当前位置:在线查询网 > 在线百科全书查询 > Win32.Troj.AdSetup.dx

Win32.Troj.AdSetup.dx_在线百科全书查询


请输入要查询的词条内容:

Win32.Troj.AdSetup.dx

处理时间:2007-02-08

威胁级别:★

病毒类型:木马

影响系统:Win 9x/ME,Win 2000/NT,Win XP,Win 2003

病毒行为:

这是个流氓软件安装包。运行病毒读会再系统中安装多宽流氓软件。建议电脑用户不要随便运行不明程序,以免中毒受害。

1、生成的文件

%Program Files%\\Common Files\\System\\Updaterun.exe

%SystemRoot%\\system32\\wbem\\ocmor.dll

%SystemRoot%\\system32\\wbem\\jqtyi.dll

%SystemRoot%\\system32\\rundllfromwin2000.exe

%Documents and Settings%\\administrator\\Favorites\\多特软件站-最安全放心的软件站.url

%SystemRoot%\\bar.exe

%Program Files%\\superutilbar\\superutilbar.dll

%Program Files%\\superutilbar\\uninst.exe

2、添加启动项

HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run

"System" = "%Program Files%\\Common Files\\System\\Updaterun.exe"

3、添加伪系统服务

HKLM\\System\\CurrentControlSet\\Services\\BRGNS

"Type" = "0x10"

HKLM\\System\\CurrentControlSet\\Services\\BRGNS

"Start" = "0x2"

HKLM\\System\\CurrentControlSet\\Services\\BRGNS

"ImagePath" = "%SystemRoot%\\SYSTEM32\\RUNDLLFROMWIN2000.EXE %SystemRoot%\\SYSTEM32\\WBEM\\JQTYI.DLL,Export 1087"

HKLM\\System\\CurrentControlSet\\Services\\BRGNS

"DisplayName" = "Microsoft Update Service"

HKLM\\System\\CurrentControlSet\\Services\\BRGNS

"Description" = "提供Microsoft(R) Windows 及应用程序的升级和安全漏洞修复服务。"

4、添加注册信息

HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\typedUrls\\

"url5" = "http://www.3839.***/index.html"

HKCR\\6781.TOOLBAR.1

"(Default)" = "实用搜索工具条2.0"

HKCR\\6781.TOOLBAR.1\\CLSID

"(Default)" = "{03465FF5-00AE-411a-9C34-960ED566EC03}"

HKCR\\6781.TOOLBARLOADER.1

"(Default)" = "实用搜索"

HKCR\\6781.TOOLBARLOADER\\CLSID

"(Default)" = "{6CFD436C-7AAD-4e50-992F-C0C87A94CAD2}"

HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\实用搜索工具条

"URLInfoAbout" = "http://www.shiyongsousuo.***"

5、注册CLSID组件

HKCR\\CLSID\\{03465FF5-00AE-411a-9C34-960ED566EC03}

"(Default)" = "实用搜索工具条2.0"

HKCR\\CLSID\\{03465FF5-00AE-411a-9C34-960ED566EC03}\\InprocServer32

"(Default)" = "%Program Files%\\superutilbar\\superutilbar.dll"

HKCR\\CLSID\\{6CFD436C-7AAD-4e50-992F-C0C87A94CAD2}

"(Default)" = "实用搜索"

HKCR\\CLSID\\{6CFD436C-7AAD-4e50-992F-C0C87A94CAD2}\\InprocServer32

"(Default)" = "%Program Files%\\superutilbar\\superutilbar.dll"

6、添加BHO组建

HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{6CFD436C-7AAD-4e50-992F-C0C87A94CAD2}

"(Default)" = "实用搜索"

7、添加工具条

HKLM\\Software\\Microsoft\\Internet Explorer\\Toolbar

"{03465FF5-00AE-411a-9C34-960ED566EC03}" = "实用搜索工具条2.0"

相关分词: Win 32 Troj AdSetup dx