词条 | Win32.Troj.QQpass68 |
释义 | 病毒别名: 处理时间: 威胁级别:★ 中文名称:QQ杀手 病毒类型:木马 影响系统:Windows 2000, Windows 95, Windows 98, Windows Me, 病毒行为: 编写工具: vb 传染条件: 将自己伪装成flash动画,诱使用户双击运行 发作条件: 当用户登陆QQ时,此木马将记录用户的qq密码并通过邮件发送给攻击者. 系统修改: 1,拷贝自身到: C:wel.txt C:DebugFi.txt C:Program FilestRtlRu.EXE D:Documents and SettingsillMMifz.EXE %system%EXPLOREA.EXE E:Documents and SettingsGTduayy.EXE E:Program FilesEazr.EXE E:Program Filesswbp.EXE E:RECYCLERlYUiEcO.EXE E:System Volume InformationVKal.EXE F:BackupgAQCH.EXE 2,修改下列注册表键值: HKEY_CLASSES_ROOTchm.fileshellopencommand ""D:WINNThh.exe" %1" "F:BackupgAQCH.EXE %1" HKEY_CLASSES_ROOTexefileshellopencommand ""%1" %*" "E:System Volume InformationVKal.EXE %1 %*" HKEY_CLASSES_ROOTinifileshellopencommand "E:Program FilesEazr.EXE %1" HKEY_CLASSES_ROOT egfileshellopencommand "regedit.exe "%1"" "D:Documents and SettingsillMMifz.EXE %1" HKEY_CLASSES_ROOTscrfileshellopencommand ""%1" /S" "E:Program Filesswbp.EXE %1" HKEY_CLASSES_ROOT xtfileshellopencommand "E:RECYCLERlYUiEcO.EXE %1" HKEY_LOCAL_MACHINESOFTWAREClasseschm.fileshellopencommand ""D:WINNThh.exe" %1" "F:BackupgAQCH.EXE %1" HKEY_LOCAL_MACHINESOFTWAREClassesexefileshellopencommand ""%1" %*" "E:System Volume InformationVKal.EXE %1 %*" HKEY_LOCAL_MACHINESOFTWAREClassesinifileshellopencommand "E:Program FilesEazr.EXE %1" HKEY_LOCAL_MACHINESOFTWAREClasses egfileshellopencommand "regedit.exe "%1"" "D:Documents and SettingsillMMifz.EXE %1" HKEY_LOCAL_MACHINESOFTWAREClassesscrfileshellopencommand ""%1" /S" "E:Program Filesswbp.EXE %1" HKEY_LOCAL_MACHINESOFTWAREClasses xtfileshellopencommand "E:RECYCLERlYUiEcO.EXE %1" 这样当用户打开扩展名为chm exe ini reg src txt文件时,木马就会自动运行 3,病毒运行后将会用windows的记事本打开一个自己生成的文件C:wel.txt, 内容为Welcome! 发作现象: 木马运行后会自动打开一个windows的记事本,标题问wel.txt,内容为welcome! 特别说明: |
随便看 |
百科全书收录4421916条中文百科知识,基本涵盖了大多数领域的百科知识,是一部内容开放、自由的电子版百科全书。