“Trojan-Spy.Win32.VB.oe”的意思、由来-中文百科全书

病毒名称

Trojan-Spy.Win32.VB.oe

病毒类型

木马

文件MD5值

B61DF4379D30063FDFCA883E8B9FA2AC

公开范围

完全公开

危害等级

中

文件长度

155,648 字节

感染系统

windows98以上版本

开发工具

Microsoft Visual Basic 5.0 / 6.0

加壳类型

无

命名对照

Symentec[]

Mcafee[]

病毒描述

该病毒属木马类，病毒运行后复制自身到%system32%下，并衍生Microsoft Visual Basic所必须的控件mswinsck.ocx 到%system32%目录下，修改注册表，添加启动项，以达到随机启动的目的。

行为分析

1、病毒运行后复制自身到%system32%下，并释放Microsoft Visual Basic所必须的控件：

%system32%\\mswinsck.ocx

%system32%\\病毒名.exe

2、修改注册表，添加启动项，以达到随机启动的目的：

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows

\\CurrentVersion\\Run

键值: 字串: "病毒名"="C:\\WINDOWS\\system32\\病毒名"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\

{248DD896-BB45-11CF-9ABC-0080C7E7B78D}

键值: 字串: "@"="Microsoft WinSock Control, version 6.0"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\

{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\Control\\

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID

\\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\Implemented Categories\\

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID

\\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}

\\Implemented Categories\\{0DE86A52-2BAA-11CF-A229-00AA003D7352}\\

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\

{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\Implemented Categories

\\{0DE86A53-2BAA-11CF-A229-00AA003D7352}\\

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID

\\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\Implemented Categories

\\{0DE86A57-2BAA-11CF-A229-00AA003D7352}\\

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID

\\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\Implemented Categories

\\{40FC6ED4-2438-11CF-A3DB-080036F12502}\\

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID

\\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\Implemented Categories

\\{40FC6ED5-2438-11CF-A3DB-080036F12502}\\

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\

{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\InprocServer32\\

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID

\\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\InprocServer32\\

键值: 字串: "@"="C:\\WINDOWS\\system32\\MSWINSCK.OCX"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID

\\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\InprocServer32

键值: 字串: "ThreadingModel "="Apartment"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\

{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\MiscStatus\\

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\

{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\MiscStatus\\1

键值: 字串: "@"="132497"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{248DD896-BB45-11CF-9ABC

0080C7E7B78D}\\MiscStatus

键值: 字串: "@"="0"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\

{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\ProgID

键值: 字串: "@"="MSWinsock.Winsock.1"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\

{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\Programmable\\

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\

{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\ToolboxBitmap32

键值: 字串: "@"="C:\\WINDOWS\\system32\\MSWINSCK.OCX, 1"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID

\\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\TypeLib

键值: 字串: "@"="{248DD890-BB45-11CF-9ABC-0080C7E7B78D}"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{248DD896-BB45-

11CF-9ABC-0080C7E7B78D}\\Version

键值: 字串: "@"="1.0"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID

\\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}

\\VersionIndependentProgID

键值: 字串: "@"="MSWinsock.Winsock"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\

{248DD897-BB45-11CF-9ABC-0080C7E7B78D}

键值: 字串: "@"="Winsock General Property Page Object"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID

\\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}\\InprocServer32

键值: 字串: "@"="C:\\WINDOWS\\system32\\MSWINSCK.OCX"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface

\\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}

键值: 字串: "@"="IMSWinsockControl"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface

\\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\\ProxyStubClsid32

键值: 字串: "@"="{00020424-0000-0000-C000-000000000046}"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface

\\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\\ProxyStubClsid

键值: 字串: "@"="{00020424-0000-0000-C000-000000000046}"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface

\\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\\TypeLib

键值: 字串: "@"="{248DD890-BB45-11CF-9ABC-0080C7E7B78D}"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface

\\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\\TypeLib

键值: 字串: "Version "="1.0"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface

\\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}

键值: 字串: "@"="DMSWinsockControlEvents"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\\ProxyStubClsid32

键值: 字串: "@"="{00020420-0000-0000-C000-000000000046}"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface

\\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\\ProxyStubClsid\\

键值: 字串: "@"="{00020420-0000-0000-C000-000000000046}"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface

\\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\\TypeLib\\

键值: 字串: "@"="{248DD890-BB45-11CF-9ABC-0080C7E7B78D}"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface

\\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\\TypeLib

键值: 字串: "Version"="1.0"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MSWinsock.Winsock.1

键值: 字串: "@"="Microsoft WinSock Control, version 6.0"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MSWinsock.Winsock.1\\CLSID\\

键值: 字串: "@"="{248DD896-BB45-11CF-9ABC-0080C7E7B78D}"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MSWinsock.Winsock\\

键值: 字串: "@"="Microsoft WinSock Control, version 6.0"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MSWinsock.Winsock\\CLSID\\

键值: 字串: "@"="{248DD896-BB45-11CF-9ABC-0080C7E7B78D}"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MSWinsock.Winsock\\CurVer\\

键值: 字串: "@"="MSWinsock.Winsock.1"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib

\\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\\

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib

\\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\\1.0\\

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib

\\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\\1.0\\0\\

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLi

b\\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\\1.0\\0\\win32\\

键值: 字串: """="C:\\WINDOWS\\system32\\MSWINSCK.OCX"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib

\\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\\1.0

键值: 字串: "@"="Microsoft Winsock Control 6.0"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib

\\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\\1.0\\FLAGS\\

键值: 字串: "@"="2"

注：% System%是一个可变路径。病毒通过查询操作系统来决定当前System文件夹的位置。Windows2000/NT中默认的安装路径是C:\\Winnt\\System32，windows95/98/me中默认的安装路径是C:\\Windows\\System，windowsXP中默认的安装路径是C:\\Windows\\System32。

清除方案

1、使用安天木马防线可彻底清除此病毒(推荐)。

2、手工清除请按照行为分析删除对应文件，恢复相关系统设置。

(1) 使用安天木马防线“进程管理”关闭病毒进程

(2) 删除病毒文件

%system32%\\mswinsck.ocx

%system32%\\病毒名.exe

(3) 恢复病毒修改的注册表项目，删除病毒添加的注册表项

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows

\\CurrentVersion\\Run

键值: 字串: "病毒名"="C:\\WINDOWS\\system32\\病毒名"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID

\\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}

键值: 字串: "@"="Microsoft WinSock Control, version 6.0"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID

\\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\Control\\

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID

\\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\Implemented Categories\\

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID

\\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\Implemented Categories

\\{0DE86A52-2BAA-11CF-A229-00AA003D7352}\\

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID

\\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\Implemented Categories

\\{0DE86A53-2BAA-11CF-A229-00AA003D7352}\\

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID

\\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\Implemented Categories

\\{0DE86A57-2BAA-11CF-A229-00AA003D7352}\\

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID

\\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}

\\Implemented Categories\\{40FC6ED4-2438-11CF-A3DB-080036F12502}\\

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID

\\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\Implemented Categories

\\{40FC6ED5-2438-11CF-A3DB-080036F12502}\\

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID

\\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\InprocServer32\\

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID

\\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\InprocServer32\\

键值: 字串: "@"="C:\\WINDOWS\\system32\\MSWINSCK.OCX"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID

\\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\InprocServer32

键值: 字串: "ThreadingModel "="Apartment"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID

\\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\MiscStatus\\

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID

\\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\MiscStatus\\1

键值: 字串: "@"="132497"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID

\\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\MiscStatus

键值: 字串: "@"="0"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID

\\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\ProgID

键值: 字串: "@"="MSWinsock.Winsock.1"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID

\\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\Programmable\\

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID

\\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\ToolboxBitmap32

键值: 字串: "@"="C:\\WINDOWS\\system32\\MSWINSCK.OCX, 1"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID

\\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\TypeLib

键值: 字串: "@"="{248DD890-BB45-11CF-9ABC-0080C7E7B78D}"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID

\\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\Version

键值: 字串: "@"="1.0"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID

\\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\VersionIndependentProgID

键值: 字串: "@"="MSWinsock.Winsock"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID

\\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}

键值: 字串: "@"="Winsock General Property Page Object"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID

\\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}\\InprocServer32

键值: 字串: "@"="C:\\WINDOWS\\system32\\MSWINSCK.OCX"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface

\\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}

键值: 字串: "@"="IMSWinsockControl"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface

\\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\\ProxyStubClsid32

键值: 字串: "@"="{00020424-0000-0000-C000-000000000046}"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface

\\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\\ProxyStubClsid

键值: 字串: "@"="{00020424-0000-0000-C000-000000000046}"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface

\\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\\TypeLib

键值: 字串: "@"="{248DD890-BB45-11CF-9ABC-0080C7E7B78D}"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface

\\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\\TypeLib

键值: 字串: "Version "="1.0"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface

\\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}

键值: 字串: "@"="DMSWinsockControlEvents"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface

\\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\\ProxyStubClsid32

键值: 字串: "@"="{00020420-0000-0000-C000-000000000046}"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface

\\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\\ProxyStubClsid\\

键值: 字串: "@"="{00020420-0000-0000-C000-000000000046}"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface

\\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\\TypeLib\\

键值: 字串: "@"="{248DD890-BB45-11CF-9ABC-0080C7E7B78D}"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface

\\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\\TypeLib

键值: 字串: "Version"="1.0"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MSWinsock.Winsock.1

键值: 字串: "@"="Microsoft WinSock Control, version 6.0"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MSWinsock.Winsock.1\\CLSID\\

键值: 字串: "@"="{248DD896-BB45-11CF-9ABC-0080C7E7B78D}"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MSWinsock.Winsock\\

键值: 字串: "@"="Microsoft WinSock Control, version 6.0"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MSWinsock.Winsock\\CLSID\\

键值: 字串: "@"="{248DD896-BB45-11CF-9ABC-0080C7E7B78D}"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MSWinsock.Winsock\\CurVer\\

键值: 字串: "@"="MSWinsock.Winsock.1"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib

\\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\\

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib

\\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\\1.0\\

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib

\\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\\1.0\\0\\

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib

\\{248DD890-BB45-11CF-9ABC

0080C7E7B78D}\\1.0\\0\\win32\\

键值: 字串: """="C:\\WINDOWS\\system32\\MSWINSCK.OCX"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib

\\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\\1.0

键值: 字串: "@"="Microsoft Winsock Control 6.0"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib

\\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\\1.0\\FLAGS\\

键值: 字串: "@"="2"

词条	Trojan-Spy.Win32.VB.oe
释义	Trojan-Spy.Win32.VB.oe是病毒属木马类，病毒运行后复制自身到%system32%下，并衍生Microsoft Visual Basic所必须的控件mswinsck.ocx 到%system32%目录下，修改注册表，添加启动项，以达到随机启动的目的。病毒名称病毒类型文件MD5值公开范围危害等级文件长度感染系统开发工具加壳类型命名对照病毒描述行为分析清除方案病毒名称 Trojan-Spy.Win32.VB.oe 病毒类型木马文件MD5值 B61DF4379D30063FDFCA883E8B9FA2AC 公开范围完全公开危害等级中文件长度 155,648 字节感染系统 windows98以上版本开发工具 Microsoft Visual Basic 5.0 / 6.0 加壳类型无命名对照 Symentec[] Mcafee[] 病毒描述该病毒属木马类，病毒运行后复制自身到%system32%下，并衍生Microsoft Visual Basic所必须的控件mswinsck.ocx 到%system32%目录下，修改注册表，添加启动项，以达到随机启动的目的。行为分析 1、病毒运行后复制自身到%system32%下，并释放Microsoft Visual Basic所必须的控件： %system32%\\mswinsck.ocx %system32%\\病毒名.exe 2、修改注册表，添加启动项，以达到随机启动的目的： HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows \\CurrentVersion\\Run 键值: 字串: "病毒名"="C:\\WINDOWS\\system32\\病毒名" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\ {248DD896-BB45-11CF-9ABC-0080C7E7B78D} 键值: 字串: "@"="Microsoft WinSock Control, version 6.0" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\ {248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\Control\\ HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID \\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\Implemented Categories\\ HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID \\{248DD896-BB45-11CF-9ABC-0080C7E7B78D} \\Implemented Categories\\{0DE86A52-2BAA-11CF-A229-00AA003D7352}\\ HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\ {248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\Implemented Categories \\{0DE86A53-2BAA-11CF-A229-00AA003D7352}\\ HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID \\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\Implemented Categories \\{0DE86A57-2BAA-11CF-A229-00AA003D7352}\\ HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID \\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\Implemented Categories \\{40FC6ED4-2438-11CF-A3DB-080036F12502}\\ HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID \\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\Implemented Categories \\{40FC6ED5-2438-11CF-A3DB-080036F12502}\\ HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\ {248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\InprocServer32\\ HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID \\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\InprocServer32\\ 键值: 字串: "@"="C:\\WINDOWS\\system32\\MSWINSCK.OCX" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID \\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\InprocServer32 键值: 字串: "ThreadingModel "="Apartment" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\ {248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\MiscStatus\\ HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\ {248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\MiscStatus\\1 键值: 字串: "@"="132497" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{248DD896-BB45-11CF-9ABC 0080C7E7B78D}\\MiscStatus 键值: 字串: "@"="0" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\ {248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\ProgID 键值: 字串: "@"="MSWinsock.Winsock.1" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\ {248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\Programmable\\ HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\ {248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\ToolboxBitmap32 键值: 字串: "@"="C:\\WINDOWS\\system32\\MSWINSCK.OCX, 1" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID \\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\TypeLib 键值: 字串: "@"="{248DD890-BB45-11CF-9ABC-0080C7E7B78D}" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{248DD896-BB45- 11CF-9ABC-0080C7E7B78D}\\Version 键值: 字串: "@"="1.0" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID \\{248DD896-BB45-11CF-9ABC-0080C7E7B78D} \\VersionIndependentProgID 键值: 字串: "@"="MSWinsock.Winsock" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\ {248DD897-BB45-11CF-9ABC-0080C7E7B78D} 键值: 字串: "@"="Winsock General Property Page Object" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID \\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}\\InprocServer32 键值: 字串: "@"="C:\\WINDOWS\\system32\\MSWINSCK.OCX" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface \\{248DD892-BB45-11CF-9ABC-0080C7E7B78D} 键值: 字串: "@"="IMSWinsockControl" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface \\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\\ProxyStubClsid32 键值: 字串: "@"="{00020424-0000-0000-C000-000000000046}" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface \\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\\ProxyStubClsid 键值: 字串: "@"="{00020424-0000-0000-C000-000000000046}" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface \\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\\TypeLib 键值: 字串: "@"="{248DD890-BB45-11CF-9ABC-0080C7E7B78D}" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface \\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\\TypeLib 键值: 字串: "Version "="1.0" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface \\{248DD893-BB45-11CF-9ABC-0080C7E7B78D} 键值: 字串: "@"="DMSWinsockControlEvents" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\\ProxyStubClsid32 键值: 字串: "@"="{00020420-0000-0000-C000-000000000046}" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface \\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\\ProxyStubClsid\\ 键值: 字串: "@"="{00020420-0000-0000-C000-000000000046}" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface \\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\\TypeLib\\ 键值: 字串: "@"="{248DD890-BB45-11CF-9ABC-0080C7E7B78D}" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface \\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\\TypeLib 键值: 字串: "Version"="1.0" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MSWinsock.Winsock.1 键值: 字串: "@"="Microsoft WinSock Control, version 6.0" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MSWinsock.Winsock.1\\CLSID\\ 键值: 字串: "@"="{248DD896-BB45-11CF-9ABC-0080C7E7B78D}" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MSWinsock.Winsock\\ 键值: 字串: "@"="Microsoft WinSock Control, version 6.0" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MSWinsock.Winsock\\CLSID\\ 键值: 字串: "@"="{248DD896-BB45-11CF-9ABC-0080C7E7B78D}" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MSWinsock.Winsock\\CurVer\\ 键值: 字串: "@"="MSWinsock.Winsock.1" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib \\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\\ HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib \\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\\1.0\\ HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib \\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\\1.0\\0\\ HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLi b\\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\\1.0\\0\\win32\\ 键值: 字串: """="C:\\WINDOWS\\system32\\MSWINSCK.OCX" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib \\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\\1.0 键值: 字串: "@"="Microsoft Winsock Control 6.0" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib \\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\\1.0\\FLAGS\\ 键值: 字串: "@"="2" 注：% System%是一个可变路径。病毒通过查询操作系统来决定当前System文件夹的位置。Windows2000/NT中默认的安装路径是C:\\Winnt\\System32，windows95/98/me中默认的安装路径是C:\\Windows\\System，windowsXP中默认的安装路径是C:\\Windows\\System32。清除方案 1、使用安天木马防线可彻底清除此病毒(推荐)。 2、手工清除请按照行为分析删除对应文件，恢复相关系统设置。 (1) 使用安天木马防线“进程管理”关闭病毒进程 (2) 删除病毒文件 %system32%\\mswinsck.ocx %system32%\\病毒名.exe (3) 恢复病毒修改的注册表项目，删除病毒添加的注册表项 HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows \\CurrentVersion\\Run 键值: 字串: "病毒名"="C:\\WINDOWS\\system32\\病毒名" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID \\{248DD896-BB45-11CF-9ABC-0080C7E7B78D} 键值: 字串: "@"="Microsoft WinSock Control, version 6.0" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID \\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\Control\\ HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID \\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\Implemented Categories\\ HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID \\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\Implemented Categories \\{0DE86A52-2BAA-11CF-A229-00AA003D7352}\\ HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID \\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\Implemented Categories \\{0DE86A53-2BAA-11CF-A229-00AA003D7352}\\ HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID \\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\Implemented Categories \\{0DE86A57-2BAA-11CF-A229-00AA003D7352}\\ HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID \\{248DD896-BB45-11CF-9ABC-0080C7E7B78D} \\Implemented Categories\\{40FC6ED4-2438-11CF-A3DB-080036F12502}\\ HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID \\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\Implemented Categories \\{40FC6ED5-2438-11CF-A3DB-080036F12502}\\ HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID \\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\InprocServer32\\ HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID \\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\InprocServer32\\ 键值: 字串: "@"="C:\\WINDOWS\\system32\\MSWINSCK.OCX" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID \\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\InprocServer32 键值: 字串: "ThreadingModel "="Apartment" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID \\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\MiscStatus\\ HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID \\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\MiscStatus\\1 键值: 字串: "@"="132497" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID \\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\MiscStatus 键值: 字串: "@"="0" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID \\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\ProgID 键值: 字串: "@"="MSWinsock.Winsock.1" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID \\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\Programmable\\ HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID \\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\ToolboxBitmap32 键值: 字串: "@"="C:\\WINDOWS\\system32\\MSWINSCK.OCX, 1" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID \\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\TypeLib 键值: 字串: "@"="{248DD890-BB45-11CF-9ABC-0080C7E7B78D}" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID \\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\Version 键值: 字串: "@"="1.0" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID \\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\\VersionIndependentProgID 键值: 字串: "@"="MSWinsock.Winsock" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID \\{248DD897-BB45-11CF-9ABC-0080C7E7B78D} 键值: 字串: "@"="Winsock General Property Page Object" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID \\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}\\InprocServer32 键值: 字串: "@"="C:\\WINDOWS\\system32\\MSWINSCK.OCX" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface \\{248DD892-BB45-11CF-9ABC-0080C7E7B78D} 键值: 字串: "@"="IMSWinsockControl" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface \\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\\ProxyStubClsid32 键值: 字串: "@"="{00020424-0000-0000-C000-000000000046}" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface \\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\\ProxyStubClsid 键值: 字串: "@"="{00020424-0000-0000-C000-000000000046}" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface \\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\\TypeLib 键值: 字串: "@"="{248DD890-BB45-11CF-9ABC-0080C7E7B78D}" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface \\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\\TypeLib 键值: 字串: "Version "="1.0" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface \\{248DD893-BB45-11CF-9ABC-0080C7E7B78D} 键值: 字串: "@"="DMSWinsockControlEvents" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface \\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\\ProxyStubClsid32 键值: 字串: "@"="{00020420-0000-0000-C000-000000000046}" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface \\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\\ProxyStubClsid\\ 键值: 字串: "@"="{00020420-0000-0000-C000-000000000046}" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface \\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\\TypeLib\\ 键值: 字串: "@"="{248DD890-BB45-11CF-9ABC-0080C7E7B78D}" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface \\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\\TypeLib 键值: 字串: "Version"="1.0" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MSWinsock.Winsock.1 键值: 字串: "@"="Microsoft WinSock Control, version 6.0" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MSWinsock.Winsock.1\\CLSID\\ 键值: 字串: "@"="{248DD896-BB45-11CF-9ABC-0080C7E7B78D}" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MSWinsock.Winsock\\ 键值: 字串: "@"="Microsoft WinSock Control, version 6.0" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MSWinsock.Winsock\\CLSID\\ 键值: 字串: "@"="{248DD896-BB45-11CF-9ABC-0080C7E7B78D}" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MSWinsock.Winsock\\CurVer\\ 键值: 字串: "@"="MSWinsock.Winsock.1" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib \\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\\ HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib \\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\\1.0\\ HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib \\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\\1.0\\0\\ HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib \\{248DD890-BB45-11CF-9ABC 0080C7E7B78D}\\1.0\\0\\win32\\ 键值: 字串: """="C:\\WINDOWS\\system32\\MSWINSCK.OCX" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib \\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\\1.0 键值: 字串: "@"="Microsoft Winsock Control 6.0" HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib \\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\\1.0\\FLAGS\\ 键值: 字串: "@"="2"
随便看	滇越猴欢喜滇越金线兰滇越省藤滇越水龙骨滇越铁路：一个法国家庭在中国的经历滇越五月茶滇云经纬滇云人才网滇云如歌滇云文化滇杂31 滇杂33号滇杂35号滇杂36号滇杂40 滇杂46号滇杂502 滇杂86 滇之奇葩：云南山茶花滇之月原创文学网滇中茶藨子滇中经济区滇中联播滇中盆地滇中绣线菊