.com rads.mcafee.com trendmicro.com pandasoftware.com www.pandasoftware.com www.trendmicro.com www.grisoft.com www.microsoft.com microsoft.com www.virustotal.com virustotal.com 3、修改注冊表使病毒隨系統自啓動: [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "MicrosoftWindowsServicesClock"="WinClock.exe" [HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices] "MicrosoftWindowsServicesClock"="WinClock.exe" [HKLM\Software\Microsoft\OLE] "MicrosoftWindowsServicesClock"="WinClock.exe" [HKLM\SYSTEM\CurrentControlSet\Control\Lsa] "MicrosoftWindowsServicesClock"="WinClock.exe" [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "MicrosoftWindowsServicesClock"="WinClock.exe" [HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices] "MicrosoftWindowsServicesClock"="WinClock.exe" [HKCU\Software\Microsoft\OLE] "MicrosoftWindowsServicesClock"="WinClock.exe" [HKCU\SYSTEM\CurrentControlSet\Control\Lsa] "MicrosoftWindowsServicesClock"="WinClock.exe" 4、連接遠程主機的9797端口，接受黑客命令。