Win32.Troj.Gamania.ka
病毒简介
威胁级别:★
中文名称:
病毒类型:木马
影响系统:Win9x / WinNT
病毒行为
这是一个盗取Gamania公司游戏的木马,该木马通过监控用户登陆Gamania页面,记录用户输入的帐户信息,然后发送出去.该木马会结束大量的安全软件,修改host文件,给用户带来很大不便.
1.生成文件:
%systemroot%\\java\\winlogin.exe
2.添加起始项,使病毒开机运行:
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\BossIdea
"C:\\WINNT\\java\\winlogin.exe"
3.修改host文件,延长病毒的生命周期:
127.0.0.1 avp.com
127.0.0.1 ca.com
127.0.0.1 customer.symantec.com
127.0.0.1 dispatch.mcafee.com
127.0.0.1 download.mcafee.com
127.0.0.1 f-secure.com
127.0.0.1 kaspersky.com
127.0.0.1 www.kasperksy-labs.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 mast.mcafee.com
127.0.0.1 mcafee.com
127.0.0.1 my-etrust.com
127.0.0.1 nai.com
127.0.0.1 networkassociates.com
127.0.0.1 rads.mcafee.com
127.0.0.1 secure.nai.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 sophos.com
127.0.0.1 symantec.com
127.0.0.1 trendmicro.com
127.0.0.1 update.symantec.com
127.0.0.1 updates.symantec.com
127.0.0.1 us.mcafee.com
127.0.0.1 viruslist.com
127.0.0.1 www.avp.com
127.0.0.1 www.ca.com
127.0.0.1 www.f-secure.com
127.0.0.1 www.kaspersky.com
127.0.0.1 www.mcafee.com
127.0.0.1 www.my-etrust.com
127.0.0.1 www.symantec.com
127.0.0.1 www.viruslist.com
127.0.0.1 kaspersky-labs.com
127.0.0.1 downloads-eu1.kaspersky-labs.com
127.0.0.1 downloads-us1.kaspersky-labs.com
127.0.0.1 downloads1.kaspersky-labs.com
127.0.0.1 downloads2.kaspersky-labs.com
127.0.0.1 downloads3.kaspersky-labs.com
127.0.0.1 downloads4.kaspersky-labs.com
127.0.0.1 windowsupdate.microsoft.com
127.0.0.1 downloads5.kaspersky-labs.com
127.0.0.1 ftp.avp.ru
127.0.0.1 updates3.kaspersky-labs.com
127.0.0.1 updates2.kaspersky-labs.com
127.0.0.1 updates1.kaspersky-labs.com
127.0.0.1 ftp.kaspersky.com
127.0.0.1 downloads-us22.kaspersky-labs.com
127.0.0.1 downloads-us1.kaspersky-labs.com
127.0.0.1 downloads-us2l.kaspersky-labs.com
127.0.0.1 downloads-eu2l.kaspersky-labs.com
127.0.0.1 v4.windowsupdate.microsoft.com
127.0.0.1 v5.windowsupdate.microsoft.com
127.0.0.1 windowsupdate.microsoft.com
127.0.0.1 221.215.84.2
127.0.0.1 210.51.23.7
127.0.0.1 www.szadk.com
127.0.0.1 asp3.6to23.com
127.0.0.1 www.akoak.com
127.0.0.1 www.999sj.com
4.结束以下窗口和进程:
KVMonXP.KXP
KVXP.KXP
噬菌体
svch0st.EXE
test.EXE
ghost.EXE
svchost.EXE
KAVSVC.EXE
KAV.EXE
MAILMON.EXE
EGHOST.EXE
IPARMOR.EXE
KAVPFW.EXE
ZAFrameWnd
ZoneAlarm
TForm1
AfxWnd42
PwrMonitorRunDllWin
KVXP_Monitor
江民杀毒软件:实时监控
Kaspersky Anti-Virus Personal
卡巴斯基反病毒单机版
#32770
天网防火墙企业版
天网防火墙个人版
Tapplication
RavMon.exe
RavMonClass
5.发送邮件到固定地址.