電腦病毒名稱,病毒運行時偽裝成網頁圖示迷惑用戶運行,然後盜取qq密碼發給木馬作者。
基本介紹
- 中文名:qq狂盜王
- 定義:電腦病毒名稱
- 名字:win32.troj.qqkdw
- 性質:病毒
名詞解釋,系統修改,
名詞解釋
系統修改
1. 添加鍵值:
HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWindows
"Run" = "%SYSTEM%uqslkgw.exe"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
%filename% = "%filepath%\%filename%.exe"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
"ediinn" = "%SYSTEM%ediinn.exe"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
"iqhx" = "%SYSTEM%iqhx.exe"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
"oiqjvog" = "C:Program Filesoiqjvog.exe"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunservices
%filename% = "%filepath%\%filename%.exe"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunservices
ediinn" = "%SYSTEM%ediinn.exe"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunservices
"iqhx" = "%SYSTEM%iqhx.exe"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunservices
"oiqjvog" = "C:Program Filesoiqjvog.exe"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
%filename% = "%filepath%\%filename%.exe"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
"ediinn" = "%SYSTEM%ediinn.exe"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
"iqhx" = "%SYSTEM%iqhx.exe"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
"oiqjvog" = "C:Program Filesoiqjvog.exe"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunservices
%filename% = "%filepath%\%filename%.exe"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunservices
"ediinn" = "%SYSTEM%ediinn.exe"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunservices
"iqhx" = "%SYSTEM%iqhx.exe"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunservicesoiqjvog
"oiqjvog" = "C:Program Filesoiqjvog.exe"
2. 向病毒所在的當前目錄添加oiqjvog.exe,ediinn.exe,iqhx.exe三個隱藏檔案,
向C:Program Files添加oiqjvog.exe,
向%SYSTEM%添加ediinn.exe,iqhx.exe,uqslkgw.exe檔案
