全站资讯检索:
 
您现在的位置: 猫头鹰病毒资讯网 >> 病毒预警 >> 病毒预警 >> 文章正文
光华反病毒资讯(5月21日-27日)
作者:佚名    文章来源:光华反病毒中心    点击数:    更新时间:2007-5-21

光华反病毒研究中心近日进行病毒特征码更新,请用户尽快到光华网站www.viruschina.com下载升级包,以下是几个重要病毒的简介:

一、木马病毒 Trojan.USBsteal 危害级别:★☆☆☆☆
    
    根据光华反病毒研究中心专家介绍,Trojan.Usbsteal 是一个木马病毒,长度 24,968 或 45,056  字节,感染 Windows 98, Windows 95, Windows XP, Windows Me, Windows NT, Windows Server 2003, Windows 2000 系统。这个病毒窃取用户文件,当收到、打开此病毒时,主要有以下危害:
    
A 插入USBDLL.dll到explorer.exe
B 创建以下文件到系统目录
  WZINFO.exe
  USBDLL.dll
  TempName.tmp
C 创建以下注册表项
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
D 当移动设备接入计算机时记录到文件
  Win目录\repair\\COMCT432.SRG
E 搜索移动设备上的以下文件
  .ppt
  .doc
  .txt
  .pdf
F 加密搜索到的文件到
  Win目录\repair\\[YYYYMMDD]\[随机数字].dll
  [YYYYMMDD]为年月日

二、W32病毒:W32.Condown.A 危害级别:★★☆☆☆ 
    
    根据光华反病毒研究中心专家介绍,W32.Condown.A 是一个 W32 病毒,长度 36,664 字节或 36,646 字节,感染 Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP 系统。它复制自身到U盘、移动硬盘和共享磁盘传播,下载执行有害程序,当收到、打开此病毒时,有以下危害:
    
A 生成以下文件到系统目录
  程序目录\Microsoft Shared\MSInfo\[8位随机16进制数字].dat
  程序目录\Microsoft Shared\MSInfo\[8位随机16进制数字].dll
  Win目录\Help\[8位随机16进制数字].chm
  Win目录\[8位随机16进制数字].hlp
B 复制自身到本地和U盘、移动硬盘的
  [盘符]:\[8位随机16进制数字].exe
C 创建以下程序,使用户打开盘符自动执行
  [盘符]:\[8位随机16进制数字].inf
D 创建注册表值
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\[{随机的 CLSID}]
E 创建注册表项
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\"(default)" = ""
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\"[{RANDOM CLSID}]" = ""
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\"NoDriveTypeAutoRun" = "91"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDsty.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvc.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KaScrScn.SCR\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSetup.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISLnchr.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMFilter.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFWSvc.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRepair.COM\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KsLoader.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVCenter.kxp\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvfwMcl.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP_1.kxp\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolself.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvReport.kxp\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVScan.kxp\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVStub.kxp\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvupload.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvwsc.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP_1.kxp\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch9x.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchX.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loaddll.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczj.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSetup.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QHSET.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ras.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegClean.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwcfg.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RfwMain.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmartUp.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SysSafe.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UIHost.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAgent.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAttachment.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxCfg.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxFwHlp.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxPol.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLive.EXE.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zxsweep.exe\"Debugger" = "%CommonProgramFiles%\MICROS~1\MSINFO\[8位随机16进制数字].dat"

F 修改注册表项
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Automatic LiveUpdate Scheduler\"Start" = "4"
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ccEvtMgr\"Start" = "4"
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ccSetMgr\"Start" = "4"
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eeCtrl\"Start" = "4"
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EraserUtilRebootDrv\"Start" = "4"
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LiveUpdate\"Start" = "4"
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\navapsvc\"Start" = "4"
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NAVENG\"Start" = "4"
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NAVEX15\"Start" = "4"
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPFMntor\"Start" = "4"
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NSCService\"Start" = "4"
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVRT\"Start" = "4"
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVRTPEL\"Start" = "4"
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVScan\"Start" = "4"
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\"Start" = "4"
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNDSrvc\"Start" = "4"
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SPBBCDrv\"Start" = "4"
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SPBBCSvc\"Start" = "4"
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Symantec Core LC\"Start" = "4"
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SymEvent\"Start" = "4"
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SYMIDSCO\"Start" = "4"
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"Hidden" = "2"
 
G 删除注册表项

  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\

H 删除注册表键值
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
I 删除注册表项
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
J 删除含有以下字符的服务(主要是杀毒软件)
  .kxp
  \360safe\
  \Agnitum\
  \AhnLab
  \Alwil Software\
  \ALWILS~1\
  \Antiy Labs\
  \ArcaBit\
  \ast\
  \baidu\
  \Bullguard\
  \ClamWin\
  \Defendio
  \DrWe
  \eSaf
  \ESET\
  \F-Pro
  \FengYun\
  \Filseclab\
  \Fortine
  \ftc\
  \Google\
  \Grisoft\
  \Ikarus\
  \JiangMin\
  \Kaspersky
  \KAV200
  \KAV6
  \kis6
  \KV200
  \Lavasoft\
  \LinDirMicro Lab\
  \Magicset
  \mmjk2007\
  \mmsk
  \Network Associates\
  \NOD3
  \Norma
  \P4P\
  \Prevx1\
  \QUICKH~1\
  \RAV\
  \RFW\
  \Rising\
  \SkyNet\
  \Softwin\
  \Sogou PXP\
  \SYMANT~1\
  \The Cleaner\
  \Trend Micro\
  \TRENDM~1\
  \TrustPort
  \Vba3
  \Yahoo!\
  \ZoneAlar
  anda Software\
  Anti
  Armor2net
  Behead
  BlackICE
  EQSysSecure
  ers\avg
  ewido
  F-Secure
  Firewall
  HijackThis
  IceSword
  Iparmor
  killbox
  McAfe
  Micropoint
  Norton
  Norton SystemWorks
  PC-cilli
  ProcessGuard
  procexp
  ProSecurity
  Quick Heal
  Sopho
  sreng
  Sunbelt
  surfsecret
  Symantec
  System Safety Monitor
  Trojan
  Virus
  WinAntiVirus
K 禁用以下服务
  SharedAccess
  wscsvc
  wuauserv
L 终止含有以下字符的窗口
  .duba.
  360
  360safe
  aswBoot
  bsmain
  ikaka
  jiangmin
  kaspersky
  kingsoft
  KvNative
  rising
  SPj
  Trojan
  Virus
M 病毒连接到 http://www.google.com 确认网路连接,然后连接到以下地址下载病毒
  http://ip.591down.com.cn/fz/cf01[已删除]
  http://ip.591down.com.cn/fz/739673[已删除]
  http://ip.591down.com.cn/fz/down[已删除]
  http://yaoip.fuckunion.com/386/soft/3352629[已删除]


    北京日月光华软件公司网站(www.viruschina.com)每日进行病毒特征码更新,光华反病毒研究中心专家提醒您:请尽快到光华安全网站在线订购光华反病毒软件来防范病毒的入侵,时刻保护您的电脑安全。光华反病毒软件用户升级到5月21日的病毒库(免费下载地址为:http://www.viruschina.com/html/update.asp)就可以完全查杀这些病毒。
文章录入:菜猫    责任编辑:菜猫 
 
相关文章
木马“热血盗号者”专偷“热血江湖”用户账
江民科技07月20日病毒播报
瑞星公司07月20日计算机病毒及木马播报
江民科技07月19日病毒播报
瑞星公司07月19日病毒及木马播报
江民科技07月15日播报:“玛格尼亚”和“U盘
瑞星07月15日播报:“代理蠕虫变种OC”病毒
瑞星07月14日播报:“代理蠕虫变种OC”病毒
瑞星7月11日播报:“卤猪(Win32.iuhzu.a)
江民7月8日病毒播报:“QQ蜜”和“比福洛斯
瑞星7月8日播报:“代理蠕虫变种Z”病毒
瑞星公司7月7日播报:网络游戏木马变种
相关评论
网友评论:(只显示最新10条。评论内容只代表网友观点,与本站立场无关!)
::发表评论::
姓 名:* (必填项)
E-mail: QQ:
评 分: 1分 2分 3分 4分 5分
评论内容:
  • 严禁发表危害国家安全、政治、黄色淫秽等内容的评论。
  • 评论人需对自己在使用评论过程中的行为承担法律责任。
  • 本站管理员有权保留或删除评论内容。
  • 游客发表评论须经管理员审核后才能发表。
  • 评论内容只代表个人观点,与本网站立场无关。
 
设为首页 | 收藏本站 | 关于我们 | 联系我们 | 刊登广告 | 版权声明 | 友情链接 | 网站地图
猫头鹰反病毒资讯网所有信息来自互联网及网友提供,如侵犯了你的权益,请来信告知,我们将立即删除!
Copyright © 2007-2008 MoToYi.com All rights reserved
本站为你提供病毒木马的防治方案,专杀工具和防护软件的下载,系统及网络的安全技巧,手机病毒发展趋势.