词条 | Win32.Hack.Agobot.ps |
释义 | § 概述 病毒别名:W32.HLLW.Polybot, Phatbot, W32/Polybot.l!irc 【McAfee】, WORM_AGOBOT.HM 【Trend】, Backdoor.Agobot.hm 【K 处理时间: 威胁级别:★★★ 中文名称:安哥 病毒类型:黑客程序 影响系统:Win9x/WinMe/WinNT/Win2000/WinXp/Win2003 病毒行为: 编写工具: 传染条件: 发作条件: § 系统修改: A、在系统目录拷贝其自身为以下文件之一: %System%soundman.exe %System%confgldr.exe %System%spoolsvc.exe %System%winwork.exe %System%winhelp.exe %System%csrs.exe B、在注册表主键: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices 下添加如下键值之一: "^`d}qZxu" = "~`d}qzxu3zYF" "Configuration Loader"="confgldr.exe" "Video Process"="sysconf.exe" "Service Host Process"="spoolsvc.exe" "Winmsg"="winwork.exe" "svchost"="winhelp.exe" "csrs"="csrs.exe" C、以以下名称之一建立一个服务: Configuration Loader SoundMan Service Host Process D、隐藏包含字符"soun."的所有文件; E、在%System%driversetchosts文件中添加以下行: 127.0.0.1 www.symantec.com 127.0.0.1 securityresponse.symantec.com 127.0.0.1 symantec.com 127.0.0.1 www.sophos.com 127.0.0.1 sophos.com 127.0.0.1 sophos.com 127.0.0.1 www.mcafee.com 127.0.0.1 mcafee.com 127.0.0.1 liveupdate.symantecliveupdate.com 127.0.0.1 www.viruslist.com 127.0.0.1 viruslist.com 127.0.0.1 viruslist.com 127.0.0.1 f-secure.com 127.0.0.1 www.f-secure.com 127.0.0.1 kaspersky.com 127.0.0.1 www.avp.com 127.0.0.1 www.kaspersky.com 127.0.0.1 avp.com 127.0.0.1 www.networkassociates.com 127.0.0.1 networkassociates.com 127.0.0.1 www.ca.com 127.0.0.1 ca.com 127.0.0.1 mast.mcafee.com 127.0.0.1 my-etrust.com 127.0.0.1 www.my-etrust.com 127.0.0.1 download.mcafee.com 127.0.0.1 dispatch.mcafee.com 127.0.0.1 secure.nai.com 127.0.0.1 nai.com 127.0.0.1 www.nai.com 127.0.0.1 update.symantec.com 127.0.0.1 updates.symantec.com 127.0.0.1 us.mcafee.com 127.0.0.1 liveupdate.symantec.com 127.0.0.1 customer.symantec.com 127.0.0.1 rads.mcafee.com 127.0.0.1 trendmicro.com 127.0.0.1 www.trendmicro.com 发作现象: 特别说明: |
随便看 |
百科全书收录594082条中文百科知识,基本涵盖了大多数领域的百科知识,是一部内容开放、自由的电子版百科全书。