sxs2.exe变种（Trojan.DL.Pabug.a）--病毒分析--电脑应用,电脑维护,故障修复,系统优化,硬件故障,软件故障,电脑病毒,电脑应用,办公应用,电脑常识

生成文件：
C:\net.exe 300751
C:\svchost.exe 15536
U:\autorun.inf
U:\sxs2.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue
0x00000001 REG_SZ
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable
1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system 指向C:\svchost.exe

连接网络下载h××p://dr××nbo.go2.icpcn.com/network.exe

network是一个灰鸽子病毒，运行后删除自身
生成文件：
C:\WINDOWS\msnet.exe 301568
C:\WINDOWS\uninstal.bat create delete

添加服务microsoft basicnet service = C:\WINDOWS\MSNET.EXE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\microsoft basicnet service

--------------------------------------------------------------------------------

BootIO.exe（Trojan/Agent.Bui）分析
生成文件档：
C:\WINDOWS\system32\avi32.dll 40960 avi32.dll会注入到Explorer.exe进程中
C:\WINDOWS\system32\down.tmp 23741
C:\WINDOWS\system32\del.bat
注册表
HKEY_LOCAL_MACHINE\SOFTWARE\RiKAV
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxnet

--------------------------------------------------------------------------------

sxs.exe（eoymry.exe）变种Trojan.PSW.QQPass.rdr
生成文件档：
C:\WINDOWS\system32\eoymry.exe 40011
C:\WINDOWS\system32\QQhx.dat 40011
C:\WINDOWS\system32\eoymry.dll 41984
X:\sxs.exe
X:\autorun.inf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eoymry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue

bzf12 2007-01-25 16:13
目前U盘病毒专杀工具共可查杀33种U盘病毒，分别是
List3.AddItem "MVS.exe，MVH.exe     Dropper.VB.acd "
List3.AddItem "LaunchCd.exe,chkdk.exe Trojan.VB.vwp"
List3.AddItem "Tel.xls.exe         Worm.VB.lv"
List3.AddItem "rose.exe           Worm.VB.hy"
List3.AddItem "reper.exe         Worm.Repka.y"
List3.AddItem "RavMonE.exe         Worm.Snake.a"
List3.AddItem "RavMon.exe         Trojan.Agent.ync"
List3.AddItem "bittorrent.exe       Worm.Snake.a"
List3.AddItem "sal.xls.exe         Trojan.VB.vvu"
List3.AddItem "desktop.exe         Trojan.VB.vta/vtb"
List3.AddItem "ie.exe           Trojan.Agent.xty"
List3.AddItem "readme.exe         Win32.Troj.PcRob.ft.77312"
List3.AddItem "Iexplores.exe       Backdoor.Tompai.k"
List3.AddItem "ghost.exe,conime.exe   Trojan.DL.Agent.b

[1] [2] 下一页