Win32.Troj.SpyTrickler

概述

病毒別名：Trojan.Trickler.3202【RAV:15.38】
處理時間：2003-10-28
威脅級別：★
中文名稱：
病毒類型：木馬
影響系統：Win9x/WinNT/Win2K/WinXP
病毒行為:
無
編寫工具：
VC++ 6.0
傳染條件:
已知來源：隨一些共享軟體安裝
發作條件:
啟動後自動載入運行

系統修改:

A.添加如下註冊表項：
【HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun】
"Trickler"=應用程式運行路徑
【HKEY_LOCAL_MACHINESoftwareGator.com】
【HKEY_LOCAL_MACHINESoftwareGator.comTrickler】
"FirstStartValue"=dword:0000034c
"StartTime"=dword:3f9d259d
"FirstStartSent"=dword:00000001
"AppPath"=應用程式運行路徑
【HKEY_LOCAL_MACHINESoftwareGator.comTricklerFiles】
【HKEY_LOCAL_MACHINESoftwareGator.comTricklerFilesSilentSetup】
【HKEY_LOCAL_MACHINESoftwareGator.comTricklerFilesSilentSetupdl】
"Attempts"=dword:00000001
"Errors"=dword:00000000
"FileDones"=dword:00000000
"UrlTime"="Tue, 16 Apr 2002 00:04:19 GMT"
"UrlSize"=dword:0002a675
"StoredFile"=""
【HKEY_LOCAL_MACHINESoftwareGator.comTricklerFilesSilentSetupchk】
"CheckFailures"=dword:00000000
"Attempts"=dword:00000000
"Errors"=dword:00000000
【HKEY_LOCAL_MACHINESoftwareGator.comTricklerFilesBundle】
【HKEY_LOCAL_MACHINESoftwareGator.comTricklerFilesBundledl】
"Attempts"=dword:00000000
"Errors"=dword:00000000
"FileDones"=dword:00000000
"UrlTime"=""
"UrlSize"=dword:ffffffff
"StoredFile"=""
【HKEY_LOCAL_MACHINESoftwareGator.comTricklerFilesBundlechk】
"CheckFailures"=dword:00000000
"Attempts"=dword:00000000
"Errors"=dword:00000000
【HKEY_LOCAL_MACHINESoftwareGator.comTricklerFilesOemResDll】
【HKEY_LOCAL_MACHINESoftwareGator.comTricklerFilesOemResDlldl】
"Attempts"=dword:00000000
"Errors"=dword:00000000
"FileDones"=dword:00000000
"UrlTime"=""
"UrlSize"=dword:ffffffff
"StoredFile"=""
【HKEY_LOCAL_MACHINESoftwareGator.comTricklerFilesOemResDllchk】
"CheckFailures"=dword:00000000
"Attempts"=dword:00000000
"Errors"=dword:00000000
【HKEY_LOCAL_MACHINESoftwareGator.comTricklerFilesTricklerInf】
"Attempts"=dword:00000002
"Errors"=dword:00000000
"FileDones"=dword:00000000
"UrlTime"="Tue, 14 Oct 2003 20:34:12 GMT"
"UrlSize"=dword:0000176c
【HKEY_LOCAL_MACHINESoftwareGator.comTricklerSettings】
"Dead"=dword:00000000
"OEM"=dword:00000001
"TrickleRate"=dword:00000019
"RequirePassword"=dword:00000000
"MinPasswordLength"=dword:00000000
"InstallGator"=dword:00000000
"InstallOffers"=dword:00000000
"OemResDll"=""
"SilentSetupExe"="PdpSetup3103.ex_"
"Bundle"="3124.gsz"
"BundleVer"="3.1.2.4"
"IMUDelay"=dword:00000000
"PreInstalledApps"="DivxNetwork2"
"AppRequests"=""
"Verbose"=dword:00000000
"PingRS"=dword:00000000
"DropdeadThresholdPct"=dword:00000032
"DropdeadExtendHours"=dword:000002d0
【HKEY_LOCAL_MACHINESoftwareGator.comTricklerdownloads】
【HKEY_LOCAL_MACHINESoftwareGator.comTricklerdownloads rickle.gator.com:80/download/PdpSetup3103.ex_】
"AccumFile"="C:\WINDOWS\TEMP\fsg_tmp\accum\Trickler\GTA0003821E.tmp"
"UrlSize"=dword:0002a675
"UrlTime"="Tue, 16 Apr 2002 00:04:19 GMT"
【HKEY_LOCAL_MACHINESoftwareGator.comGator】
【HKEY_LOCAL_MACHINESoftwareGator.comGatordyn】
"PdpFirstStart"="841:NEW"
【HKEY_LOCAL_MACHINESoftwareGator.comGatorstat】
"Guid"="5949FF20-08C9-11D8-A444-A5FE5702E862"
"MID"=dword:116cb0e1
發作現象:
無
特別說明:
暫缺