Win32.Troj.AnalyzeIE

Win32.Troj.AnalyzeIE是一種會在系統安裝目錄下生成病毒檔案且修改註冊表之後進而感染計算機的木馬病毒。

基本介紹

  • 中文名Win32.Troj.AnalyzeIE
  • 威脅級別 : ★
  • 病毒類型 : 木馬
  • 影響系統 : Win9x/WinMe/WinNT/
病毒簡介,發作現象,

病毒簡介

病毒別名:
處理時間:
中文名稱:
病毒行為:
編寫工具:
傳染條件:
發作條件:
系統修改:
A、在系統安裝目錄下生成如下檔案:
%SystemRoot%e.exe
%SystemRoot%dpe.dll
B、
1、在註冊表主鍵
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentversionRun
下添加如下鍵值:
"addClass" = "%SystemRoot%e.exe"
使用每次運行都自動註冊dep.dll
2、HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentversionRun
下添加如下鍵值:
"Host" = ""
3、在註冊表主鍵
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearch
HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerSearch
下添加如下鍵值:
"默認"="http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"
"CustomizeSearch"="http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"
"SearchAssistant"="http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"
4、在註冊表主鍵
HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerMain
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerMain
下添加如下鍵值:
"Search Page" ="http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"
"Default_Search_URL"="http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"
"Search Bar"="http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"
"Start Page="http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"
5、在註冊表主鍵
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSearchUrl
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSearchUrl
下添加如下鍵值:
"默認"="http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"
使得用戶搜尋時,連結到 指定網站
6、在註冊表主鍵
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionURLDefaultPrefix
下添加如下鍵值:
"默認"="http://%65%68%74%74%70%2E%63%63/?"
7、在註冊表主鍵
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionURLPrefixes
下添加如下鍵值:
"www"="http://%65%68%74%74%70%2E%63%63/?"
8、在註冊表主鍵
HKEY_CLASSES_ROOTCLSID
下添加如下創建子鍵
並這個子建立多個鍵值

發作現象

瀏覽器默認首頁被修改,並且很難改成其它的主頁。

熱門詞條

聯絡我們