概述
病毒別名:
處理時間:
威脅級別:★★
中文名稱:
病毒類型:黑客程式
影響系統:Win9x / WinNT
病毒行為:
特性
這是一個通過irc和ipc共享傳播的黑客程式,自動關閉大量安全軟體和常用軟體,接受黑客的遠程控制,下載病毒程式,給用戶主機帶來很大危害。
1,釋放下列檔案
%system%\Explorer.exe
2,添加註冊表項:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
HKLM\Software\Microsoft\OLE
HKLM\SYSTEM\CurrentControlSet\Control\Lsa
"EXPLORER" = "Explorer.exe"
3,關閉下列安全軟體和常用軟體
"ACKWIN32.EXE"
"ADAWARE.EXE"
"ADVXDWIN.EXE"
"ALERTSVC.EXE"
"AVP.EXE"
"AVP32.EXE"
"AVWUPSRV.EXE"
"BARGAINS.EXE"
"BPC.EXE"
"BRASIL.EXE"
"BS120.EXE"
"CCEVTMGR.EXE"
"CCPXYSVC.EXE"
"CFIAUDIT.EXE"
"CFIAUDIT.EXE"
"DCOMX.EXE"
"DEPUTY.EXE"
"DRWATSON.EXE"
"EFPEADM.EXE"
"ESPWATCH.EXE"
"EXE.AVXW.EXE"
"F-STOPW.EXE"
"fch32.exe"
"FNRB32.EXE"
"GBMENU.EXE"
"HACKTRACERSETUP.EXE"
"ICSUPPNT.EXE"
"IOMON98.EXE"
"LUSPT.EXE"
"LUSPT.EXE"
"NETSPYHUNTER-1.2.EXE"
"PCCWIN98.EXE"
"TC.EXE"
"WEBSCANX.EXE"
"winactive.exe"
"WKUFIND.EXE"
等等
4,黑客通過irc控制用戶機器,進行破壞,如下載病毒程式,竊取用戶信息等等。
5,感染病毒的機器會自動掃描網絡上開啟了ipc共享的主機,如果找到,則把病毒程式拷貝過去。