金山毒霸2009
金山清理专家
专杀工具
在线杀毒
密保
网盾
系统急救箱
ARP防火墙
病毒名:Win32.Hack.Heidong.hk.492032
本病毒所有命名:
影响系统:
Win9x,WinMe,Linux
简介:
1、释放文件到系统目录 %SystemRoot%WinLiveUp.dat %SystemRoot%WinLiveUp.dll %SystemRoot%WinLiveUp.exe 2、创建了以下服务: 服务名: "Windows Live Update "
行为分析:
这是一款黑客程序,主要功能是安装黑洞远程控制服务端,程序运行后释放文件到系统目录,创建自己的远程服务,让黑客可以远程控制客户端电脑。
:
影响系统:
Win9x,WinMe,Linux
简介:
1、释放文件到系统目录 %SystemRoot%WinLiveUp.dat %SystemRoot%WinLiveUp.dll %SystemRoot%WinLiveUp.exe 2、创建了以下服务: 服务名: "Windows Live Update "
行为分析:
这是一款黑客程序,主要功能是安装黑洞远程控制服务端,程序运行后释放文件到系统目录,创建自己的远程服务,让黑客可以远程控制客户端电脑。
描述:
1、释放文件到系统目录
%SystemRoot%WinLiveUp.dat
%SystemRoot%WinLiveUp.dll
%SystemRoot%WinLiveUp.exe
2、创建了以下服务:
服务名: "Windows Live Update "
映像路径: %SystemRoot%WinLiveUp.dll
3、在注册表中创建并设置了以下信息:
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesWinLiveUp ]
"Type"=dword:00000110
"Start"=dword:00000002
"ErrorControl"=dword:00000000
"ImagePath"=C:WINDOWSsystem32svchost.exe -k netsvcs
"DisplayName"="Windows Live Update "
"ObjectName"="LocalSystem"
"Description"="Windows Live Update "
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesWinLiveUp Parameters]
"ServiceDll"=C:WINDOWSsystem32WinLiveUp.dll
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesWinLiveUp Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesWinLiveUp Enum]
"0"="Root\LEGACY_WINLIVEUP___\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnumRootLEGACY_WINLIVEUP___]
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnumRootLEGACY_WINLIVEUP___�000]
"Service"="WinLiveUp "
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="Windows Live Update "
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnumRootLEGACY_WINLIVEUP___�000Control]
"*NewlyCreated*"=dword:00000000
"ActiveService"="WinLiveUp "
1、释放文件到系统目录
%SystemRoot%WinLiveUp.dat
%SystemRoot%WinLiveUp.dll
%SystemRoot%WinLiveUp.exe
2、创建了以下服务:
服务名: "Windows Live Update "
映像路径: %SystemRoot%WinLiveUp.dll
3、在注册表中创建并设置了以下信息:
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesWinLiveUp ]
"Type"=dword:00000110
"Start"=dword:00000002
"ErrorControl"=dword:00000000
"ImagePath"=C:WINDOWSsystem32svchost.exe -k netsvcs
"DisplayName"="Windows Live Update "
"ObjectName"="LocalSystem"
"Description"="Windows Live Update "
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesWinLiveUp Parameters]
"ServiceDll"=C:WINDOWSsystem32WinLiveUp.dll
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesWinLiveUp Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesWinLiveUp Enum]
"0"="Root\LEGACY_WINLIVEUP___\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnumRootLEGACY_WINLIVEUP___]
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnumRootLEGACY_WINLIVEUP___�000]
"Service"="WinLiveUp "
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="Windows Live Update "
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnumRootLEGACY_WINLIVEUP___�000Control]
"*NewlyCreated*"=dword:00000000
"ActiveService"="WinLiveUp "
回复
评论病毒
