词条 | Trojan/PSW.QQKdw.45 |
释义 | Trojan/PSW.QQKdw.45 病毒类型:木马 危害等级:* 影响平台:Win9X/2000/XP/NT/Me/2003 Trojan/PSW.QQKdw.45是盗取qq密码的木马程序。 传播过程及特征: 1.病毒运行后,将创建下列文件: %System%\\winsocks.dll, 36864字节 %WinDir%\\system.dat, 2719776字节 %WinDir%\\win.ini, 8294字节 %WinDir%\\desktop\\wdwej.exe, 16384字节 %WinDir%\\desktop\\r.exe, 12288字节 %WinDir%\\desktop\\bl.exe, 77824字节 %WinDir%\\ytsgfvz.exe, 434176字节 %WinDir%\\intren0t.exe, 36864字节 2.修改WIN.INI文件: 在WIN.INI中添加 run=c:\\windows\\kir.exe 3.修改注册表: 在注册表中添加下列启动项: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run] "ytsgfvz" = %WinDir%\\ytsgfvz.exe [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run] "golci" = %program files%\\golci.exe [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run] "bbh" = %WinDir%\\bbh.exe [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run] "INDEX" = %WinDir%\\desktop\\index.exe [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run] "Intren0t" = %WinDir%\\intren0t.exe [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServices] "ytsgfvz" = %WinDir%\\ytsgfvz.exe [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServices] "golci" = %program files%\\golci.exe [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServices] "bbh" = %WinDir%\\bbh.exe [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServices] "INDEX" = %WinDir%\\desktop\\index.exe [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServices] "Intren0t" = %WinDir%\\intren0t.exe [HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run] "ytsgfvz" = %WinDir%\\ytsgfvz.exe [HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run] "golci" = %program files%\\golci.exe [HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run] "bbh" = %WinDir%\\bbh.exe [HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run] "INDEX" = %WinDir%\\desktop\\index.exe [HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Runservices] "ytsgfvz" = %WinDir%\\ytsgfvz.exe [HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Runservices] "golci" = %program files%\\golci.exe [HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Runservices] "bbh" = %WinDir%\\bbh.exe [HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Runservices] "INDEX" = %WinDir%\\desktop\\index.exe 这样,在Windows启动时,病毒就可以自动执行。 |
随便看 |
百科全书收录4421916条中文百科知识,基本涵盖了大多数领域的百科知识,是一部内容开放、自由的电子版百科全书。