Worm.AutoRun.125893

病毒名称(中文):

间谍相机蠕虫125893

病毒别名:

威胁级别:

★★☆☆☆

病毒类型:

蠕虫病毒

病毒长度:

125893

影响系统:

Win9xWinMeWinNTWin2000WinXPWin2003

病毒行为:

这是蠕虫病毒，它通过发送带有病毒文件的电子邮件和AUTO病毒的方式传播。该病毒运行后会从网上下载病毒，并监视用户的网络通信，盗取用户的敏感资料。

1、释放文件

C:\WINDOWS\system32\a.jpg内容和autorun.inf相同

C:\WINDOWS\system32\Flower.dll负责执行病毒行为

C:\WINDOWS\system32\vista.exe负责加载Flower.dll

在每个分区的根目录下生成

E:\test.exe

E:\autorun.inf

2、修改注册表文件

映象劫持

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\360rpt.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\360Safe.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\360tray.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\adam.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\AgentSvr.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\appdllman.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\AppSvc32.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\auto.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\AutoRun.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\autoruns.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\avgrssvc.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\AvMonitor.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\avp.comDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\avp.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\CCenter.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\ccSvcHst.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\FileDsty.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\FTCleanerShell.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\guangd.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\HijackThis.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\IceSword.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\iparmo.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\Iparmor.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\isPwdSvc.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\kabaload.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\KaScrScn.SCRDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\KASMain.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\KASTask.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\KAV32.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\KAVDX.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\KAVPFW.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\KAVSetup.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\KAVStart.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\kernelwind32.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\KISLnchr.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\KMailMon.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\KMFilter.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\KPFW32.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\KPFW32X.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\KPFWSvc.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\KRegEx.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\KRepair.COMDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\KsLoader.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\KVCenter.kxpDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\KvDetect.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\KvfwMcl.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\KVMonXP.kxpDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\KVMonXP_1.kxpDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\kvol.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\kvolself.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\KvReport.kxpDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\KVSrvXP.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\KVStub.kxpDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\kvupload.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\kvwsc.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\KvXP.kxpDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\KWatch.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\KWatch9x.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\KWatchX.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\loaddll.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\logogo.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\MagicSet.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\mcafee.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\mcconsol.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\mmqczj.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\mmsk.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\NAVSetup.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\nod32krn.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\nod32kui.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\PFW.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\PFWLiveUpdate.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\QHSET.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\Ras.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\Rav.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\RavMon.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\RavMonD.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\RavStub.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\RavTask.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\RegClean.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\rfwcfg.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\RfwMain.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\rfwProxy.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\rfwsrv.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\rfwsrv.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\RsAgent.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\Rsaupd.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\runiep.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\safelive.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\scan32.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\shcfg32.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\SmartUp.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\sos.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\SREng.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\symlcsvc.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\SysSafe.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\taskmgr.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\TrojanDetector.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\Trojanwall.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\TrojDie.kxpDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\UFO.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\UIHost.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\UmxAgent.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\UmxAttachment.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\UmxFwHlp.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\UmxPol.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\UpLive.EXEDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\WoptiClean.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\XP.exeDebugger"C:\WINDOWS\system32\vista.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\zxsweep.exeDebugger"C:\WINDOWS\system32\vista.exe"

3、下载病毒，并发送电子邮件带病毒文件的电子邮件

4、盗取用户的信息，比如不时的对用户机器截屏幕

5、在用户机器上增加病毒自己的协议，监视用户机器的网络数据

• ·Win32.Troj.Agent.tr
• ·Win32.Mabezat.b.156527
• ·Win32.Adware.ScNine.a.2
• ·Win32.Troj.DownloaderT.
• ·Win32.Adware.AdMoke.mp
• ·Win32.Troj.OnlineGamesT
• ·Win32.Troj.OnlineGames.
• ·Win32.Hipak.a.78848
• ·Win32.Troj.DownLoaderT.
• ·Win32.Troj.OnlineGamesT