“Win32.Troj.Small.dx”的意思、由来-中文百科全书

简介

威胁级别：★

病毒类型：特洛伊木马

影响系统：Win 9x/ME,Win 2000/NT,Win XP,Win 2003

病毒行为: 该病毒是一个下载木马。其本身并没对系统造成破坏，但它会下载并执行其他两个木马。

下载地址

http://**.95.146.206/winsp5.exe

http://**.95.148.188/20509.exe

工作原理

该病毒会读取http://**.95.146.206/loaderbb.php?l=0804&adv=23网址内容解密下载地址。20509.exe病毒会行后在系统目录下生成ijupd.dll文件，并添加SLSID组件添加启动项和修改host文件屏蔽相关安全网站。winsp5.exe为一下载木马，该病毒会访问208.72.168.**地址和SLSID添加组件。

病毒信息

HKLM\\SOFTWARE\\Classes\\CLSID\\{2C1CD3D7-86AC-4068-93BC-A02304B20509}\\InProcServer32

"(Default)" = "%SystemRoot%\\system32\\ijupd.dll"

HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SharedTaskScheduler

"{2C1CD3D7-86AC-4068-93BC-A02304B20509}" = "DCOM Server 20509"

127.0.0.1 www.trendmicro.com

127.0.0.1 rads.mcafee.com

127.0.0.1 customer.symantec.com

127.0.0.1 liveupdate.symantec.com

127.0.0.1 us.mcafee.com

127.0.0.1 updates.symantec.com

127.0.0.1 www.nai.com

127.0.0.1 secure.nai.com

127.0.0.1 dispatch.mcafee.com

127.0.0.1 download.mcafee.com

127.0.0.1 www.my-etrust.com

127.0.0.1 mast.mcafee.com

127.0.0.1 ca.com

127.0.0.1 www.ca.com

127.0.0.1 networkassociates.com

127.0.0.1 www.networkassociates.com

127.0.0.1 avp.com

127.0.0.1 www.kaspersky.com

127.0.0.1 www.avp.com

127.0.0.1 downloads4.kaspersky-labs.com

127.0.0.1 downloads3.kaspersky-labs.com

127.0.0.1 downloads2.kaspersky-labs.com

127.0.0.1 downloads1.kaspersky-labs.com

127.0.0.1 www.f-secure.com

127.0.0.1 viruslist.com

127.0.0.1 www.viruslist.com

127.0.0.1 liveupdate.symantecliveupdate.com

127.0.0.1 www.mcafee.com

127.0.0.1 sophos.com

127.0.0.1 www.sophos.com

127.0.0.1 securityresponse.symantec.com

127.0.0.1 www.symantec.com

词条	Win32.Troj.Small.dx
释义	简介下载地址工作原理病毒信息简介威胁级别：★ 病毒类型：特洛伊木马影响系统：Win 9x/ME,Win 2000/NT,Win XP,Win 2003 病毒行为: 该病毒是一个下载木马。其本身并没对系统造成破坏，但它会下载并执行其他两个木马。下载地址 http://.95.146.206/winsp5.exe http://.95.148.188/20509.exe 工作原理该病毒会读取http://.95.146.206/loaderbb.php?l=0804&adv=23网址内容解密下载地址。20509.exe病毒会行后在系统目录下生成ijupd.dll文件，并添加SLSID组件添加启动项和修改host文件屏蔽相关安全网站。winsp5.exe为一下载木马，该病毒会访问208.72.168.地址和SLSID添加组件。病毒信息 HKLM\\SOFTWARE\\Classes\\CLSID\\{2C1CD3D7-86AC-4068-93BC-A02304B20509}\\InProcServer32 "(Default)" = "%SystemRoot%\\system32\\ijupd.dll" HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SharedTaskScheduler "{2C1CD3D7-86AC-4068-93BC-A02304B20509}" = "DCOM Server 20509" 127.0.0.1 www.trendmicro.com 127.0.0.1 rads.mcafee.com 127.0.0.1 customer.symantec.com 127.0.0.1 liveupdate.symantec.com 127.0.0.1 us.mcafee.com 127.0.0.1 updates.symantec.com 127.0.0.1 www.nai.com 127.0.0.1 secure.nai.com 127.0.0.1 dispatch.mcafee.com 127.0.0.1 download.mcafee.com 127.0.0.1 www.my-etrust.com 127.0.0.1 mast.mcafee.com 127.0.0.1 ca.com 127.0.0.1 www.ca.com 127.0.0.1 networkassociates.com 127.0.0.1 www.networkassociates.com 127.0.0.1 avp.com 127.0.0.1 www.kaspersky.com 127.0.0.1 www.avp.com 127.0.0.1 downloads4.kaspersky-labs.com 127.0.0.1 downloads3.kaspersky-labs.com 127.0.0.1 downloads2.kaspersky-labs.com 127.0.0.1 downloads1.kaspersky-labs.com 127.0.0.1 www.f-secure.com 127.0.0.1 viruslist.com 127.0.0.1 www.viruslist.com 127.0.0.1 liveupdate.symantecliveupdate.com 127.0.0.1 www.mcafee.com 127.0.0.1 sophos.com 127.0.0.1 www.sophos.com 127.0.0.1 securityresponse.symantec.com 127.0.0.1 www.symantec.com
随便看	焜上焜奕焜昱焜烨焠轮焠针焢肉焢肉盖饭焢窑焤焧焬燿焬耀焭焭焭单焭独焮红焮肿煆烧煇煖煖煖尘煖吹煖答世煖地