Trojan/StartPage.Liom
病毒類型:木馬
危害等級:*
影響平台:Win9X/2000/XP/NT/Me
基本介紹
- 外文名:Trojan/StartPage.Liom
- 病毒類型:木馬
- 影響平台:Win9X/2000/XP/NT/Me
- 危害等級:一星
簡介,傳播過程,
簡介
Trojan/StartPage.Liom修改IE默認頁和搜尋頁,是個dll控制項,該控制項程式中沒有卸載代碼,導致註冊後無法卸載。該控制項插入ie進程,每次打開則顯示自己資源中的html廣告程式。
傳播過程
創建檔案
%SystemDir%\config\software, 6115328位元組
修改註冊表
/HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
"Search Page" = res://%43%3a%5c%6c%69%6f%6d%2e%64%6c%6c/%73%70%2e%68%74%6d%6c
/HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
"Start Page" = about:blank
/HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
"HOMEOldSP" = about:blank
/HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
"Search Bar" = res://%43%3a%5c%6c%69%6f%6d%2e%64%6c%6c/%73%70%2e%68%74%6d%6c
/HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
"Use Search Asst" = no
/HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
"Use Custom Search URL" =
/HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search
"SearchAssistant" = res://%43%3a%5c%6c%69%6f%6d%2e%64%6c%6c/%73%70%2e%68%74%6d%6c
/HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping
"NextId" =
/HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping
"{c95fe080-8f5d-11d2-a20b-00aa003c157b}" =
/HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
"Start Page" = about:blank
/HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
"Search Page" = res://%43%3a%5c%6c%69%6f%6d%2e%64%6c%6c/%73%70%2e%68%74%6d%6c
/HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
"HOMEOldSP" = about:blank
/HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
"Search Bar" = res://%43%3a%5c%6c%69%6f%6d%2e%64%6c%6c/%73%70%2e%68%74%6d%6c
/HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
"Use Search Asst" = no
/HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
"Use Custom Search URL" =
/HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search
"SearchAssistant" = res://%43%3a%5c%6c%69%6f%6d%2e%64%6c%6c/%73%70%2e%68%74%6d%6c
註:%Windir%為變數,一般為C:\Windows 或 C:\Winnt;
%System%為變數,一般為C:\Windows\System (Windows 95/98/Me),
C:\Winnt\System32 (Windows NT/2000),
或 C:\Windows\System32 (Windows XP)。
