科技: 人物 企业 技术 IT业 TMT
科普: 自然 科学 科幻 宇宙 科学家
通信: 历史 技术 手机 词典 3G馆
索引: 分类 推荐 专题 热点 排行榜
互联网: 广告 营销 政务 游戏 google
新媒体: 社交 博客 学者 人物 传播学
新思想: 网站 新书 新知 新词 思想家
图书馆: 文化 商业 管理 经济 期刊
网络文化: 社会 红人 黑客 治理 亚文化
创业百科: VC 词典 指南 案例 创业史
前沿科技: 清洁 绿色 纳米 生物 环保
知识产权: 盗版 共享 学人 法规 著作
用户名: 密码: 注册 忘记密码?
    创建新词条
科技百科
  • 人气指数: 2635 次
  • 编辑次数: 1 次 历史版本
  • 更新时间: 2009-03-19
admin
admin
发短消息
相关词条
shopex
shopex
刘英武
刘英武
java表格控件
java表格控件
奇新CMS
奇新CMS
ICQ
ICQ
IRC
IRC
Evernote
Evernote
VMWARE
VMWARE
Helvetica字体设计灵感
Helvetica字体设计灵感
pagemaker
pagemaker
推荐词条
希拉里二度竞选
希拉里二度竞选
《互联网百科系列》
《互联网百科系列》
《黑客百科》
《黑客百科》
《网络舆情百科》
《网络舆情百科》
《网络治理百科》
《网络治理百科》
《硅谷百科》
《硅谷百科》
2017年特斯拉
2017年特斯拉
MIT黑客全纪录
MIT黑客全纪录
桑达尔·皮查伊
桑达尔·皮查伊
阿里双十一成交额
阿里双十一成交额
最新词条

热门标签

微博侠 数字营销2011年度总结 政务微博元年 2011微博十大事件 美国十大创业孵化器 盘点美国导师型创业孵化器 盘点导师型创业孵化器 TechStars 智能电视大战前夜 竞争型国企 公益型国企 2011央视经济年度人物 Rhianna Pratchett 莱恩娜·普莱契 Zynga与Facebook关系 Zynga盈利危机 2010年手机社交游戏行业分析报告 游戏奖励 主流手机游戏公司运营表现 主流手机游戏公司运营对比数据 创建游戏原型 正反馈现象 易用性设计增强游戏体验 易用性设计 《The Sims Social》社交亮 心理生理学与游戏 Kixeye Storm8 Storm8公司 女性玩家营销策略 休闲游戏的创新性 游戏运营的数据分析 社交游戏分析学常见术语 游戏运营数据解析 iPad风行美国校园 iPad终结传统教科书 游戏平衡性 成长类型及情感元素 鸿蒙国际 云骗钱 2011年政务微博报告 《2011年政务微博报告》 方正产业图谱 方正改制考 通信企业属公益型国企 善用玩家作弊行为 手机游戏传播 每用户平均收入 ARPU值 ARPU 游戏授权三面观 游戏设计所运用的化学原理 iOS应用人性化界面设计原则 硬核游戏 硬核社交游戏 生物测量法研究玩家 全球移动用户 用户研究三部曲 Tagged转型故事 Tagged Instagram火爆的3大原因 全球第四大社交网络Badoo Badoo 2011年最迅猛的20大创业公司 病毒式传播功能支持的游戏设计 病毒式传播功能 美国社交游戏虚拟商品收益 Flipboard改变阅读 盘点10大最难iPhone游戏 移动应用设计7大主流趋势 成功的设计文件十个要点 游戏设计文件 应用内置付费功能 内置付费功能 IAP功能 IAP IAP模式 游戏易用性测试 生理心理游戏评估 游戏化游戏 全美社交游戏规模 美国社交游戏市场 全球平板电脑出货量 Facebook虚拟商品收益 Facebook全球广告营收 Facebook广告营收 失败游戏设计的数宗罪名 休闲游戏设计要点 玩游戏可提高认知能力 玩游戏与认知能力 全球游戏广告 独立开发者提高工作效率的100个要点 Facebook亚洲用户 免费游戏的10种创收模式 人类大脑可下载 2012年最值得期待的20位硅谷企业家 做空中概股的幕后黑手 做空中概股幕后黑手 苹果2013营收 Playfish社交游戏架构

Win32.Troj.WinShow.p.6656 发表评论(0) 编辑词条

目录

概要编辑本段回目录



病毒别名:TrojanDownLoader.Win32.WinShow.p
处理时间:
威胁级别:★
中文名称:
病毒类型:木马
影响系统:Win9X/WinNT/WinXK/WinXP/Win2003
病毒行为:
编写工具:
Microsoft Visual C++ 6.0

传染条件:


发作条件:

系统修改:
A.添加如下文件:
%SystemRoot%image.dll
%SystemRoot%mshp.dll
%SystemRoot%winxf <新建目录>
%SystemRoot%winxfdict.dat
%SystemRoot%winxfkeywords.dat
%SystemRoot%winxfmsiesh.dll
%SystemRoot%winxfmssearch.dll
%SystemRoot%winxfwinxf32.dll
B.在收藏夹中添加如下几项:
eXtreme Sex
Only sex website
Search the web
Seven days of free porn
C.在注册表中创建子键:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer
D.在注册表中添加如下健值:

HKEY_CLASSES_ROOTiefeatsl.ViewSource
HKEY_CLASSES_ROOTiefeatsl.ViewSource @ "ViewSource Class"
HKEY_CLASSES_ROOTiefeatsl.ViewSourceCLSID
HKEY_CLASSES_ROOTiefeatsl.ViewSourceCLSID @ ""
HKEY_CLASSES_ROOTiefeatsl.ViewSourceCurVer
HKEY_CLASSES_ROOTiefeatsl.ViewSourceCurVer @ "iefeatsl.ViewSource.1"
HKEY_CLASSES_ROOTiefeatsl.ViewSource.1
HKEY_CLASSES_ROOTiefeatsl.ViewSource.1 @ "ViewSource Class"
HKEY_CLASSES_ROOTiefeatsl.ViewSource.1CLSID
HKEY_CLASSES_ROOTiefeatsl.ViewSource.1CLSID @ ""
HKEY_CLASSES_ROOTImage.Image
HKEY_CLASSES_ROOTImage.Image @ "Image Class"
HKEY_CLASSES_ROOTImage.ImageCLSID
HKEY_CLASSES_ROOTImage.ImageCLSID @ ""
HKEY_CLASSES_ROOTImage.ImageCurVer
HKEY_CLASSES_ROOTImage.ImageCurVer @ "Image.Image.1"
HKEY_CLASSES_ROOTImage.Image.1
HKEY_CLASSES_ROOTImage.Image.1 @ "Image Class"
HKEY_CLASSES_ROOTImage.Image.1CLSID
HKEY_CLASSES_ROOTImage.Image.1CLSID @ ""
HKEY_CLASSES_ROOTSearchHook.SearchHookObject
HKEY_CLASSES_ROOTSearchHook.SearchHookObject @ "SearchHookObject Class"
HKEY_CLASSES_ROOTSearchHook.SearchHookObjectCLSID
HKEY_CLASSES_ROOTSearchHook.SearchHookObjectCLSID @ ""
HKEY_CLASSES_ROOTSearchHook.SearchHookObjectCurVer
HKEY_CLASSES_ROOTSearchHook.SearchHookObjectCurVer @ "SearchHook.SearchHookObject.1"
HKEY_CLASSES_ROOTSearchHook.SearchHookObject.1
HKEY_CLASSES_ROOTSearchHook.SearchHookObject.1 @ "SearchHookObject Class"
HKEY_CLASSES_ROOTSearchHook.SearchHookObject.1CLSID
HKEY_CLASSES_ROOTSearchHook.SearchHookObject.1CLSID @ ""
HKEY_CLASSES_ROOTShowSearch.ViewSource
HKEY_CLASSES_ROOTShowSearch.ViewSource @ "ViewSource Class"
HKEY_CLASSES_ROOTShowSearch.ViewSourceCLSID
HKEY_CLASSES_ROOTShowSearch.ViewSourceCLSID @ ""
HKEY_CLASSES_ROOTShowSearch.ViewSourceCurVer
HKEY_CLASSES_ROOTShowSearch.ViewSourceCurVer @ "ShowSearch.ViewSource.1"
HKEY_CLASSES_ROOTShowSearch.ViewSource.1
HKEY_CLASSES_ROOTShowSearch.ViewSource.1 @ "ViewSource Class"
HKEY_CLASSES_ROOTShowSearch.ViewSource.1CLSID
HKEY_CLASSES_ROOTShowSearch.ViewSource.1CLSID @ ""
HKEY_CLASSES_ROOTCLSID
HKEY_CLASSES_ROOTCLSID @ "Image Class"
HKEY_CLASSES_ROOTCLSIDInprocServer32
HKEY_CLASSES_ROOTCLSIDInprocServer32 @ "C:WINNTimage.dll"
HKEY_CLASSES_ROOTCLSIDInprocServer32 ThreadingModel "Apartment"
HKEY_CLASSES_ROOTCLSIDProgID
HKEY_CLASSES_ROOTCLSIDProgID @ "Image.Image.1"
HKEY_CLASSES_ROOTCLSIDProgrammable
HKEY_CLASSES_ROOTCLSIDVersionIndependentProgID
HKEY_CLASSES_ROOTCLSIDVersionIndependentProgID @ "Image.Image"
HKEY_CLASSES_ROOTCLSID
HKEY_CLASSES_ROOTCLSID @ "ViewSource Class"
HKEY_CLASSES_ROOTCLSIDInprocServer32
HKEY_CLASSES_ROOTCLSIDInprocServer32 @ "C:WINNTwinxfwinxf32.dll"
HKEY_CLASSES_ROOTCLSIDInprocServer32 ThreadingModel "Apartment"
HKEY_CLASSES_ROOTCLSIDProgID
HKEY_CLASSES_ROOTCLSIDProgID @ "iefeatsl.ViewSource.1"
HKEY_CLASSES_ROOTCLSIDProgrammable
HKEY_CLASSES_ROOTCLSIDTypeLib
HKEY_CLASSES_ROOTCLSIDTypeLib @ ""
HKEY_CLASSES_ROOTCLSIDVersionIndependentProgID
HKEY_CLASSES_ROOTCLSIDVersionIndependentProgID @ "iefeatsl.ViewSource"
HKEY_CLASSES_ROOTCLSID
HKEY_CLASSES_ROOTCLSID @ "ViewSource Class"
HKEY_CLASSES_ROOTCLSIDInprocServer32
HKEY_CLASSES_ROOTCLSIDInprocServer32 @ "C:WINNTwinxfmssearch.dll"
HKEY_CLASSES_ROOTCLSIDInprocServer32 ThreadingModel "Apartment"
HKEY_CLASSES_ROOTCLSIDProgID
HKEY_CLASSES_ROOTCLSIDProgID @ "ShowSearch.ViewSource.1"
HKEY_CLASSES_ROOTCLSIDProgrammable
HKEY_CLASSES_ROOTCLSIDTypeLib
HKEY_CLASSES_ROOTCLSIDTypeLib @ ""
HKEY_CLASSES_ROOTCLSIDVersionIndependentProgID
HKEY_CLASSES_ROOTCLSIDVersionIndependentProgID @ "ShowSearch.ViewSource"
HKEY_CLASSES_ROOTCLSID
HKEY_CLASSES_ROOTCLSID @ "SearchHookObject Class"
HKEY_CLASSES_ROOTCLSIDInprocServer32
HKEY_CLASSES_ROOTCLSIDInprocServer32 @ "C:WINNTwinxfmsiesh.dll"
HKEY_CLASSES_ROOTCLSIDInprocServer32 ThreadingModel "Apartment"
HKEY_CLASSES_ROOTCLSIDProgID
HKEY_CLASSES_ROOTCLSIDProgID @ "SearchHook.SearchHookObject.1"
HKEY_CLASSES_ROOTCLSIDProgrammable
HKEY_CLASSES_ROOTCLSIDTypeLib
HKEY_CLASSES_ROOTCLSIDTypeLib @ ""
HKEY_CLASSES_ROOTCLSIDVersionIndependentProgID
HKEY_CLASSES_ROOTCLSIDVersionIndependentProgID @ "SearchHook.SearchHookObject"
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain Use Search Asst "no"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunServices
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunServices Image "rundll32 C:WINNTimage.dll,Install"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer SponsorID dword:00000000
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer Counter dword:00000000
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer LastDay dword:00000000
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer LastUpdate dword:00003102
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer UpdateHour dword:00000017
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer ModuleVersion dword:00000013
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer DictVersion dword:0000001b
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer Dict2Version dword:0000001b
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer LastHPDay dword:00000000
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer InstallDay dword:00000000
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer SHVersion dword:0000000d
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer HPDllVersion dword:00000009
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer InstallFlag dword:0000000c
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer SSVersion dword:00000004
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer LRD dword:00000000
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer UpdaterVersion dword:00000009
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerURLSearchHooks
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerURLSearchHooks ""
HKEY_LOCAL_MACHINESOFTWAREClassesiefeatsl.ViewSource
HKEY_LOCAL_MACHINESOFTWAREClassesiefeatsl.ViewSource @ "ViewSource Class"
HKEY_LOCAL_MACHINESOFTWAREClassesiefeatsl.ViewSourceCLSID
HKEY_LOCAL_MACHINESOFTWAREClassesiefeatsl.ViewSourceCLSID @ ""
HKEY_LOCAL_MACHINESOFTWAREClassesiefeatsl.ViewSourceCurVer
HKEY_LOCAL_MACHINESOFTWAREClassesiefeatsl.ViewSourceCurVer @ "iefeatsl.ViewSource.1"
HKEY_LOCAL_MACHINESOFTWAREClassesiefeatsl.ViewSource.1
HKEY_LOCAL_MACHINESOFTWAREClassesiefeatsl.ViewSource.1 @ "ViewSource Class"
HKEY_LOCAL_MACHINESOFTWAREClassesiefeatsl.ViewSource.1CLSID
HKEY_LOCAL_MACHINESOFTWAREClassesiefeatsl.ViewSource.1CLSID @ ""
HKEY_LOCAL_MACHINESOFTWAREClassesImage.Image
HKEY_LOCAL_MACHINESOFTWAREClassesImage.Image @ "Image Class"
HKEY_LOCAL_MACHINESOFTWAREClassesImage.ImageCLSID
HKEY_LOCAL_MACHINESOFTWAREClassesImage.ImageCLSID @ ""
HKEY_LOCAL_MACHINESOFTWAREClassesImage.ImageCurVer
HKEY_LOCAL_MACHINESOFTWAREClassesImage.ImageCurVer @ "Image.Image.1"
HKEY_LOCAL_MACHINESOFTWAREClassesImage.Image.1
HKEY_LOCAL_MACHINESOFTWAREClassesImage.Image.1 @ "Image Class"
HKEY_LOCAL_MACHINESOFTWAREClassesImage.Image.1CLSID
HKEY_LOCAL_MACHINESOFTWAREClassesImage.Image.1CLSID @ ""
HKEY_LOCAL_MACHINESOFTWAREClassesSearchHook.SearchHookObject
HKEY_LOCAL_MACHINESOFTWAREClassesSearchHook.SearchHookObject @ "SearchHookObject Class"
HKEY_LOCAL_MACHINESOFTWAREClassesSearchHook.SearchHookObjectCLSID
HKEY_LOCAL_MACHINESOFTWAREClassesSearchHook.SearchHookObjectCLSID @ ""
HKEY_LOCAL_MACHINESOFTWAREClassesSearchHook.SearchHookObjectCurVer
HKEY_LOCAL_MACHINESOFTWAREClassesSearchHook.SearchHookObjectCurVer @ "SearchHook.SearchHookObject.1"
HKEY_LOCAL_MACHINESOFTWAREClassesSearchHook.SearchHookObject.1
HKEY_LOCAL_MACHINESOFTWAREClassesSearchHook.SearchHookObject.1 @ "SearchHookObject Class"
HKEY_LOCAL_MACHINESOFTWAREClassesSearchHook.SearchHookObject.1CLSID
HKEY_LOCAL_MACHINESOFTWAREClassesSearchHook.SearchHookObject.1CLSID @ ""
HKEY_LOCAL_MACHINESOFTWAREClassesShowSearch.ViewSource
HKEY_LOCAL_MACHINESOFTWAREClassesShowSearch.ViewSource @ "ViewSource Class"
HKEY_LOCAL_MACHINESOFTWAREClassesShowSearch.ViewSourceCLSID
HKEY_LOCAL_MACHINESOFTWAREClassesShowSearch.ViewSourceCLSID @ ""
HKEY_LOCAL_MACHINESOFTWAREClassesShowSearch.ViewSourceCurVer
HKEY_LOCAL_MACHINESOFTWAREClassesShowSearch.ViewSourceCurVer @ "ShowSearch.ViewSource.1"
HKEY_LOCAL_MACHINESOFTWAREClassesShowSearch.ViewSource.1
HKEY_LOCAL_MACHINESOFTWAREClassesShowSearch.ViewSource.1 @ "ViewSource Class"
HKEY_LOCAL_MACHINESOFTWAREClassesShowSearch.ViewSource.1CLSID
HKEY_LOCAL_MACHINESOFTWAREClassesShowSearch.ViewSource.1CLSID @ ""
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID @ "Image Class"
HKEY_LOCAL_MACHINESOFTWAREClassesCLSIDInprocServer32
HKEY_LOCAL_MACHINESOFTWAREClassesCLSIDInprocServer32 @ "C:WINNTimage.dll"
HKEY_LOCAL_MACHINESOFTWAREClassesCLSIDInprocServer32 ThreadingModel "Apartment"
HKEY_LOCAL_MACHINESOFTWAREClassesCLSIDProgID
HKEY_LOCAL_MACHINESOFTWAREClassesCLSIDProgID @ "Image.Image.1"
HKEY_LOCAL_MACHINESOFTWAREClassesCLSIDProgrammable
HKEY_LOCAL_MACHINESOFTWAREClassesCLSIDVersionIndependentProgID
HKEY_LOCAL_MACHINESOFTWAREClassesCLSIDVersionIndependentProgID @ "Image.Image"
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID @ "ViewSource Class"
HKEY_LOCAL_MACHINESOFTWAREClassesCLSIDInprocServer32
HKEY_LOCAL_MACHINESOFTWAREClassesCLSIDInprocServer32 @ "C:WINNTwinxfwinxf32.dll"
HKEY_LOCAL_MACHINESOFTWAREClassesCLSIDInprocServer32 ThreadingModel "Apartment"
HKEY_LOCAL_MACHINESOFTWAREClassesCLSIDProgID
HKEY_LOCAL_MACHINESOFTWAREClassesCLSIDProgID @ "iefeatsl.ViewSource.1"
HKEY_LOCAL_MACHINESOFTWAREClassesCLSIDProgrammable
HKEY_LOCAL_MACHINESOFTWAREClassesCLSIDTypeLib
HKEY_LOCAL_MACHINESOFTWAREClassesCLSIDTypeLib @ ""
HKEY_LOCAL_MACHINESOFTWAREClassesCLSIDVersionIndependentProgID
HKEY_LOCAL_MACHINESOFTWAREClassesCLSIDVersionIndependentProgID @ "iefeatsl.ViewSource"
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID @ "ViewSource Class"
HKEY_LOCAL_MACHINESOFTWAREClassesCLSIDInprocServer32
HKEY_LOCAL_MACHINESOFTWAREClassesCLSIDInprocServer32 @ "C:WINNTwinxfmssearch.dll"
HKEY_LOCAL_MACHINESOFTWAREClassesCLSIDInprocServer32 ThreadingModel "Apartment"
HKEY_LOCAL_MACHINESOFTWAREClassesCLSIDProgID
HKEY_LOCAL_MACHINESOFTWAREClassesCLSIDProgID @ "ShowSearch.ViewSource.1"
HKEY_LOCAL_MACHINESOFTWAREClassesCLSIDProgrammable
HKEY_LOCAL_MACHINESOFTWAREClassesCLSIDTypeLib
HKEY_LOCAL_MACHINESOFTWAREClassesCLSIDTypeLib @ ""
HKEY_LOCAL_MACHINESOFTWAREClassesCLSIDVersionIndependentProgID
HKEY_LOCAL_MACHINESOFTWAREClassesCLSIDVersionIndependentProgID @ "ShowSearch.ViewSource"
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID @ "SearchHookObject Class"
HKEY_LOCAL_MACHINESOFTWAREClassesCLSIDInprocServer32
HKEY_LOCAL_MACHINESOFTWAREClassesCLSIDInprocServer32 @ "C:WINNTwinxfmsiesh.dll"
HKEY_LOCAL_MACHINESOFTWAREClassesCLSIDInprocServer32 ThreadingModel "Apartment"
HKEY_LOCAL_MACHINESOFTWAREClassesCLSIDProgID
HKEY_LOCAL_MACHINESOFTWAREClassesCLSIDProgID @ "SearchHook.SearchHookObject.1"
HKEY_LOCAL_MACHINESOFTWAREClassesCLSIDProgrammable
HKEY_LOCAL_MACHINESOFTWAREClassesCLSIDTypeLib
HKEY_LOCAL_MACHINESOFTWAREClassesCLSIDTypeLib @ ""
HKEY_LOCAL_MACHINESOFTWAREClassesCLSIDVersionIndependentProgID
HKEY_LOCAL_MACHINESOFTWAREClassesCLSIDVersionIndependentProgID @ "SearchHook.SearchHookObject"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerURLSearchHooks
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerURLSearchHooks ""
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects @ "."
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects @ "ShowSearch module"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects @ ""
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorer
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerRun
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerRun Image "rundll32 C:WINNTimage.dll,Install"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun Image "rundll32 C:WINNTimage.dll,Install"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallIEFeatSL_Uninstall
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallIEFeatSL_Uninstall DisplayName "IEFeatSL Uninstall"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallIEFeatSL_Uninstall UninstallString "rundll32.exe C:WINNTimage.dll,Uninstall"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallSearchHook
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallSearchHook DisplayName "MSIESH"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallSearchHook UninstallString "rundll32.exe C:WINNTwinxfmsiesh.dll,Uninstall"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallShowSearch
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallShowSearch DisplayName "MSSearch"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallShowSearch UninstallString "rundll32.exe C:WINNTwinxfmssearch.dll,Uninstall"
HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftInternet ExplorerMain Use Search Asst "no"
HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionRunServices
HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionRunServices Image "rundll32 C:WINNTimage.dll,Install"
HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer
HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer SponsorID dword:00000000
HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer Counter dword:00000000
HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer LastDay dword:00000000
HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer LastUpdate dword:00003102
HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer UpdateHour dword:00000017
HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer ModuleVersion dword:00000013
HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer DictVersion dword:0000001b
HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer Dict2Version dword:0000001b
HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer LastHPDay dword:00000000
HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer InstallDay dword:00000000
HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer SHVersion dword:0000000d
HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer HPDllVersion dword:00000009
HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer InstallFlag dword:0000000c
HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer SSVersion dword:00000004
HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer LRD dword:00000000
HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer UpdaterVersion dword:00000009
HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorer
HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorerURLSearchHooks
HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorerURLSearchHooks ""

E、修改如下注册条目:(修改默认主页及搜索页)
主键:HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain
"Start Page" = "http://www.microsoft.com/windows/ie_intl/cn/start/"
默认 = "res://mshp.dll/index.html#10213"

主键:HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain
"Search Page" = "http://www.microsoft.com/isapi/redir.dll?prd=ie&;ar=iesearch"
默认 = "res://mshp.dll/sp.html#10213"

主键:HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerUserAssistCount
"HRZR_EHAJZPZQ" = hex:02,00,00,00,45,00,00,00,10,f0,b7,24,f6,34,c4,01,
默认 = hex:02,00,00,00,46,00,00,00,40,7f,74,f8,f6,34,c4,01,

主键:HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerUserAssistCount
"HRZR_EHAJZPZQ:0k1,1n4" = hex:02,00,00,00,0c,00,00,00,d0,1e,5d,be,b2,31,c4,01,
默认 = hex:02,00,00,00,0d,00,00,00,40,7f,74,f8,f6,34,c4,01,

主键:HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsConnections
"SavedLegacySettings" = hex:3c,00,00,00,09,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
默认 = hex:3c,00,00,00,0a,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,

主键:HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptographyRNG
"Seed" = hex:14,a0,bb,55,41,89,58,7c,68,a2,35,66,df,5e,77,28,70,66,ab,d2,36,04,40,38,ad,31,dd,a0,1e,76,13,0c,68,1f,04,86,95,1d,7d,49,90,1d,e8,c4,2d,57,c5,c3,27,75,e9,84,2e,b5,96,0f,ce,08,2a,95,23,40,3b,f2,c1,c2,a6,35,59,34,cb,b8,c7,d5,59,28,91,ec,de,1b
默认 = hex:1e,2a,0f,e8,9c,7f,8b,2f,dd,e5,e1,2e,fd,4f,1a,4d,44,f9,69,f4,0d,03,1d,d9,1b,16,28,f6,2e,91,60,a8,52,99,f2,3b,32,44,62,cf,6b,92,d3,13,8a,1e,2f,65,3b,7e,57,8a,ed,28,d2,bb,92,aa,fa,63,98,67,ce,f4,85,bd,25,30,b4,60,df,3f,da,55,7c,0f,ef,7d,74,52,

主键:HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerMain
"Default_Page_URL" = "http://www.microsoft.com/windows/ie_intl/cn/start/"
默认 = "res://mshp.dll/index.html#10213"

主键:HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerMain
"Default_Search_URL" = "http://www.microsoft.com/isapi/redir.dll?prd=ie&;ar=iesearch"
默认 = "res://mshp.dll/sp.html#10213"

主键:HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerMain
"Search Page" = "http://www.microsoft.com/isapi/redir.dll?prd=ie&;ar=iesearch"
默认 = "res://mshp.dll/sp.html#10213"

主键:HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerMain
"Start Page" = "http://www.microsoft.com/isapi/redir.dll?prd=&;clcid=&pver=&ar=home"
默认 = "res://mshp.dll/index.html#10213"

主键:HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftInternet ExplorerMain
"Start Page" = "http://www.microsoft.com/windows/ie_intl/cn/start/"
默认 = "res://mshp.dll/index.html#10213"

主键:HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftInternet ExplorerMain
"Search Page" = "http://www.microsoft.com/isapi/redir.dll?prd=ie&;ar=iesearch"
"res://mshp.dll/sp.html#10213"

主键:HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorerUserAssistCount
"HRZR_EHAJZPZQ" = hex:02,00,00,00,45,00,00,00,10,f0,b7,24,f6,34,c4,01
默认 = hex:02,00,00,00,46,00,00,00,40,7f,74,f8,f6,34,c4,01,

主键:HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionExplorerUserAssistCount
"HRZR_EHAJZPZQ:0k1,1n4" = hex:02,00,00,00,0c,00,00,00,d0,1e,5d,be,b2,31,c4,01
默认 = hex:02,00,00,00,0d,00,00,00,40,7f,74,f8,f6,34,c4,01,

主键:HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersionInternet SettingsConnections
"SavedLegacySettings" = hex:3c,00,00,00,09,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
默认 = hex:3c,00,00,00,0a,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,

F、删除如下键值:
主键:HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks
"" = ""

主键:HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion智能ABC
"双打键盘类型" = dword:00000000

主键:HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows
"AppInit_DLLs "" = "

主键:HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftInternet ExplorerURLSearchHooks
"" = ""

主键:HKEY_USERSS-1-5-21-1715567821-152049171-839522115-1000SoftwareMicrosoftWindowsCurrentVersion智能ABC
"双打键盘类型" = dword:00000000


发作现象:
A.该木马运行后,会试图从以下网址下载文件 (89600bytes)
http://75tz.com/feat/image.dll
http://iefeadsl.com/feat/image.dll
B.收藏夹里会多出一些项目(参见16点)
C、默认主页被修改为:"res://mshp.dll/index.html#10213"
D、默认搜索页被改为:"res://mshp.dll/index.html#10213"
E、会在添加删除程序中添加MSIESH及MSSearch两项。


相关条目编辑本段回目录

计算机 木马 病毒 网络 软件 系统

→如果您认为本词条还有待完善,请 编辑词条

词条内容仅供参考,如果您需要解决具体问题
(尤其在法律、医学等领域),建议您咨询相关领域专业人士。 0

标签: Win32.Troj.WinShow.p.6656

收藏到: Favorites  

同义词: 暂无同义词

关于本词条的评论 (共0条)发表评论>>

对词条发表评论

评论长度最大为200个字符。