Win32.Hack.Frauder.dk.78848
病毒行为:
这是一个黑客程序,它实际上是一个木马文件,会获取用户系统的操作权限,然后连接到黑客的远程服务器,以便黑客盗窃电脑中的信息或对电脑进行非法控制。
在磁盘中释放出以下文件:
C:
C:WINDOWS
C:WINDOWS\__tmp_rar_sfx_access_check_866628
C:WINDOWSsetup_102740.exe
C:WINDOWSyoyo1172.exe
C:WINDOWS03.exe
C:WINDOWS1020.exe
C:WINDOWS1134.exe
C:WINDOWS2013.exe
C:WINDOWSi03.exe
C:WINDOWSoy3.exe
C:WINDOWSps.exe
C:WINDOWSsetup1378.exe
C:WINDOWSeyVtdBYybBID2013.DLL
C:WINDOWSDelSelf.bat
在磁盘中删除了以下文件:
__tmp_rar_sfx_access_check_866628
/q"C:WINDOWS2013.exe"
病毒会删除自身
在注册表中创建了以下信息:
"HKCUSoftwareWinRARSFX"
"HKLMSystemCurrentControlSetServicesUQMDDOTDC"
"HKLMSystemCurrentControlSetServicesUQMDDOTDCParameters"
在注册表中设置了以下信息:
"HKCUSoftwareWinRARSFX""C%%WINDOWS%""C:WINDOWS"
"HKLMSystemCurrentControlSetServicesUQMDDOTDC""I"""
"HKLMSystemCurrentControlSetServicesUQMDDOTDC""DisplayName""TYUHTXZGQ"
"HKLMSystemCurrentControlSetServicesUQMDDOTDC""DisplayName""TYUHTXZGQ"
最新相关文章- ·Win32.Troj.Delf.15360
- ·Win32.Adware.CDN.164160
- ·Win32.Hack.Frauder.dk.78848
- ·Win32.Troj.FakeAV.ba.24064
- ·Win32.Hack.RBot.b.579869
- ·Win32.Hack.PcClient.al.97819
- ·Win32.Hack.KillAV.a.594432
- ·Win32.Adware.BetterInter.l.221184
- ·Win32.Adware.Virtumonde.gk.105536
- ·Win32.Lurker.a.897024
- ·Win32.Hack.PcClient.al.397960
- ·Win32.Hack.RemoteABC.qv.381952
- ·Win32.Hack.Huigezi.86528
- ·Win32.Adware.Dodolook.ic.77824
发表评论- 阅读排行
- 推荐阅读
- 随机推荐
- Win32.PSWTroj.QQPass.153731/QQ盗号下载器153731
- Win32.Troj.GameOnlineT.xx.61440/问道盗号者6144
- Win32.Troj.Lmir.be.22183/传奇世界盗号木马22183
- PE.OnLineGames.fx.20557/PE网游盗号器20557
- Win32.Troj.HomePage
- JS.DownloaderT.a.31604
- Win32.TrojDownloader.Small.90112
- Win32.RiskWare.PEBundle.49152/网马连接器49152
- Win32.Adware.Virtumonde.cm
- Worm.AutoRun.m.258053/AUTO病毒下载器
- Win32.Adware.CDN.29696/木马下载器29696
- Win32.Troj.OnlineGameT.am.107664
- Win32.Troj.Agent.ie.302080/广告弹出器302080
- Win32.Troj.GuiseAV.ak.28672/恶毒保安28672
- Win32.Tufik.a
- 专题教程
- 实用信息