基本介紹
- 中文名:TrojanDownloader.Tooncom.h
- 類型:電腦病毒
- 組成:Loader.exe和iedll.exe
- 病毒類型:木馬
TrojanDownloader.Tooncom.h
C:\Windows\Hosts
C:\Winnt\System32\Drivers\Etc\Hosts
C:\Winnt\Hosts
D:\Windows\System32\Drivers\Etc\Hosts
D:\Windows\Hosts
D:\Winnt\System32\Drivers\Etc\Hosts
D:\Winnt\Hosts;刪除後用66.40.16.131 livesexlist.com
66.40.16.131 lanasbigboobs.com
66.40.16.131 thumbnailpost.com
66.40.16.131 adult-series.com
66.40.16.131 www.livesexlist.com
66.40.16.131 www.lanasbigboobs.com
66.40.16.131 www.thumbnailpost.com
66.40.16.131 www.adult-series.com代替,導致用戶在訪問這些網站時被重定向至66.40.16.131;此外還嘗試從tooncomics.com下載並執行檔案Loader.exe。
當Loader.exe 檔案被執行後,病毒會在註冊表HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer下添加"loader2"="1" "loaderGUID"="CLSID"鍵值,且修改註冊表HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant下的數值,將IE首頁更改為http:/ /thesten.com/main/sp.html;最後嘗試從thesten.com下載並執行iedll.exe檔案。並在用戶喜歡的資料夾下添加
Series Hardcore Pics Sets and Movies.url
New Porn Pics everyday.url
Fully categories porn database. Enjoy.url信息。
