光华反病毒研究中心近日进行病毒特征码更新,请用户尽快到光华网站www.viruschina.com下载升级包,以下是几个重要病毒的简介:
光华反病毒资讯(2)
二 木马病毒 Trojan.Zonebac危害级别:★★☆☆☆
根据光华反病毒研究中心专家介绍,这是木马病毒,感染 Windows 2000, Windows 95, Windows 98, Windows Me,
Windows NT, Windows Server 2003, Windows XP 系统,降低 IE 安全区域设置,当打开此病毒文件后,有以下现象:
A 搜索并结束以下进程
firewallntservice.exe
spysweeper.exe
spysweeperui.exe
ssu.exe
wdfdataservice.exe
webrootdesktopfirewall.exe
isafe.exe
vsmon.exe
zlclient.exe
B 增加"Lexmark_X79-55" = "%System%\lsasss.exe"到注册表
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
使得病毒每次开机后自动执行
C 搜索注册表
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
中的所有项,将其中的内容替换成自身,将原来的文件改名为*.bak
使得病毒每次开机后再次自动执行
D 复制自身到系统目录的 lsasss.exe
E 在临时目录下创建文件 abc123.pid 和 abc123.dat
F 获取默认浏览器,成功后启动隐藏的进程访问
http://88.80.5.21/check/check[已删除]
http://221.231.140.49/check/check[已删除]
http://222.38.148.30/check/check[已删除]
G 创建注册表项
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\me
H 修改注册表
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2 中的以下值,降低安全区域设置
"CurrentLevel" = "10000"
"MinLevel" = "10000"
"RecommendedLevel" = "10000"
"Flags" = "43"
"1001" = "0"
"1004" = "0"
"1200" = "0"
"1201" = "0"
"1206" = "0"
"1400" = "0"
"1402" = "0"
"1405" = "0"
"1406" = "0"
"1407" = "0"
"1601" = "0"
"1604" = "0"
"1605" = "0"
"1606" = "0"
"1607" = "0"
"1608" = "0"
"1609" = "1"
"1800" = "0"
"1802" = "0"
"1803" = "0"
"1804" = "0"
"1805" = "0"
"1806" = "0"
"1807" = "0"
"1808" = "0"
"1809" = "0"
"1A00" = "0"
"1A02" = "0"
"1A03" = "0"
"1A04" = "0"
"1A05" = "0"
"1A06" = "0"
"1A10" = "0"
"1C00" = "30000"
"1E05" = "30000"
"2000" = "0"
"2001" = "0"
"2004" = "0"
"2100" = "0"
"2101" = "1"
"2102" = "0"
"2200" = "0"
"2201" = "0"
"2300" = "1"
北京日月光华软件公司网站(http://www.viruschina.com)每日进行病毒特征码更新,光华反病毒研究中心专家提醒您:请尽快到光华安全网站在线订购光华反病毒软件来防范病毒的入侵,时刻保护您的电脑安全。光华反病毒软件用户升级到9月18日的病毒库(免费下载地址为:http://www.viruschina.com/html/update.asp)就可以完全查杀这些病毒。
网友评论