内容摘要:该病毒利用了IFEO重定向劫持技术,使大量的杀毒软件和安全相关工具无法运行;会破坏安全模式,使中毒用户无法在安全模式下查杀病毒;会下载大量病毒到用户计算机来盗取用户有价值的信息和某些帐号;能通过可移动存储介质传播。
该病毒利用了IFEO重定向劫持技术,使大量的杀毒软件和安全相关工具无法运行;会破坏安全模式,使中毒用户无法在安全模式下查杀病毒;会下载大量病毒到用户计算机来盗取用户有价值的信息和某些帐号;能通过可移动存储介质传播。
1.生成文件
%programfiles%Common FilesMicrosoft SharedMSInfo{随机8位字母+数字名字}.dat
C:Program FilesCommon FilesMicrosoft SharedMSInfo{随机8位字母+数字名字}.dll
%windir%{随机8位字母+数字名字}.hlp
%windir%Help{随机8位字母+数字名字}.chm
也有可能生成如下文件
%sys32dir%{随机字母}.exe
替换%sys32dir%verclsid.exe文件2.生成以下注册表项来达到使病毒随系统启动而启动的目的。
HKEY_CLASSES_ROOTCLSID"随机CLSID"InprocServer32 "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID"随机CLSID" "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks "
生成的随机CLSID" ""
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun "随机字符串" "病毒文件全路径"3.生成以下注册表项来进行文件映像劫持,从而试图阻止相关安全软件运行,并执行病毒体。
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
Options360rpt.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
Options360Safe.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
Options360tray.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
Optionsadam.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsAgentSvr.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsAppSvc32.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
Optionsautoruns.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
Optionsavgrssvc.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsAvMonitor.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
Optionsavp.com Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
Optionsavp.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsCCenter.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsccSvcHst.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsFileDsty.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsFTCleanerShell.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsHijackThis.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsIceSword.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
Optionsiparmo.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsIparmor.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsisPwdSvc.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
Optionskabaload.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsKaScrScn.SCR Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsKASMain.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsKASTask.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsKAV32.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsKAVDX.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsKAVPFW.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsKAVSetup.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsKAVStart.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsKISLnchr.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsKMailMon.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsKMFilter.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsKPFW32.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsKPFW32X.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsKPFWSvc.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsKRegEx.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsKRepair.COM Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsKsLoader.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsKVCenter.kxp Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsKvDetect.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsKvfwMcl.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsKVMonXP.kxp Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsKVMonXP_1.kxp Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
Optionskvol.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
Optionskvolself.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsKvReport.kxp Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsKVScan.kxp Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsKVSrvXP.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsKVStub.kxp Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
Optionskvupload.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
Optionskvwsc.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsKvXP.kxp Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsKvXP_1.kxp Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsKWatch.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsKWatch9x.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsKWatchX.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
Optionsloaddll.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsMagicSet.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
Optionsmcconsol.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
Optionsmmqczj.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
Optionsmmsk.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsNAVSetup.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
Options
od32krn.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
Options
od32kui.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsPFW.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsPFWLiveUpdate.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsQHSET.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsRas.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsRav.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsRavMon.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsRavMonD.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsRavStub.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsRavTask.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsRegClean.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
Options
fwcfg.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsRfwMain.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
Options
fwProxy.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
Options
fwsrv.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsRsAgent.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsRsaupd.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
Options
uniep.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
Optionssafelive.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
Optionsscan32.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
Optionsshcfg32.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsSmartUp.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsSREng.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
Optionssymlcsvc.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsSysSafe.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsTrojanDetector.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsTrojanwall.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsTrojDie.kxp Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsUIHost.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsUmxAgent.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsUmxAttachment.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsUmxCfg.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsUmxFwHlp.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsUmxPol.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsUpLive.EXE.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
OptionsWoptiClean.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution
Optionszxsweep.exe Debugger "病毒文件全路径"
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceswscsvc Start dword:00000004
来源:赛迪网 作者:李铁军 责编:豆豆技术应用
点击搜索更多"AV终结者"相关信息
正在加载评论...
- 金山毒霸2008杀毒防护软件试用手记
- Gdwli32盗号木马专杀工具
- 魔域官方推出 “魔域木马专杀工具”
- “44939”木马爆发 360安全卫士发布专杀工具
- 360安全卫士U盘病毒专杀工具 v1.9
- 专杀流行病毒 新版超级巡警震撼登场
- 诺顿杀毒软件再曝误杀事件
- 免费使用杀毒软件 丰富奖品惊喜连连
- 瑞星08杀毒软件被指比病毒危险
- 杀毒软件互联网化成趋势 “免费”大旗齐飘扬