基本介紹
- 外文名:Win32.Troj.QQPass.rq
- 影響系統::Win 9x/ME,Win 2000/NT,Win XP
- 病毒類型::木馬
- 威脅級別::★
病毒行為:
該病毒是一個QQ盜號木馬。建議電腦用戶升級病毒庫查殺該病毒,以免中毒造成損失。
1、生成的檔案
C:\WINNT\system32\QQhx.dat
C:\WINNT\system32\axvvuu.exe
C:\WINNT\system32\axvvuu.dll
C:\WINNT\system32\noruns.reg
D:\sxs.exe
D:\autorun.inf
2、添加註冊表啟動項
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
"aphkga" = "C:\WINNT\system32\axvvuu.exe"
3、設定系統隱藏所有隱藏檔案
HKLM\software\microsoft\windows\currentversion\explorer\advanced\folder\hidde
n\showall\CheckedValue SUCCESS "0"
4、嘗試刪除下列啟動項
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\RavTask
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\KvMonXP
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\YLive.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\yassistse
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\KAVPersonal50
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\NTdhcp
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Winhoxt
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\aphkga
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\yes
5、添加d盤自動播放啟動病毒
autorun.inf
------------------------------
[AutoRun]
open=sxs.exe
shellexecute=sxs.exe
shell\Auto\command=sxs.exe
------------------------------
6、該病毒在系統中安裝類型為:WH_MOUSE,WH_KEYBOARD,WH_CALLWNDPROC的訊息鉤子
監視用戶滑鼠鍵盤等訊息。其申請進程為:C:\WINNT\system32\axvvuu.exe
7、結束下列進程
SKYNET_PERSONAL_FIREWALL
KingsoftAntivirusScanProgram
TBMon.exe
kav32.exe
kvwsc.exe
CCAPP.exe
conime.exe
EGHOST.exe
KRegEx.exe
kavsvc.exe
VPTray.exe
RAVMON.exe
KavPFW.exe
SHSTAT.exe
RavTask.exe
TrojDie.kxp
Iparmor.exe
MAILMON.exe
MCAGENT.exe
KAVPLUS.exe
RavMonD.exe
Rtvscan.exe
Nvsvc32.exe
KVMonXP.exe
Kvsrvxp.exe
CCenter.exe
KpopMon.exe
RfwMain.exe
KWATCHUI.exe
MCVSESCN.exe
MSKAGENT.exe
kvolself.exe
KVCenter.kxp
kavstart.exe
RAVTIMER.exe
RRfwMain.exe
FireTray.exe
UpdaterUI.exe
KVSrvXp_1.exe
RavService.exe