Win32.Troj.Agent.208896

病毒名稱(中文): 色情僞裝下載器208896 病毒別名: 威脅級別: ★☆☆☆☆ 病毒類型: 木馬下載器 病毒長度: 208896 影響系統: Win9xWinMeWinNTWin2000WinXPWin2003 病毒行爲: 這是一個木馬下載器程序。它會自動調用IE浏覽器，下載大量病毒到用戶機器上，同時還會擅自登錄Google頁面搜索色情視頻，讓用戶以爲它是個色情廣告軟件。 1.程序運行後，生成文件 C:\smp.bat C:\DocumentsandSettings\fish\Cookies\fish@google[1].txt C:\DocumentsandSettings\fish\Cookies\fish@google[2].txt C:\DocumentsandSettings\fish\LocalSettings\History\History.IE5\MSHist012008050620080507 C:\DocumentsandSettings\fish\LocalSettings\History\History.IE5\MSHist012008050620080507\index.dat C:\DocumentsandSettings\fish\LocalSettings\Temp\A10-tmpaoi.exe C:\DocumentsandSettings\fish\LocalSettings\Temp\Perflib_Perfdata_6e8.dat C:\DocumentsandSettings\fish\LocalSettings\TemporaryInternetFiles\Content.IE5\2PF3QNZE\sU0He6l7Lhs[1].js C:\DocumentsandSettings\fish\LocalSettings\TemporaryInternetFiles\Content.IE5\C4DGV5NI\drv32[1].data C:\DocumentsandSettings\fish\LocalSettings\TemporaryInternetFiles\Content.IE5\C4DGV5NI\nav_logo3[1].png C:\DocumentsandSettings\fish\LocalSettings\TemporaryInternetFiles\Content.IE5\R146ZVU7\search[1] C:\DocumentsandSettings\fish\LocalSettings\TemporaryInternetFiles\Content.IE5\R146ZVU7\search[1].htm C:\DocumentsandSettings\fish\LocalSettings\TemporaryInternetFiles\Content.IE5\TIH5F1C8\gcn[1].png C:\WINDOWS\tokry.dll 2.病毒修改注冊表的系統設置 HKEY_CURRENT_USER\Software\Microsoft\Bind comment "3913170" HKEY_CURRENT_USER\Software\Microsoft\Bind comment2 "f" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\BrowserHelperObjects\{95E1D855-9232-48F7-80D9-1ADB65B7939C} @ "" 3.病毒會生成文件C:\smp.bat，去運行下載病毒。 　4.病毒首次運行時，會自動聯網去網上下載x**@google[1].txt,x**@google[2].txt病毒列表，然後去下載病毒.