“Win32.Troj.Banker.aw”的意思、由来-中文百科全书

病毒别名：

处理时间：2005-09-27

威胁级别：★

中文名称：

病毒类型：木马

病毒行为:

1. 病毒首先将自身复制到%Windir%目录下，然后在注册表添加启动项，以实现开机自启：

[HKCU\\Software\\Microsoft\\CurrentVersion\\Run]

"Ole" = "%WinDir%\\病毒文件名"

2. 接着病毒对自身路径进行判断，如果不是位于%WinDir%目录下，病毒将运行复制到

%WinDir%目录下的病毒体，然后退出；如果病毒位于%WinDir%目录下，病毒将继续

运行。病毒通过这种方法保证系统中只会有一个病毒进程在运行。

3. 首先病毒利用Protected Storage服务获取本地机器的各种密码，包括：

Outlook 密码

Outlook帐号密码

IE 密码保存站点密码

MSN登陆密码

IE 自动保存密码

4. 然后病毒清楚Cookie，以便下次用户登录时，不得不输入密码，这样病毒就可以通

过监控键盘记录，获取密码信息。

5. 接着，病毒有释放名为MS_DLL.dll动态链接库文件，并调用其中的钩子函数，对运

行窗口进行监控，当窗口为以下名字时，病毒就开始进行键盘监控：

Citi

Charter

Registered Users

Charter - Home

Welcome to GCI.net, Alaska,27h,s Internet

Web Mail Login

COX.net for

Cox High Speed Internet WebMail

Total Access

Screen Name Sign In

AOL.com

Member Identification

Welcome To Patriot Media

Patriot Media

TDSMAIL

TDS Internet Services - Manage Your Internet Account

Welcome to TDS: High-Speed DSL, Dial-up and Internet Services

AT&T Worldnet Login

BellSouth - Web E-mail

SusCom Start Page - Home

suscom.net WebMail

PayPal

e-gold Account Access

Account Creation

Get a New Password or Search for Your ICQ Number

Get a New Password

Earthlink

Billing

Optimum Online Webmail

bank

account

Bank of America | Online Banking | Enrollment

Bank of America | Please Select Your State

Bank of America | Online Banking | Get Help with Your Online

ID | Enter Your ATM PIN

Bank of America | Online Banking | Accounts Overview

Bank of America | Home | Personal

Bank Of America Online Banking

Welcome to Citi

Citi - Sign On

Citi? U.S. Cards

Citibank Lookup User ID

Citibank Reset Password

CitiBusiness Online

AT&T Universal Sign-on

Capital One Online Account Services - Login

Capital One Online Banking

Cardmember Services - Home

Welcome to Cardmember Access

Fleet | Fleet HomeLink Online Banking and Investing: Online

Banking: Fleet HomeLink

e-gold Account Access

iBill Payment Page

HPshopping.com - sign in

PayPal - Log In

Fethard finance

Wells Fargo Home Page

Barclays IBank

U.S. Bank Internet Banking

RBC Financial Group - Online Banking

LloydsTSB online - Welcome

Key Bank - Online Banking

Welcome to Flagstar Bank,27h,s Internet Banking

Fool.com: Login

NatWest OnLine Banking

AIB 24hour-online

Washington Mutual - Log On

Egg Security Login

HSBC Bank plc: Internet Banking Log On

Please sign in

Juniper - Save Time and Money with the Juniper Credit Card

6. 病毒还建立线程，每隔10毫秒清空clipboard，使用户不得不用键盘输入密码。

7. 获取密码后，病毒利用自带的smtp引擎将这些信息发送到指定的信箱。

词条	Win32.Troj.Banker.aw
释义	Win32.Troj.Banker.aw，是一个盗取银行等多种登录密码的木马病毒。影响系统有：Win 9x/ME，Win 2000/NT，Win XP，Win 2003。病毒别名：处理时间：2005-09-27 威胁级别：★ 中文名称：病毒类型：木马病毒行为: 1. 病毒首先将自身复制到%Windir%目录下，然后在注册表添加启动项，以实现开机自启： [HKCU\\Software\\Microsoft\\CurrentVersion\\Run] "Ole" = "%WinDir%\\病毒文件名" 2. 接着病毒对自身路径进行判断，如果不是位于%WinDir%目录下，病毒将运行复制到 %WinDir%目录下的病毒体，然后退出；如果病毒位于%WinDir%目录下，病毒将继续运行。病毒通过这种方法保证系统中只会有一个病毒进程在运行。 3. 首先病毒利用Protected Storage服务获取本地机器的各种密码，包括： Outlook 密码 Outlook帐号密码 IE 密码保存站点密码 MSN登陆密码 IE 自动保存密码 4. 然后病毒清楚Cookie，以便下次用户登录时，不得不输入密码，这样病毒就可以通过监控键盘记录，获取密码信息。 5. 接着，病毒有释放名为MS_DLL.dll动态链接库文件，并调用其中的钩子函数，对运行窗口进行监控，当窗口为以下名字时，病毒就开始进行键盘监控： Citi Charter Registered Users Charter - Home Welcome to GCI.net, Alaska,27h,s Internet Web Mail Login COX.net for Cox High Speed Internet WebMail Login Total Access Screen Name Sign In AOL.com SIGN IN - Comcast.net Member Identification Welcome To Patriot Media Patriot Media TDSMAIL TDS Internet Services - Manage Your Internet Account Welcome to TDS: High-Speed DSL, Dial-up and Internet Services AT&T Worldnet Login BellSouth - Web E-mail SusCom Start Page - Home suscom.net WebMail PayPal e-gold Account Access Account Creation Sign in to Yahoo! Sign In Get a New Password or Search for Your ICQ Number Get a New Password Earthlink Billing Optimum Online Webmail bank account Bank of America \| Online Banking \| Enrollment Bank of America \| Please Select Your State Bank of America \| Online Banking \| Get Help with Your Online ID \| Enter Your ATM PIN Bank of America \| Online Banking \| Accounts Overview Bank of America \| Home \| Personal Bank Of America Online Banking Welcome to Citi Citi - Sign On Citi? U.S. Cards Citibank Lookup User ID Citibank Reset Password CitiBusiness Online AT&T Universal Sign-on Capital One Online Account Services - Login Capital One Online Banking Cardmember Services - Home Welcome to Cardmember Access Fleet \| Fleet HomeLink Online Banking and Investing: Online Banking: Fleet HomeLink e-gold Account Access Sign In iBill Payment Page HPshopping.com - sign in PayPal - Log In Fethard finance Wells Fargo Home Page Barclays IBank U.S. Bank Internet Banking RBC Financial Group - Online Banking LloydsTSB online - Welcome Key Bank - Online Banking Welcome to Flagstar Bank,27h,s Internet Banking Fool.com: Login NatWest OnLine Banking AIB 24hour-online Washington Mutual - Log On Egg Security Login HSBC Bank plc: Internet Banking Log On Please sign in Juniper - Save Time and Money with the Juniper Credit Card 6. 病毒还建立线程，每隔10毫秒清空clipboard，使用户不得不用键盘输入密码。 7. 获取密码后，病毒利用自带的smtp引擎将这些信息发送到指定的信箱。
随便看	沈季长沈季民沈季姚沈济沈济黄沈济贤沈寄簃先生遗书沈记全沈记阳澄湖大闸蟹沈继澄沈继芳沈继方沈继国沈继和沈继龙沈继伟沈继友沈继忠沈继宗沈纪宗沈嘉茶艺培训学校沈嘉树沈嘉蔚油画艺术沈嘉炎沈嘉澍