请输入您要查询的百科知识:

 

词条 Trojan/PSW.QQKdw.45
释义

Trojan/PSW.QQKdw.45

病毒类型:木马

危害等级:*

影响平台:Win9X/2000/XP/NT/Me/2003

Trojan/PSW.QQKdw.45是盗取qq密码的木马程序。

传播过程及特征:

1.病毒运行后,将创建下列文件:

%System%\\winsocks.dll, 36864字节

%WinDir%\\system.dat, 2719776字节

%WinDir%\\win.ini, 8294字节

%WinDir%\\desktop\\wdwej.exe, 16384字节

%WinDir%\\desktop\\r.exe, 12288字节

%WinDir%\\desktop\\bl.exe, 77824字节

%WinDir%\\ytsgfvz.exe, 434176字节

%WinDir%\\intren0t.exe, 36864字节

2.修改WIN.INI文件:

在WIN.INI中添加 run=c:\\windows\\kir.exe

3.修改注册表:

在注册表中添加下列启动项:

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]

"ytsgfvz" = %WinDir%\\ytsgfvz.exe

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]

"golci" = %program files%\\golci.exe

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]

"bbh" = %WinDir%\\bbh.exe

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]

"INDEX" = %WinDir%\\desktop\\index.exe

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]

"Intren0t" = %WinDir%\\intren0t.exe

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServices]

"ytsgfvz" = %WinDir%\\ytsgfvz.exe

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServices]

"golci" = %program files%\\golci.exe

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServices]

"bbh" = %WinDir%\\bbh.exe

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServices]

"INDEX" = %WinDir%\\desktop\\index.exe

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServices]

"Intren0t" = %WinDir%\\intren0t.exe

[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]

"ytsgfvz" = %WinDir%\\ytsgfvz.exe

[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]

"golci" = %program files%\\golci.exe

[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]

"bbh" = %WinDir%\\bbh.exe

[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]

"INDEX" = %WinDir%\\desktop\\index.exe

[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Runservices]

"ytsgfvz" = %WinDir%\\ytsgfvz.exe

[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Runservices]

"golci" = %program files%\\golci.exe

[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Runservices]

"bbh" = %WinDir%\\bbh.exe

[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Runservices]

"INDEX" = %WinDir%\\desktop\\index.exe

这样,在Windows启动时,病毒就可以自动执行。

随便看

 

百科全书收录4421916条中文百科知识,基本涵盖了大多数领域的百科知识,是一部内容开放、自由的电子版百科全书。

 

Copyright © 2004-2023 Cnenc.net All Rights Reserved
更新时间:2024/12/24 0:07:18