请输入您要查询的百科知识:

 

词条 Trojan/Startpage.fi
释义

Trojan/Startpage.fi

病毒长度:90,112 字节

病毒类型:木马

危害等级:*

影响平台:Win9X/2000/XP/NT/Me

Trojan/Startpage.fi修改注册表并重写Hosts文件,通常是通过其它的木马下载并执行。它实际上是一个用regsvr32.exe, rundll32.exe或其它程序注册的DLL文件。

传播过程及特征:

1.用文本内容:

127.0.0.1 localhost

重写文件Hosts:

%Windir%\\Hosts

%Windir%System\\Drivers\\Etc\\Hosts

2.修改注册表:

/添加键值:"Host"=""

到注册表:

HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run

/添加子键:

HKEY_CLASSES_ROOT\\DP.MIMEFilter

HKEY_CLASSES_ROOT\\DP.MIMEFilter.1

HKEY_CLASSES_ROOT\\CLSID\\{657F70CB-580A-412A-B71F-AA29DBEAC0C3}

HKEY_CLASSES_ROOT\\PROTOCOLS\\Filter\\text/html

HKEY_CLASSES_ROOT\\TypeLib\\{5B71F990-53CD-4832-8CA2-36EA2D70B871}

/删除子键:

HKEY_CLASSES_ROOT\\PROTOCOLS\\Handler\\ms-its

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVErsion\\Explorer\\Browser Helper Objects

/修改键值:HKEY_CLASSES_ROOT\\PROTOCOLS\\Filter\\text/html

"(Default)"="DP.MIMEFilter"

"CLSID"="{657F70CB-580A-412A-B71F-AA29DBEAC0C3}"

/修改键值: HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Search

"(Default)" = "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D_%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

"SearchAssistant" = "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D_%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

"CustomizeSearch" = "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D_%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

/修改键值: HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main

"Default_Search_URL" = "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D_%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

"Search Bar" = "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D_%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

"Start Page" = "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D_%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%68%70/"

"Search Page" = "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D_%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

/修改键值: HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\SearchUrl

"(Default)" = "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D_%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

/修改键值: HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Search

"(Default)" = "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D_%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

/修改键值:

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\SearchUrl

"(Default)" = "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D_%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

/修改键值:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main

"Search Bar" = "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D_%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

"Default_Search_URL" = "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D_%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

"Search Page" = "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D_%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

"Start Page" = "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D_%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%68%70/"

/修改键值: HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Search

"SearchAssistant" = "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D_%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

"CustomizeSearch" = "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D_%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

/修改键值:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\URL\\DefaultPrefix

"(Default)" = "http://%65%68%74%74%70%2E%63%63/?"

/修改键值:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\URL\\Prefixes

"www" = "http://%65%68%74%74%70%2E%63%63/?"

注:%Windir%为变量,一般为C:\\Windows 或 C:\\Winnt;

%System%为变量,一般为C:\\Windows\\System (Windows 95/98/Me),

C:\\Winnt\\System32 (Windows NT/2000), 或

C:\\Windows\\System32 (Windows XP)。

随便看

 

百科全书收录4421916条中文百科知识,基本涵盖了大多数领域的百科知识,是一部内容开放、自由的电子版百科全书。

 

Copyright © 2004-2023 Cnenc.net All Rights Reserved
更新时间:2024/12/23 14:04:06