Win32.Troj.Startpage.j

病毒行為

1)將病毒拷貝到：

%SystemRoot%\scvhost.exe

%SystemRoot%\windbg.exe

2)在註冊表中為病毒妹院添加啟動項：

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

"scvhost"="%SystemRoot%\scvhost.exe"

3)修改.EXE檔案的關聯到病毒境符屑烏：

HKEY_CLASSES_ROOT\exefile\shell\Open\Command

默認="%SystemRoot%\windbg.exe "%1" %*"

4)修改瀏覽器的默認主頁和默認搜尋頁槳剃埋祝：

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

"Start Page"="http://69.*.191.*/search.cgi?a12484"

"Search Page"="http://69.*.191.*/search.cgi?a12484"

"Search Bar"="http://69.*.191.*/search.cgi?b12484"勸霸辣

"Use Search Asst"="no"

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main

"Start Page"="http://69.*.191.*/search.cgi?a12484"

"Search Page"="http://69.*.191.*/search.cgi?a12484"

"Search Bar"="http://69.*.191.*/search.cgi?b12484"

"Use Search Asst"鴉海判="no"

5)在瀏覽器的收藏夾里建拳迎跨立2個頌斷宙色情網站的連結Pornl.url和Teens Anal Fucking.url

6)在HKEY_CURRENT_USER\PROTOCOLS\Handler\its下刪除鍵值"CSLID"並建立:

HKEY_CURRENT_USER\PROTOCOLS\Handler\ms-its

"CSLID"=""

修改註冊表鍵值：

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search

"SearchAssistant"="http://69.*.191.*/search.cgi?b12484"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes

"www"="http://69.*.191.*/1/?"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2

"1000"=0x00000000

"1004"=0x00000000

"1200"=0x00000000

"1201"=0x00000000

"1400"=0x00000000

"1402"=0x00000000

"1405"=0x00000000

"1406"=0x00000000

"1407"=0x00000000

"1609"=0x00000000

"1803"=0x00000000

"CurrentLevel"=0x00000000

"MinLevel"=0x00000000

"RecommendedLeve"=0x00000000

Win32.Troj.Startpage.j

基本介紹

相關詞條

熱門詞條