请输入您要查询的百科知识:

 

词条 Trojan/PSW.Agent.cxh
释义

Trojan/PSW.Agent.cxh“代理木马”变种cxh是一个盗取用户计算机上机密信息的木马程序。“代理木马”变种cxh运行后,自我复制到Windows目录下。修改注册表,实现开机自启。侦听黑客指令,盗取用户计算机上的机密信息,并将机密信息发送到黑客指定的邮箱里。

病毒简介

名称

Trojan/PSW.Agent.cxh

类型

木马

危险级别

影响平台

Win 9X/ME/NT/2000/XP/2003

描述

这是一个 木马 病毒。

病毒特征

基本特征

1、打开浏览器后,把主页修改成病毒主页

2、会自动在桌面建立三个名称分别为"最酷手机铃声"、"最热音乐连播"、"最新手机图片"的html链接

3、该html链接删除之后过10秒左右又会新建

4、过几分钟就会弹出窗口直接进入病毒网址

5、如果访问本网站会导致直接进入网址病毒网址

6、如果在正常模式下用安全卫士查杀电脑会接着自动关机

扫描结果

注册表

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]

<ctfmon.exe><C:\\WINDOWS\\system32\\ctfmon.exe> [(Verified)Microsoft Windows Publisher]

<bgswitch><C:\\WINDOWS\\system32\\bgswitch.exe> []

<EXPLORER><C:\\Program Files\\Common Files\\System\\wab32res.exe> [N/A]

<izxc9wqq><C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\iexpl0re.exe> []

<df1iw><C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\1explore.exe> []

<l><C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\Servere.exe> []

<qw76gqfs7tl><C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winlog0n.exe> []

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows]

<load><> [N/A]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]

<PHIME2002ASync><C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher]

<PHIME2002A><C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher]

<BigDogPath><C:\\WINDOWS\\VM_STI.EXE 10moons USB PC Camera (ZC0301PL)> [N/A]

<WebThunder><C:\\Program Files\\Thunder Network\\WebThunder\\WebThunder.exe> [(Verified)ShenZhen Thunder Networking Technologies Ltd.]

<TkBellExe><"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe" -osboot> [(Verified)"RealNetworks, Inc."]

<runeip><C:\\Program Files\\Rising\\AntiSpyware\\runiep.exe> [Beijing Rising Technology Co., Ltd.]

<RavTask><"C:\\Program Files\\Rising\\Rav\\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce]

<KKDelay><C:\\Program Files\\Rising\\AntiSpyware\\RunOnce.exe> [Beijing Rising Technology Co., Ltd.]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon]

<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]

<Userinit><C:\\WINDOWS\\system32\\userinit.exe,> [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows]

<AppInit_DLLs><> [N/A]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon]

<UIHost><logonui.exe> [(Verified)Microsoft Windows XP Publisher]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellExecuteHooks]

<><C:\\WINDOWS\\system32\\RavExt.dll> [Beijing Rising Technology Co., Ltd.]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellServiceObjectDelayLoad]

<WPDShServiceObj><C:\\WINDOWS\\system32\\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher]

服务项

服务

[Help and Support / helpsvc][Stopped/Auto Start]

<C:\\WINDOWS\\System32\\svchost.exe -k netsvcs-->%WINDIR%\\PCHealth\\HelpCtr\\Binaries\\pchsvc.dll><N/A>

[Human Interface Device Access / HidServ][Stopped/Disabled]

<C:\\WINDOWS\\System32\\svchost.exe -k netsvcs-->%SystemRoot%\\System32\\hidserv.dll><N/A>

[Rising Process Communication Center / RsCCenter][Running/Auto Start]

<"C:\\Program Files\\Rising\\Rav\\CCenter.exe"><Beijing Rising Technology Co., Ltd.>

[Rising RealTime Monitor / RsRavMon][Running/Auto Start]

<"C:\\PROGRAM FILES\\RISING\\RAV\\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

[Windows Driver Foundation - User-mode Driver Framework / WudfSvc][Stopped/Manual Start]

<C:\\WINDOWS\\system32\\svchost.exe -k WudfServiceGroup-->%SystemRoot%\\System32\\WUDFSvc.dll><Microsoft Corporation>

相关驱动

驱动程序

[2310_00 / 2310_00][Stopped/Boot Start]

<\\SystemRoot\\System32\\BIRD\\2310_00.sys><HighPoint Technologies, Inc.>

[3WAREDRV / 3WAREDRV][Stopped/Boot Start]

<\\SystemRoot\\System32\\BIRD\\3WAREDRV.SYS><N/A>

[3WAREGSM / 3WAREGSM][Stopped/Boot Start]

<\\SystemRoot\\System32\\BIRD\\3waregsm.sys><N/A>

[3WDRV100 / 3WDRV100][Stopped/Boot Start]

<\\SystemRoot\\System32\\BIRD\\3WDRV100.SYS><N/A>

[A320RAID / A320RAID][Stopped/Boot Start]

<\\SystemRoot\\System32\\BIRD\\a320raid.sys><Adaptec, Inc.>

[AAC / AAC][Stopped/Boot Start]

<\\SystemRoot\\System32\\BIRD\\aac.sys><Adaptec, Inc.>

[AACSAS / AACSAS][Stopped/Boot Start]

<\\SystemRoot\\System32\\BIRD\\aacsas.sys><Adaptec, Inc.>

[AAR81XX / AAR81XX][Stopped/Boot Start]

<\\SystemRoot\\System32\\BIRD\\aar81xx.sys><Adaptec, Inc.>

[AARSI3X / AARSI3X][Stopped/Boot Start]

<\\SystemRoot\\System32\\BIRD\\aarsi3x.sys><Adaptec, Inc.>

[ADP94XX / ADP94XX][Stopped/Boot Start]

<\\SystemRoot\\System32\\BIRD\\adp94xx.sys><Adaptec, Inc.>

[adpu160m / adpu160m][Stopped/Boot Start]

<\\SystemRoot\\System32\\BIRD\\adpu160m.sys><Microsoft Corporation>

[ADPU320 / ADPU320][Stopped/Boot Start]

<\\SystemRoot\\System32\\BIRD\\adpu320.sys><Adaptec, Inc.>

[AEC6210 / AEC6210][Stopped/Boot Start]

<\\SystemRoot\\System32\\BIRD\\aec6210.sys><ACARD Technology Corp.>

[AEC6260 / AEC6260][Stopped/Boot Start]

<\\SystemRoot\\System32\\BIRD\\aec6260.sys><ACARD Technology Corp.>

[AEC6280 / AEC6280][Stopped/Boot Start]

<\\SystemRoot\\System32\\BIRD\\aec6280.sys><ACARD Technology Corp.>

[AEC67160 / AEC67160][Stopped/Boot Start]

<\\SystemRoot\\System32\\BIRD\\aec67160.sys><ACARD Technology Corp.>

[AEC67162 / AEC67162][Stopped/Boot Start]

<\\SystemRoot\\System32\\BIRD\\aec67162.sys><ACARD Technology Corp.>

[AEC671X / AEC671X][Stopped/Boot Start]

<\\SystemRoot\\System32\\BIRD\\AEC671X.sys><ACARD Technology Corp.>

[AEC6880 / AEC6880][Stopped/Boot Start]

<\\SystemRoot\\System32\\BIRD\\AEC6880.sys><ACARD Technology Corp.>

[AEC6897 / AEC6897][Stopped/Boot Start]

<\\SystemRoot\\System32\\BIRD\\aec6897.sys><ACARD Technology Corp.>

[AEC68X5 / AEC68X5][Stopped/Boot Start]

<\\SystemRoot\\System32\\BIRD\\aec68x5.sys><ACARD Technology Corp.>

[aic78u2 / aic78u2][Stopped/Boot Start]

<\\SystemRoot\\System32\\BIRD\\aic78u2.sys><Microsoft Corporation>

[aic78xx / aic78xx][Stopped/Boot Start]

<\\SystemRoot\\System32\\BIRD\\aic78xx.sys><Microsoft Corporation>

[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]

<system32\\drivers\\ALCXWDM.SYS><Realtek Semiconductor Corp.>

[ARCM_X86 / ARCM_X86][Stopped/Boot Start]

<\\SystemRoot\\System32\\BIRD\\arcm_x86.sys><ARECA Technology Corporation>

[asc / asc][Stopped/Boot Start]

<\\SystemRoot\\System32\\BIRD\\asc.sys><Advanced System Products, Inc.>

[BaseTDI / BaseTDI][Running/Auto Start]

<\\??\\C:\\WINDOWS\\system32\\drivers\\basetdi.sys><Beijing Rising Technology Co., Ltd.>

[BCHTSW32 / BCHTSW32][Stopped/Boot Start]

<\\SystemRoot\\System32\\BIRD\\bchtsw32.sys><Broadcom Corporation>

[buslogic / buslogic][Running/Boot Start]

<\\SystemRoot\\System32\\bird\\buslogic.sys><Microsoft Corporation>

[CDA1000 / CDA1000][Stopped/Boot Start]

<\\SystemRoot\\System32\\BIRD\\cda1000.sys><Adaptec, Inc.>

[CmdIde / CmdIde][Running/Boot Start]

<\\SystemRoot\\System32\\BIRD\\cmdide.sys><CMD Technology, Inc.>

[CPQARRY2 / CPQARRY2][Stopped/Boot Start]

<\\SystemRoot\\System32\\BIRD\\cpqarry2.sys><Compaq Computer Corporation>

[CPQCISSM / CPQCISSM][Stopped/Boot Start]

<\\SystemRoot\\System32\\BIRD\\cpqcissm.sys><Hewlett-Packard Company>

[CSB6IDE / CSB6IDE][Running/Boot Start]

<\\SystemRoot\\System32\\BIRD\\csb6ide.sys><ServerWorks Corporation>

[dac2w2k / dac2w2k][Stopped/Boot Start]

<\\SystemRoot\\System32\\BIRD\\dac2w2k.sys><Mylex Corporation>

[DMX3191 / DMX3191][Stopped/Boot Start]

<\\SystemRoot\\System32\\BIRD\\DMX3191.sys><Microsoft Corporation>

[DMX3194 / DMX3194][Stopped/Boot Start]

<\\SystemRoot\\System32\\BIRD\\dmx3194.sys><Microsoft Corporation>

[dpti2o / dpti2o][Stopped/Boot Start]

<\\SystemRoot\\System32\\BIRD\\dpti2o.sys><Microsoft Corporation>

[DPTSCSI / DPTSCSI][Stopped/Boot Start]

<\\SystemRoot\\System32\\BIRD\\dptscsi.sys><Distributed Processing Technology Corp.>

[ExpScaner / ExpScaner][Running/Auto Start]

<\\??\\C:\\PROGRAM FILES\\RISING\\RAV\\ExpScan.sys><>

[FASTSX / FASTSX][Running/Boot Start]

<\\SystemRoot\\System32\\BIRD\\fastsx.sys><Promise Technology, Inc.>

[FASTTRAK / FASTTRAK][Running/Boot Start]

<\\SystemRoot\\System32\\BIRD\\fasttrak.sys><Promise Technology, Inc.>

[FASTTX2K / FASTTX2K][Running/Boot Start]

<\\SystemRoot\\System32\\BIRD\\fasttx2k.sys><Promise Technology, Inc.>

[fd16_700 / fd16_700][Stopped/Boot Start]

<\\SystemRoot\\System32\\BIRD\\fd16_700.sys><Microsoft Corporation>

[VIA Rhine-Family Fast Ethernet Adapter Driver Service / FETND5BV][Running/Manual Start]

<system32\\DRIVERS\\fetnd5bv.sys><VIA Technologies, Inc.>

[fireport / fireport][Stopped/Boot Start]

<\\SystemRoot\\System32\\BIRD\\fireport.sys><Microsoft Corporation>

[flashpnt / flashpnt][Running/Boot Start]

<\\SystemRoot\\System32\\BIRD\\flashpnt.sys><Mylex,Corp.>

[FT8300 / FT8300][Running/Boot Start]

<\\SystemRoot\\System32\\BIRD\\ft8300.sys><Promise Technology, Inc.>

[FTSATA2 / FTSATA2][Stopped/Boot Start]

<\\SystemRoot\\System32\\DRIVERS\\ftsata2.sys><N/A>

清除方法

1. 删除木马的启动项:

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run]

"wow"="%System%\\Launcher.exe"

2. 重新启动计算机

3. 删除木马文件:

%System%\\Launcher.exe

%System%\\mywow.dll
随便看

 

百科全书收录4421916条中文百科知识,基本涵盖了大多数领域的百科知识,是一部内容开放、自由的电子版百科全书。

 

Copyright © 2004-2023 Cnenc.net All Rights Reserved
更新时间:2024/11/16 13:00:16