词条 | Win32.Troj.Goweh.a |
释义 | 该病毒是一个修改浏览器主页的木马病毒。该病毒运行后不停地添加启动项,修改浏览器主页,严重影响了系统的性能;该病毒还会会屏蔽大量站点,给网民造成了很大的不便。 病毒介绍病毒别名:(无) 处理时间:2005-10-11 威胁级别:★ 中文名称:(无) 病毒类型:木马 影响系统:Win 9x/ME,Win 2000/NT,Win XP,Win 2003 病毒行为1.生成文件%Current%\etwork.sys 2.添加启动项HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "UserSystem" = "%CurrentFile%" HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run "UserSystem" = "%CurrentFile%" 3.修改主页HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main "Start Page" = "http://smartsearch.ws" HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main "Default_Page_URL" = "http://smartsearch.ws" HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main "Start Page" = "http://smartsearch.ws" HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main "Default_Page_URL" = "http://smartsearch.ws" HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main "Search Page" = "http://smartsearch.ws/?q=" HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main "Search Bar" = "http://smartsearch.ws/?q=" HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main "Default_Search_URL" = "http://smartsearch.ws/?q=" HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer "SearchURL" = "http://smartsearch.ws/?q=" HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer "Search" = "http://smartsearch.ws/?q=" HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main "Search Page" = "http://smartsearch.ws/?q=" HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main "Search Bar" = "http://smartsearch.ws/?q=" HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main "Default_Search_URL" = "http://smartsearch.ws/?q=" HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer "SearchURL" = "http://smartsearch.ws/?q=" HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer "Search" = "http://smartsearch.ws/?q=" HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\URL\\DefaultPrefix "default" = "http://smartsearch.ws/?q=" HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\URL\\Prefixes "www" = "http://smartsearch.ws/?q=" HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Search "SearchAssistant" = "http://smartsearch.ws/?q=" HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Search "CustomizeSearch"= "http://smartsearch.ws/?q=" 4.通过改写hosts文件屏蔽以下网站127.0.0.1 forums.spywareinfo.com 127.0.0.1 www.spywareinfo.com 127.0.0.1 www.merijn.org 127.0.0.1 merijn.org 127.0.0.1 spywareinfo.com 127.0.0.1 www.computercops.biz 127.0.0.1 computercops.biz 127.0.0.1 dslreports.com 127.0.0.1 www.dslreports.com 127.0.0.1 www.lavasoftsupport.com 127.0.0.1 lavasoftsupport.com 127.0.0.1 www.lurkhere.com 127.0.0.1 lurkhere.com 127.0.0.1 forums.net-integration.net 127.0.0.1 www.pctalk.info 127.0.0.1 pctalk.info 127.0.0.1 www.suggestafix.com 127.0.0.1 suggestafix.com 127.0.0.1 forums.thiefware.com 127.0.0.1 www.tomcoyote.org 127.0.0.1 tomcoyote.org 127.0.0.1 www.wilderssecurity.com 127.0.0.1 wilderssecurity.com 127.0.0.1 www.winguides.com 127.0.0.1 winguides.com 127.0.0.1 www.spybot-spyware.com 127.0.0.1 spybot-spyware.com 127.0.0.1 1spybot.com 127.0.0.1 www.1spybot.com 127.0.0.1 www.lavasoftusa.com 127.0.0.1 lavasoftusa.com 127.0.0.1 www.spychecker.com 127.0.0.1 spychecker.com 127.0.0.1 www.grc.com 127.0.0.1 grc.com 127.0.0.1 www.cexx.org 127.0.0.1 cexx.org 127.0.0.1 security.kolla.de 127.0.0.1 www.security.kolla.de 127.0.0.1 simplythebest.net 127.0.0.1 www.simplythebest.net 127.0.0.1 www.spywareguide.com 127.0.0.1 spywareguide.com 127.0.0.1 www.spyware.co.uk 127.0.0.1 spyware.co.uk 127.0.0.1 www.lavasoft.de 127.0.0.1 lavasoft.de 127.0.0.1 www.webopedia.com 127.0.0.1 webopedia.com 127.0.0.1 www.ZeroSpyWare.com 127.0.0.1 ZeroSpyWare.com 127.0.0.1 www.spectorsoft.com 127.0.0.1 spectorsoft.com 127.0.0.1 www.Spy--Software.com 127.0.0.1 Spy--Software.com 127.0.0.1 www.sunbelt-software.com 127.0.0.1 sunbelt-software.com 127.0.0.1 www.spycleaner.net 127.0.0.1 spycleaner.net 127.0.0.1 www.EnigmaSoftwareGroup.com 127.0.0.1 EnigmaSoftwareGroup.com 127.0.0.1 www.no-spybot.com 127.0.0.1 no-spybot.com 预防、修复措施预防在%Current%\\下建立同名文件夹,文件夹里利用dos命令md n..\\建立文件夹,可保证病毒文件不能生成。 修复一切杀毒软件都可以。因为病毒没有明显的克制杀毒软件、屏蔽杀软网站等行为。360、Rav、Kaspersky、江民、金山毒霸、Avira、Norton 360都是不错的选择。 |
随便看 |
百科全书收录4421916条中文百科知识,基本涵盖了大多数领域的百科知识,是一部内容开放、自由的电子版百科全书。