内容摘要:U盘病毒详细介绍
%System%timedate.cpl
各分区根目录释放
X:autorun.inf
autorun.inf 内容
[autorun]
Open=EvilDay.exe
shellexecute=EvilDay.exe
shell打开(&O)command=EvilDay.exe
shell=打开(&O)
shell2=浏览(&B)
shell2Command=EvilDay.exe
shell3=资源管理器(&X)
shell3Command=EvilDay.exe
修改注册表:
病毒创建启动项
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun]
"NOTEPAD"="%Windows%CMD32.exe"
修改自动播放禁用设置
[HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer]
"NoDriveTypeAutoRun"=dword:0000005b
禁用“显示所有文件和文件夹”
[HKCUSOFTWAREMicrosoftWindowsCurrentVersionexplorerAdvancedFolderHiddenSHOWALL]
"CheckedValue"=dword:00000000
禁用“注册表编辑器”
[HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
"DisableRegistryTools"=dword:00000001
其他行为:
使用命令启动自动播放服务
net start ShellHWDetection
删除hips软件 GhostSecuritySuite 主程序
%ProgramFiles%GhostSecuritySuitegss.exe
修改系统时间
1937-07-07 12:00
创建 Image File Execution Options 劫持安全相关程序,当被劫持程序运行,实际运行的是病毒主程序。
包括:
[HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsIceSword.exe]
[HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsTwister.exe]
[HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsSNATask.exe]
[HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsSysWarn.exe]
[HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionssloemnit.exe]
[HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsFilMsg.exe]
[HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsgss.exe]
[HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVStart.EXE][HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsKWatch.EXE]
[HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsRvaMon.exe]
[HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsrva.exe]
[HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsMPMain.exe]
[HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsMPMon.exe]
[HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsMPSVC.exe]
[HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsMPSVC1.exe]
[HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsMPSVC2.exe]
责编:豆豆技术应用
- 金山毒霸2008杀毒防护软件试用手记
- Gdwli32盗号木马专杀工具
- 魔域官方推出 “魔域木马专杀工具”
- “44939”木马爆发 360安全卫士发布专杀工具
- 360安全卫士U盘病毒专杀工具 v1.9
- 专杀流行病毒 新版超级巡警震撼登场
- 诺顿杀毒软件再曝误杀事件
- 免费使用杀毒软件 丰富奖品惊喜连连
- 瑞星08杀毒软件被指比病毒危险
- 杀毒软件互联网化成趋势 “免费”大旗齐飘扬