該病毒是一個廣告木馬,當然用戶感染該病毒時,它會修改用戶機器的IE設定,並修改註冊表使病毒自身自動運行·
基本介紹
- 中文名:Win32.Troj.CWS.b
- 威脅級別:★
- 病毒類型:木馬
- 影響系統:Win9x / WinNT
1.當該病毒運行時,它全釋放以下檔案
popup_bl.dll
serch_hook.dll
setup.exe
toolband_atl.dll
2.創建以下註冊表項
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Enable Browser Extensions" = "yes"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use Search Assistant" = "yes"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use Search Asst" = "no"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl "(Default)" = "http://www.v73.us"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks "{C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar "{815A82AE-CDEF-11D8-BA48-A6D245798277}" = "Popup Blocker 17.08.04"
3.修改HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search
的 "SearchAssistant"的值為 "http://www.v73.us/search.htm"
4.增加以下項
xp_system" = "%Windir%\inet10050\services.exe"
到
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
5.當IE啟動時打開廣告
