病毒名称(中文):
劫持者盗号器720896
病毒别名:
威胁级别:
★★☆☆☆
病毒类型:
偷密码的木马
病毒长度:
1067808
影响系统:
Win9xWinMeWinNTWin2000WinXPWin2003
病毒行为:
这是一个盗号木马。会在磁盘中释放出文件,会修改注册表,会试图映像劫持大量的杀毒软件,让它们不能正常运行,为病毒执行盗号扫除阻碍。
在磁盘中释放出以下文件:
C:\WINDOWS\TEMP\hua0999.tmp
在注册表中创建了以下信息:
"HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\DrvAnti.exe"
"HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\avp.com"
"HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\avp.exe"
"HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\runiep.exe"
"HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\PFW.exe"
"HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\FYFireWall.exe"
"HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\rfwmain.exe"
"HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\rfwsrv.exe"
"HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\KAVPF.exe"
"HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\KPFW32.exe"
"HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\nod32kui.exe"
"HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\nod32.exe"
"HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\Navapsvc.exe"
"HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\Navapw32.exe"
"HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\avconsol.exe"
"HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\webscanx.exe"
"HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\NPFMntor.exe"
在注册表中设置了以下信息:
"HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\DrvAnti.exe""Debugger""ntsd-d"
"HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\avp.com""Debugger""ntsd-d"
"HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\avp.exe""Debugger""ntsd-d"
"HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\runiep.exe""Debugger""ntsd-d"
"HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\PFW.exe""Debugger""ntsd-d"
"HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\FYFireWall.exe""Debugger""ntsd-d"
"HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\rfwmain.exe""Debugger""ntsd-d"
"HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\rfwsrv.exe""Debugger""ntsd-d"
"HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\KAVPF.exe""Debugger""ntsd-d"
"HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\KPFW32.exe""Debugger""ntsd-d"
"HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\nod32kui.exe""Debugger""ntsd-d"
"HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\nod32.exe""Debugger""ntsd-d"
"HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\Navapsvc.exe""Debugger""ntsd-d"
"HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\Navapw32.exe""Debugger""ntsd-d"
"HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\avconsol.exe""Debugger""ntsd-d"
"HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\webscanx.exe""Debugger""ntsd-d"
"HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions\NPFMntor.exe""Debugger""ntsd-d"
在系统中创建了消息监控。
病毒会连接指定的网络,发送偷到的数据。
