金山毒霸2009
金山清理专家
专杀工具
在线杀毒
密保
网盾
系统急救箱
ARP防火墙
病毒名:Win32.PSWTroj.OnlineGames.lo.152312
本病毒所有命名:
影响系统:
Win9x,WinMe,Linux
简介:
1.生成文件 %commonfiles%Microsoft SharedMSInfoSysInfo1.dll %commonfiles%Microsoft SharedMSInfoSysInfo1.dll2 %commonfiles%Microsoft SharedMSInfowyls.exe 2.生成CLSID组件.
行为分析:
该病毒是《跑跑卡丁车》、《剑侠世界2》、《劲舞团》、《完美世界》等多款网络游戏的盗号木马。病毒运行后会衍生文件至系统目录下,并修改注册表生成启动项.通过注入进程,设置消息监视,截获用户的账号资料并发送到木马种植者的手上。
:
影响系统:
Win9x,WinMe,Linux
简介:
1.生成文件 %commonfiles%Microsoft SharedMSInfoSysInfo1.dll %commonfiles%Microsoft SharedMSInfoSysInfo1.dll2 %commonfiles%Microsoft SharedMSInfowyls.exe 2.生成CLSID组件.
行为分析:
该病毒是《跑跑卡丁车》、《剑侠世界2》、《劲舞团》、《完美世界》等多款网络游戏的盗号木马。病毒运行后会衍生文件至系统目录下,并修改注册表生成启动项.通过注入进程,设置消息监视,截获用户的账号资料并发送到木马种植者的手上。
描述:
1.生成文件
%commonfiles%Microsoft SharedMSInfoSysInfo1.dll
%commonfiles%Microsoft SharedMSInfoSysInfo1.dll2
%commonfiles%Microsoft SharedMSInfowyls.exe
2.生成CLSID组件.
HKEY_CLASSES_ROOTCLSID{7F4D1081-25FD-44F5-99C6-FF271CFB7EC2}
HKEY_CLASSES_ROOTCLSID{7F4D1081-25FD-44F5-99C6-FF271CFB7EC2}
@ = ""
HKEY_CLASSES_ROOTCLSID{7F4D1081-25FD-44F5-99C6-FF271CFB7EC2}InProcServer32
HKEY_CLASSES_ROOTCLSID{7F4D1081-25FD-44F5-99C6-FF271CFB7EC2}InProcServer32
@ = "C:Program FilesCommon FilesMicrosoft SharedMSINFOSysInfo1.dll"
HKEY_CLASSES_ROOTCLSID{7F4D1081-25FD-44F5-99C6-FF271CFB7EC2}InProcServer32
ThreadingModel = "Apartment"
3.生成注册表启动项
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks {7F4D1081-25FD-44F5-99C6-FF271CFB7EC2} ""
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
IeServer = hex(2):43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,43,6f,6d,6d,6f,6e,20,46,69,6c,65,73,5c,4d,69,63,72,6f,73,6f,66,74,20,53,68,61,72,65,64,5c,4d,53,49,4e,46,4f,5c,77,79,6c,73,2e,65,78,65,00,
4.病毒运行后会把SysInfo1.dll注入到Explorer.exe进程当中.
5.病毒运行后会删除病毒源文件.
6.病毒会利用消息钩子盗取用户的账号和密码等信息,并以网页提交的方式发送到木马种植者手中.
1.生成文件
%commonfiles%Microsoft SharedMSInfoSysInfo1.dll
%commonfiles%Microsoft SharedMSInfoSysInfo1.dll2
%commonfiles%Microsoft SharedMSInfowyls.exe
2.生成CLSID组件.
HKEY_CLASSES_ROOTCLSID{7F4D1081-25FD-44F5-99C6-FF271CFB7EC2}
HKEY_CLASSES_ROOTCLSID{7F4D1081-25FD-44F5-99C6-FF271CFB7EC2}
@ = ""
HKEY_CLASSES_ROOTCLSID{7F4D1081-25FD-44F5-99C6-FF271CFB7EC2}InProcServer32
HKEY_CLASSES_ROOTCLSID{7F4D1081-25FD-44F5-99C6-FF271CFB7EC2}InProcServer32
@ = "C:Program FilesCommon FilesMicrosoft SharedMSINFOSysInfo1.dll"
HKEY_CLASSES_ROOTCLSID{7F4D1081-25FD-44F5-99C6-FF271CFB7EC2}InProcServer32
ThreadingModel = "Apartment"
3.生成注册表启动项
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks {7F4D1081-25FD-44F5-99C6-FF271CFB7EC2} ""
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
IeServer = hex(2):43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,43,6f,6d,6d,6f,6e,20,46,69,6c,65,73,5c,4d,69,63,72,6f,73,6f,66,74,20,53,68,61,72,65,64,5c,4d,53,49,4e,46,4f,5c,77,79,6c,73,2e,65,78,65,00,
4.病毒运行后会把SysInfo1.dll注入到Explorer.exe进程当中.
5.病毒运行后会删除病毒源文件.
6.病毒会利用消息钩子盗取用户的账号和密码等信息,并以网页提交的方式发送到木马种植者手中.
回复
评论病毒
