Win32.Hack.NetDoor.s

Win32.Hack.NetDoor.s是一個黑客後門病毒。該病毒的主要危害是在用戶主機留下後門,供黑客的遠程連線控制,並下載其它病毒感染計算機。

Win32.Hack.NetDoor.s

病毒別名

: 處理時間:2006-05-24 威脅級別:★
中文名稱: 病毒類型:黑客程式 影響系統:Win 9x/ME,Win 2000/NT,Win XP,Win 2003

病毒行為

:
這是一個黑客後門病毒。該病毒的主要危害是在用戶主機留下後門,供黑客的遠程連線控制,並下載其它病毒感染計算機。該病毒為圖片圖示,發作時會真的打開一個圖片來迷惑用戶,而在後台進行感染用戶主機。該病毒還會結束大量殺軟進程,降低系統的安全等級。
1,生成檔案
%widndows%\SYN.exe
%system%\drivers\npf.sys
%system%\MyPic.jpg
%system%\Packet.dll
%system%\WanPacket.dll
%system%\wpcap.dll
%widndows%\HLP.exe
C:\Program Files\Windows NT\svchost.exe
C:\Program Files\Windows NT\lsass.exe
C:\Program Files\Windows NT\ICWUT.DLL
2,添加啟動項
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Internet
"ImagePath" = ""C:\Program Files\Windows NT\lsass.exe" ServiceStart"
3,設定下列項的註冊表
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\
"Compatibility Flags" = 0x400
4,刪除下列殺軟啟動項
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SKYNET Personal FireWall
RavTask
RavMon
RavTimer
RfwMain
URLLSTCK.exe
ccApp
KAVPersonal50
Kavrun
KavPFW
KavStart
iDuba Personal FireWall
KVFW
KvXP
KvMonXP
5,刪除下列服務
SYSTEM\CurrentControlSet\Services\RsCCenter
SYSTEM\CurrentControlSet\Services\RsRavMon
SYSTEM\CurrentControlSet\Services\RfwProxySrv
SYSTEM\CurrentControlSet\Services\RfwService
SYSTEM\CurrentControlSet\Services\Symantec Core LC
SYSTEM\CurrentControlSet\Services\SPBBCSvc
SYSTEM\CurrentControlSet\Services\SNDSrvc
SYSTEM\CurrentControlSet\Services\SAVScan
SYSTEM\CurrentControlSet\Services\NSCService
SYSTEM\CurrentControlSet\Services\navapsvc
SYSTEM\CurrentControlSet\Services\comHost
SYSTEM\CurrentControlSet\Services\ccSetMgr
SYSTEM\CurrentControlSet\Services\ccProxy
SYSTEM\CurrentControlSet\Services\ccISPwdSvc
SYSTEM\CurrentControlSet\Services\ccEvtMgr
SYSTEM\CurrentControlSet\Services\kavsvc
SYSTEM\CurrentControlSet\Services\KWatchSvc
SYSTEM\CurrentControlSet\Services\KPfwSvc
SYSTEM\CurrentControlSet\Services\IDriverT
SYSTEM\CurrentControlSet\Services\KVWSC
SYSTEM\CurrentControlSet\Services\KVSrvXP
SYSTEM\CurrentControlSet\Services\srservice
SYSTEM\CurrentControlSet\Services\BITS
SYSTEM\CurrentControlSet\Services\wuauserv
SYSTEM\CurrentControlSet\Services\SharedAccess
SYSTEM\CurrentControlSet\Services\wscsvc
6,結束下列進程
UpdateAssist.exe
PFWLiveUpdate.exe
PFW.exe
RavQuick.exe
RavCopy.exe
RavUSB.exe
rfwcfg.exe
RavHDBak.exe
ScanBD.exe
MakeBoot.exe
RegClean.exe
RavStore.exe
SmartUp.exe
RsConfig.exe
RsAgent.exe
Rav.exe
RegGuide.exe
RavTask.exe
RavTimer.exe
RavStub.exe
rfwmain.exe
RavMon.exe
rfwproxy.exe
CCenter.exe
RavMonD.exe
rfwsrv.exe
LUCOMS~1.EXE
LUALL.EXE
NMain.exe
ccApp.exe
SPBBCSvc.exe
ccSetMgr.exe
ccProxy.exe
SNDSrvc.exe
ccEvtMgr.exe
symlcsvc.exe
navapsvc.exe
ccPwdSvc.exe
SAVScan.exe
NSCSRVCE.EXE
comHost.exe
kav.exe
kavsvc.exe
KAVLog2.EXE
Rescue.EXE
KRecycle.EXE
Update.EXE
KSAMain.EXE
KATMain.EXE
KASMain.EXE
KAVPFW.EXE
KAV32.EXE
KMailMon.EXE
KPFW32.EXE
KAVStart.EXE
KWatch.EXE
KPFWSvc.EXE
VirusBox.kxp
kvupload.exe
KVStub.kxp
KVScan.kxp
KvReport.kxp
KVLSUI.kxp
KVHiStory.kxp
kvdisk.kxp
KvDetect.exe
KVOL.exe
KVCenter.kxp
KRegEx.exe
kvinit.exe
kvfw.exe
KvXP.kxp
TrojDie.kxp
KvMailMag.kxp
KVMonXP.kxp
UIHost.exe
IDriverT.exe
kvwsc.exe
KVSrvXP.exe
agentsvr.exe
Symantec Core LC
SPBBCSvc
SNDSrvc
SAVScan
NSCService
navapsvc
comHost
ccSetMgr
ccProxy
ccISPwdSvc
ccEvtMgr
kavsvc
KWatchSvc
KPfwSvc
IDriverT
KVWSC
KVSrvXP
srservice
BITS
wuauserv
SharedAccess
wscsvc
8,其它
%system%\drivers\npf.sys、%system%\Packet.dll、%system%\WanPacket.dll、%system%\wpcap.dll為一組網路工具程式,非病毒,用戶可以自己刪除。

其它

文化藝術,生活娛樂,人物百科,社會人文,中外歷史...

相關詞條

相關搜尋

熱門詞條

聯絡我們