概述
病毒別名:處理時間:2005-10-11
威脅級別:★
中文名稱:
病毒類型:木馬
影響系統:Win 9x/ME,Win 2000/NT,Win XP,Win 2003
病毒行為:
該病毒是一個修改瀏覽器主頁的木馬病毒。該病毒運行後不停地添加啟動項,修改瀏覽器主頁,嚴重影響了系統的性能;該病毒還會會禁止大量站點,給網民造成了很大的不便。
介紹
1,生成檔案%Current%\network.sys
2,添加啟動項
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"UserSystem" = "%CurrentFile%"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
"UserSystem" = "%CurrentFile%"
3,修改主頁
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
"Start Page" = "http://smartsearch.ws"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
"Default_Page_URL" = "http://smartsearch.ws"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
"Start Page" = "http://smartsearch.ws"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
"Default_Page_URL" = "http://smartsearch.ws"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
"Search Page" = "http://smartsearch.ws/?q="
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
"Search Bar" = "http://smartsearch.ws/?q="
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
"Default_Search_URL" = "http://smartsearch.ws/?q="
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
"SearchURL" = "http://smartsearch.ws/?q="
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
"Search" = "http://smartsearch.ws/?q="
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
"Search Page" = "http://smartsearch.ws/?q="
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
"Search Bar" = "http://smartsearch.ws/?q="
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
"Default_Search_URL" = "http://smartsearch.ws/?q="
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer
"SearchURL" = "http://smartsearch.ws/?q="
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer
"Search" = "http://smartsearch.ws/?q="
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"default" = "http://smartsearch.ws/?q="
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes
"www" = "http://smartsearch.ws/?q="
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search
"SearchAssistant" = "http://smartsearch.ws/?q="
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search
"CustomizeSearch"= "http://smartsearch.ws/?q="
3,通過改寫hosts檔案禁止以下網站
127.0.0.1 forums.spywareinfo.com
127.0.0.1 www.spywareinfo.com
127.0.0.1 www.merijn.org
127.0.0.1 merijn.org
127.0.0.1 spywareinfo.com
127.0.0.1 www.computercops.biz
127.0.0.1 computercops.biz
127.0.0.1 dslreports.com
127.0.0.1 www.dslreports.com
127.0.0.1 www.lavasoftsupport.com
127.0.0.1 lavasoftsupport.com
127.0.0.1 www.lurkhere.com
127.0.0.1 lurkhere.com
127.0.0.1 forums.net-integration.net
127.0.0.1 www.pctalk.info
127.0.0.1 pctalk.info
127.0.0.1 www.suggestafix.com
127.0.0.1 suggestafix.com
127.0.0.1 forums.thiefware.com
127.0.0.1 www.tomcoyote.org
127.0.0.1 tomcoyote.org
127.0.0.1 www.wilderssecurity.com
127.0.0.1 wilderssecurity.com
127.0.0.1 www.winguides.com
127.0.0.1 winguides.com
127.0.0.1 www.spybot-spyware.com
127.0.0.1 spybot-spyware.com
127.0.0.1 1spybot.com
127.0.0.1 www.1spybot.com
127.0.0.1 www.lavasoftusa.com
127.0.0.1 lavasoftusa.com
127.0.0.1 www.spychecker.com
127.0.0.1 spychecker.com
127.0.0.1 www.grc.com
127.0.0.1 grc.com
127.0.0.1 www.cexx.org
127.0.0.1 cexx.org
127.0.0.1 security.kolla.de
127.0.0.1 www.security.kolla.de
127.0.0.1 simplythebest.net
127.0.0.1 www.simplythebest.net
127.0.0.1 www.spywareguide.com
127.0.0.1 spywareguide.com
127.0.0.1 www.spyware.co.uk
127.0.0.1 spyware.co.uk
127.0.0.1 www.lavasoft.de
127.0.0.1 lavasoft.de
127.0.0.1 www.webopedia.com
127.0.0.1 webopedia.com
127.0.0.1 www.ZeroSpyWare.com
127.0.0.1 ZeroSpyWare.com
127.0.0.1 www.spectorsoft.com
127.0.0.1 spectorsoft.com
127.0.0.1 www.Spy--Software.com
127.0.0.1 Spy--Software.com
127.0.0.1 www.sunbelt-software.com
127.0.0.1 sunbelt-software.com
127.0.0.1 www.spycleaner.net
127.0.0.1 spycleaner.net
127.0.0.1 www.EnigmaSoftwareGroup.com
127.0.0.1 EnigmaSoftwareGroup.com
127.0.0.1 www.no-spybot.com
127.0.0.1 no-spybot.com
