“Win32.Troj.Downloader.fr”的意思、由来-中文百科全书

基本信息

威胁级别：★

病毒类型：木马

影响系统：Win 9x/ME,Win 2000/NT,Win XP,Win 2003

病毒行为:

该病毒是一个下载木马。它会下载并安广告软件。建议电脑用户升级病毒库查杀该病毒，以免中毒受害。

病毒内容

1、生成的文件

C:\\Documents and Settings\\All Users\\Templates\\temp.exe

C:\\Program Files\\Common Files\\System\\Update.dat

C:\\Program Files\\Common Files\\System\\Update.exe

C:\\WINNT\\system32\\rundllfromwin2000.exe

C:\\WINNT\\system32\\wbem\\ocmor.dll

C:\\WINNT\\system32\\wbem\\mnevno40.dll

C:\\WINNT\\system32\\Score.txt

C:\\WINNT\\system32\\advport.dll

C:\\WINNT\\system32\\tbcaqm26.dll

C:\\Documents and Settings\\administrator\\Favorites\\多特软件站-最安全放心的软件站.url

2、添加注册表启动项

HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run

"System" = "C:\\Program Files\\Common Files\\System\\Update.exe"

3、添加伪系统服务和驱动

HKLM\\System\\CurrentControlSet\\Services\\DATEING

"Type" = "0x10"

HKLM\\System\\CurrentControlSet\\Services\\DATEING

"Start" = "0x2"

HKLM\\System\\CurrentControlSet\\Services\\DATEING

"ImagePath" = "C:\\WINNT\\SYSTEM32\\RUNDLLFROMWIN2000.EXE C:\\WINNT\\SYSTEM32\\WBEM\\MNEVNO40.DLL,Export 1087"

HKLM\\System\\CurrentControlSet\\Services\\paraudio

"Type" = "0x1"

HKLM\\System\\CurrentControlSet\\Services\\paraudio

"Start" = "0x2"

HKLM\\System\\CurrentControlSet\\Services\\paraudio

"ImagePath" = "\\??\\C:\\WINNT\\system32\\drivers\\paraudio.sys"

HKLM\\System\\CurrentControlSet\\Services\\paraudio

"DisplayName" = "paraudio"

HKLM\\System\\CurrentControlSet\\Services\\License

"Type" = "0x20"

HKLM\\System\\CurrentControlSet\\Services\\License

"Start" = "0x2"

HKLM\\System\\CurrentControlSet\\Services\\License

"ImagePath" = "%SystemRoot%\\System32\\svchost.exe -k netsvcs"

HKLM\\SYSTEM\\CurrentControlSet\\Services\\License

"DisplayName" = "Windows Gateway"

HKLM\\SYSTEM\\CurrentControlSet\\Services\\License

"Description" = "防火墙保护机制，为 Internet 连接共享和 Windows 防火墙提供高效的保护支持。无法终止此服务。"

HKLM\\SYSTEM\\CurrentControlSet\\Services\\License

"Parameters" = ServiceDll"C:\\WINNT\\system32\\tbcaqm26.dll"

5、添加注册表信息

HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\typedUrls

"url5" = "http://www/index.html"

6、添加卸载程序，实则并不存在卸载

HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\coolsign

"DisplayName" = "CoolSign"

HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\coolsign

"UninstallString" = "C:\\Program Files\\coolsign\\uninst.exe"

词条	Win32.Troj.Downloader.fr
释义	基本信息病毒内容基本信息威胁级别：★ 病毒类型：木马影响系统：Win 9x/ME,Win 2000/NT,Win XP,Win 2003 病毒行为: 该病毒是一个下载木马。它会下载并安广告软件。建议电脑用户升级病毒库查杀该病毒，以免中毒受害。病毒内容 1、生成的文件 C:\\Documents and Settings\\All Users\\Templates\\temp.exe C:\\Program Files\\Common Files\\System\\Update.dat C:\\Program Files\\Common Files\\System\\Update.exe C:\\WINNT\\system32\\rundllfromwin2000.exe C:\\WINNT\\system32\\wbem\\ocmor.dll C:\\WINNT\\system32\\wbem\\mnevno40.dll C:\\WINNT\\system32\\Score.txt C:\\WINNT\\system32\\advport.dll C:\\WINNT\\system32\\tbcaqm26.dll C:\\Documents and Settings\\administrator\\Favorites\\多特软件站-最安全放心的软件站.url 2、添加注册表启动项 HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "System" = "C:\\Program Files\\Common Files\\System\\Update.exe" 3、添加伪系统服务和驱动 HKLM\\System\\CurrentControlSet\\Services\\DATEING "Type" = "0x10" HKLM\\System\\CurrentControlSet\\Services\\DATEING "Start" = "0x2" HKLM\\System\\CurrentControlSet\\Services\\DATEING "ImagePath" = "C:\\WINNT\\SYSTEM32\\RUNDLLFROMWIN2000.EXE C:\\WINNT\\SYSTEM32\\WBEM\\MNEVNO40.DLL,Export 1087" HKLM\\System\\CurrentControlSet\\Services\\paraudio "Type" = "0x1" HKLM\\System\\CurrentControlSet\\Services\\paraudio "Start" = "0x2" HKLM\\System\\CurrentControlSet\\Services\\paraudio "ImagePath" = "\\??\\C:\\WINNT\\system32\\drivers\\paraudio.sys" HKLM\\System\\CurrentControlSet\\Services\\paraudio "DisplayName" = "paraudio" HKLM\\System\\CurrentControlSet\\Services\\License "Type" = "0x20" HKLM\\System\\CurrentControlSet\\Services\\License "Start" = "0x2" HKLM\\System\\CurrentControlSet\\Services\\License "ImagePath" = "%SystemRoot%\\System32\\svchost.exe -k netsvcs" HKLM\\SYSTEM\\CurrentControlSet\\Services\\License "DisplayName" = "Windows Gateway" HKLM\\SYSTEM\\CurrentControlSet\\Services\\License "Description" = "防火墙保护机制，为 Internet 连接共享和 Windows 防火墙提供高效的保护支持。无法终止此服务。" HKLM\\SYSTEM\\CurrentControlSet\\Services\\License "Parameters" = ServiceDll"C:\\WINNT\\system32\\tbcaqm26.dll" 5、添加注册表信息 HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\typedUrls "url5" = "http://www/index.html" 6、添加卸载程序，实则并不存在卸载 HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\coolsign "DisplayName" = "CoolSign" HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\coolsign "UninstallString" = "C:\\Program Files\\coolsign\\uninst.exe"
随便看	枪影枪用高射瞄准具枪与巧克力枪扎一线枪战部落枪战国防枪战竞技场枪战恐怖分子枪战生存枪镇枪支管理使用教程枪支俱乐部2 枪支荣耀枪支荣耀二战版枪支运输大卡车枪之花枪之荣耀二战版枪之荣耀二战汉化版枪之岳枪族枪砀呛啍呛白呛拌萝卜缨呛拌土豆片