Win32.Troj.QQkdw又成QQ狂盜王,是一種木馬程式,盜取QQ號密碼。
基本介紹
- 中文名:Win32.Troj.QQkdw
- 威脅級別:★★☆☆☆
- 病毒長度:389121
- 編寫工具:VB6.0
簡介,系統修改,
簡介
病毒名稱(中文):QQ狂盜王
病毒類型:木馬程式
影響系統:Win9x WinNT Win2000 WinXP Win2003
傳染條件:該木馬將圖示改成網頁圖示
系統修改
1.添加鍵值:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
"iqhx"="%SYSTEM%iqhx.exe"
HKEY_CURRENT_USERSoftwareMicrosoftWindows Cu rrentVersionRun
"oiqjvog"="C:ProgramFilesoiqjvog.exe"
HKEY_CURRENT_USERS oftwareMicrosoftWindowsCurrent VersionRunservices
HKEY_C URRENT_USERSoftware MicrosoftWindowsCurrentVersionRunservices
"ediinn"="%SYSTEM% ediinn.exe"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunservice s
"iqhx"="%SYSTEM%iqhx.exe"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunservic es
"oiqjvog"="C:ProgramFilesoiqjvog.exe"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion Run
%filename%="%filepath%\ %filename%.exe "
HKEY_LOCAL_MACHINESOFTWAREMicrosoft WindowsCurrentVersionRun
"ediinn"="%SYSTEM%ediinn.exe"
HKEY_LOCAL_MACHINES OFTWAREMicrosoftWindowsCurrent VersionRun
"iqhx"="%SYSTEM%iqhx.exe"
HKEY_LOCAL_MACHINES OFTWAREM icrosoftWindowsCurrentVersionRun
"oiqjvog"="C:ProgramFilesoiqjvog.exe"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunser vices
%filename% ="%filepath%\%filename%. exe"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrent VersionRunservices
"ediinn"="%SYSTEM%ediinn.exe"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunservices
"iqhx"="%SYSTEM%iqhx.exe"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunservicesoiqjvog
"oiqjvog"="C:ProgramFilesoiqjvog.exe"
2.向病毒所在的當前目錄添加oiqjvog.exe,ediinn.exe,iqhx.exe三個隱藏檔案,
向C:ProgramFiles添加oiqjvog.exe,
向%SYSTEM%添加ediinn.exe,iqhx.exe,uqslkgw.exe檔案
發作現象:病毒運行後彈出QQ的界面(和QQ界面一模一樣),
偽裝成QQ,假如用戶輸入了密碼,那么該信息被傳送到指定的油箱
