请输入您要查询的百科知识:

 

词条 Win32.Troj.Goweh.a
释义

该病毒是一个修改浏览器主页的木马病毒。该病毒运行后不停地添加启动项,修改浏览器主页,严重影响了系统的性能;该病毒还会会屏蔽大量站点,给网民造成了很大的不便。

病毒介绍

病毒别名:(无)

处理时间:2005-10-11

威胁级别:★

中文名称:(无)

病毒类型:木马

影响系统:Win 9x/ME,Win 2000/NT,Win XP,Win 2003

病毒行为

1.生成文件

%Current%\etwork.sys

2.添加启动项

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run

"UserSystem" = "%CurrentFile%"

HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run

"UserSystem" = "%CurrentFile%"

3.修改主页

HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main

"Start Page" = "http://smartsearch.ws"

HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main

"Default_Page_URL" = "http://smartsearch.ws"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main

"Start Page" = "http://smartsearch.ws"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main

"Default_Page_URL" = "http://smartsearch.ws"

HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main

"Search Page" = "http://smartsearch.ws/?q="

HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main

"Search Bar" = "http://smartsearch.ws/?q="

HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main

"Default_Search_URL" = "http://smartsearch.ws/?q="

HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer

"SearchURL" = "http://smartsearch.ws/?q="

HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer

"Search" = "http://smartsearch.ws/?q="

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main

"Search Page" = "http://smartsearch.ws/?q="

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main

"Search Bar" = "http://smartsearch.ws/?q="

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main

"Default_Search_URL" = "http://smartsearch.ws/?q="

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer

"SearchURL" = "http://smartsearch.ws/?q="

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer

"Search" = "http://smartsearch.ws/?q="

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\URL\\DefaultPrefix

"default" = "http://smartsearch.ws/?q="

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\URL\\Prefixes

"www" = "http://smartsearch.ws/?q="

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Search

"SearchAssistant" = "http://smartsearch.ws/?q="

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Search

"CustomizeSearch"= "http://smartsearch.ws/?q="

4.通过改写hosts文件屏蔽以下网站

127.0.0.1 forums.spywareinfo.com

127.0.0.1 www.spywareinfo.com

127.0.0.1 www.merijn.org

127.0.0.1 merijn.org

127.0.0.1 spywareinfo.com

127.0.0.1 www.computercops.biz

127.0.0.1 computercops.biz

127.0.0.1 dslreports.com

127.0.0.1 www.dslreports.com

127.0.0.1 www.lavasoftsupport.com

127.0.0.1 lavasoftsupport.com

127.0.0.1 www.lurkhere.com

127.0.0.1 lurkhere.com

127.0.0.1 forums.net-integration.net

127.0.0.1 www.pctalk.info

127.0.0.1 pctalk.info

127.0.0.1 www.suggestafix.com

127.0.0.1 suggestafix.com

127.0.0.1 forums.thiefware.com

127.0.0.1 www.tomcoyote.org

127.0.0.1 tomcoyote.org

127.0.0.1 www.wilderssecurity.com

127.0.0.1 wilderssecurity.com

127.0.0.1 www.winguides.com

127.0.0.1 winguides.com

127.0.0.1 www.spybot-spyware.com

127.0.0.1 spybot-spyware.com

127.0.0.1 1spybot.com

127.0.0.1 www.1spybot.com

127.0.0.1 www.lavasoftusa.com

127.0.0.1 lavasoftusa.com

127.0.0.1 www.spychecker.com

127.0.0.1 spychecker.com

127.0.0.1 www.grc.com

127.0.0.1 grc.com

127.0.0.1 www.cexx.org

127.0.0.1 cexx.org

127.0.0.1 security.kolla.de

127.0.0.1 www.security.kolla.de

127.0.0.1 simplythebest.net

127.0.0.1 www.simplythebest.net

127.0.0.1 www.spywareguide.com

127.0.0.1 spywareguide.com

127.0.0.1 www.spyware.co.uk

127.0.0.1 spyware.co.uk

127.0.0.1 www.lavasoft.de

127.0.0.1 lavasoft.de

127.0.0.1 www.webopedia.com

127.0.0.1 webopedia.com

127.0.0.1 www.ZeroSpyWare.com

127.0.0.1 ZeroSpyWare.com

127.0.0.1 www.spectorsoft.com

127.0.0.1 spectorsoft.com

127.0.0.1 www.Spy--Software.com

127.0.0.1 Spy--Software.com

127.0.0.1 www.sunbelt-software.com

127.0.0.1 sunbelt-software.com

127.0.0.1 www.spycleaner.net

127.0.0.1 spycleaner.net

127.0.0.1 www.EnigmaSoftwareGroup.com

127.0.0.1 EnigmaSoftwareGroup.com

127.0.0.1 www.no-spybot.com

127.0.0.1 no-spybot.com

预防、修复措施

预防

在%Current%\\下建立同名文件夹,文件夹里利用dos命令md n..\\建立文件夹,可保证病毒文件不能生成。

修复

一切杀毒软件都可以。因为病毒没有明显的克制杀毒软件、屏蔽杀软网站等行为。360、Rav、Kaspersky、江民、金山毒霸、Avira、Norton 360都是不错的选择。

随便看

 

百科全书收录4421916条中文百科知识,基本涵盖了大多数领域的百科知识,是一部内容开放、自由的电子版百科全书。

 

Copyright © 2004-2023 Cnenc.net All Rights Reserved
更新时间:2024/12/23 11:42:54