基本介紹
- 外文名:Trojan/PSW.QQKdw.45
- 病毒類型:木馬
- 危害方向:盜取qq密碼
- 影響平台:Win9X/2000/XP/NT/Me/2003
基本信息,傳播過程,
基本信息
Trojan/PSW.QQKdw.45
病毒類型:木馬
危害等級:*
影響平台:Win9X/2000/XP/NT/Me/2003
傳播過程
1.病毒運行後,將創建下列檔案:
%System%\winsocks.dll, 36864位元組
%WinDir%\system.dat, 2719776位元組
%WinDir%\win.ini, 8294位元組
%WinDir%\desktop\wdwej.exe, 16384位元組
%WinDir%\desktop\r.exe, 12288位元組
%WinDir%\desktop\bl.exe, 77824位元組
%WinDir%\ytsgfvz.exe, 434176位元組
%WinDir%\intren0t.exe, 36864位元組
2.修改WIN.INI檔案:
在WIN.INI中添加 run=c:\windows\kir.exe
3.修改註冊表:
在註冊表中添加下列啟動項:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ytsgfvz" = %WinDir%\ytsgfvz.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"golci" = %program files%\golci.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bbh" = %WinDir%\bbh.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"INDEX" = %WinDir%\desktop\index.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Intren0t" = %WinDir%\intren0t.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"ytsgfvz" = %WinDir%\ytsgfvz.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"golci" = %program files%\golci.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"bbh" = %WinDir%\bbh.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"INDEX" = %WinDir%\desktop\index.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Intren0t" = %WinDir%\intren0t.exe
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ytsgfvz" = %WinDir%\ytsgfvz.exe
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"golci" = %program files%\golci.exe
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bbh" = %WinDir%\bbh.exe
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"INDEX" = %WinDir%\desktop\index.exe
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]
"ytsgfvz" = %WinDir%\ytsgfvz.exe
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]
"golci" = %program files%\golci.exe
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]
"bbh" = %WinDir%\bbh.exe
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]
"INDEX" = %WinDir%\desktop\index.exe
這樣,在Windows啟動時,病毒就可以自動執行。