金山毒霸2009
金山清理专家
专杀工具
在线杀毒
密保
网盾
系统急救箱
ARP防火墙
病毒名:Win32.PSWTroj.QQPass.55906
本病毒所有命名:
影响系统:
Win9x,WinMe,Linux
简介:
在磁盘中释放出以下文件: C:WINDOWSsystemsoundmno.exe C:autorun.inf C: tldr.exe N:autorun.inf N: tldr.exe 在注册表中创建了以下信息: "HKLMSoftwarelogogo"
行为分析:
这是一个针对QQ即时通讯软件的盗号木马。它能够破坏一些安全软件的正常运行,并可以利用AUTO技术进行快速传播。
:
影响系统:
Win9x,WinMe,Linux
简介:
在磁盘中释放出以下文件: C:WINDOWSsystemsoundmno.exe C:autorun.inf C: tldr.exe N:autorun.inf N: tldr.exe 在注册表中创建了以下信息: "HKLMSoftwarelogogo"
行为分析:
这是一个针对QQ即时通讯软件的盗号木马。它能够破坏一些安全软件的正常运行,并可以利用AUTO技术进行快速传播。
描述:
在磁盘中释放出以下文件:
C:WINDOWSsystemsoundmno.exe
C:autorun.inf
C:
tldr.exe
N:autorun.inf
N:
tldr.exe
在注册表中创建了以下信息:
"HKLMSoftwarelogogo"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsLogo_1.exe"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNavapw32.exe"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNavapsvc.exe"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNMain.exe"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Options
avw32.EXE"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVFW.EXE"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVSvcUI.exe"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVPFW.EXE"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsKvXP.kxp"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVSrvXP.exe"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVwsc.exe"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVsvc.exe"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsKWatchUI.EXE"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Options360Safe.exe"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Options360rpt.exe"
在注册表中设置了以下信息:
"HKLMSoftwarelogogo" "setup" "yes"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsLogo_1.exe" "Debugger" "C:WINDOWSsystemsoundmno.exe"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNavapw32.exe" "Debugger" "C:WINDOWSsystemsoundmno.exe"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNavapsvc.exe" "Debugger" "C:WINDOWSsystemsoundmno.exe"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNMain.exe" "Debugger" "C:WINDOWSsystemsoundmno.exe"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Options
avw32.EXE" "Debugger" "C:WINDOWSsystemsoundmno.exe"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVFW.EXE" "Debugger" "C:WINDOWSsystemsoundmno.exe"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVSvcUI.exe" "Debugger" "C:WINDOWSsystemsoundmno.exe"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVPFW.EXE" "Debugger" "C:WINDOWSsystemsoundmno.exe"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsKvXP.kxp" "Debugger" "C:WINDOWSsystemsoundmno.exe"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVSrvXP.exe" "Debugger" "C:WINDOWSsystemsoundmno.exe"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVwsc.exe" "Debugger" "C:WINDOWSsystemsoundmno.exe"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVsvc.exe" "Debugger" "C:WINDOWSsystemsoundmno.exe"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsKWatchUI.EXE" "Debugger" "C:WINDOWSsystemsoundmno.exe"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Options360Safe.exe" "Debugger" "C:WINDOWSsystemsoundmno.exe"
在注册表中修改了以下信息:
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAV32.exe" "Debugger" "C:WINDOWSsystemsoundmno.exe"
病毒会利用网络发送赃物
在磁盘中释放出以下文件:
C:WINDOWSsystemsoundmno.exe
C:autorun.inf
C:
tldr.exe
N:autorun.inf
N:
tldr.exe
在注册表中创建了以下信息:
"HKLMSoftwarelogogo"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsLogo_1.exe"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNavapw32.exe"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNavapsvc.exe"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNMain.exe"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Options
avw32.EXE"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVFW.EXE"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVSvcUI.exe"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVPFW.EXE"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsKvXP.kxp"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVSrvXP.exe"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVwsc.exe"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVsvc.exe"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsKWatchUI.EXE"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Options360Safe.exe"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Options360rpt.exe"
在注册表中设置了以下信息:
"HKLMSoftwarelogogo" "setup" "yes"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsLogo_1.exe" "Debugger" "C:WINDOWSsystemsoundmno.exe"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNavapw32.exe" "Debugger" "C:WINDOWSsystemsoundmno.exe"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNavapsvc.exe" "Debugger" "C:WINDOWSsystemsoundmno.exe"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsNMain.exe" "Debugger" "C:WINDOWSsystemsoundmno.exe"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Options
avw32.EXE" "Debugger" "C:WINDOWSsystemsoundmno.exe"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVFW.EXE" "Debugger" "C:WINDOWSsystemsoundmno.exe"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVSvcUI.exe" "Debugger" "C:WINDOWSsystemsoundmno.exe"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVPFW.EXE" "Debugger" "C:WINDOWSsystemsoundmno.exe"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsKvXP.kxp" "Debugger" "C:WINDOWSsystemsoundmno.exe"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVSrvXP.exe" "Debugger" "C:WINDOWSsystemsoundmno.exe"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsKVwsc.exe" "Debugger" "C:WINDOWSsystemsoundmno.exe"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVsvc.exe" "Debugger" "C:WINDOWSsystemsoundmno.exe"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsKWatchUI.EXE" "Debugger" "C:WINDOWSsystemsoundmno.exe"
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Options360Safe.exe" "Debugger" "C:WINDOWSsystemsoundmno.exe"
在注册表中修改了以下信息:
"HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAV32.exe" "Debugger" "C:WINDOWSsystemsoundmno.exe"
病毒会利用网络发送赃物
回复
评论病毒
