标题:[求助]那位有VB写的AUTO病毒专杀呢?
只看楼主
boykklove
Rank: 1
等 级:新手上路
帖 子:13
专家分:0
注 册:2007-3-23
 问题点数:0 回复次数:0 
[求助]那位有VB写的AUTO病毒专杀呢?

这是一个用VB写的病毒,一旦运行,病毒将复制自己到如下目录<以win98为例,其它系统也在相应目录>:
C:AUTORUN.INF
C:WINDOWSAUTO.EXE
C:AUTO.EXE
C:PROGRAM FILESAUTO.EXE
C:WINDOWSALL USERSDESKTOPSYSBOY.EXE
C:WINDOWSALL USERSSTART MENUPROGRAMS启动AUTO.EXE
C:WINDOWSDESKTOPSYSGRIL.EXE
C:WINDOWSSTART MENUPROGRAMS 启动AUTO.EXE

修改注册表如下:
HKLM\SoftwareMicrosoftWindowsCurrentVersion
Run
"%CURDIR%SYSBOY.exe"
HKLM\SoftwareMicrosoftWindowsCurrentVersion
RunExplorer
"C:auto.exe"
HKLM\SoftwareMicrosoftWindowsCurrentVersion
RunServicesExplorer
"%CURDIR%SYSBOY.exe"
HKLM\SoftwareMicrosoftWindowsCurrentVersion
RunServicesSystry
"C:Program Filesauto.exe"
HKLM\SoftwareMicrosoftWindowsCurrentVersion
RunonceSystry
"%CURDIR%SYSBOY.exe"
HKLM\SoftwareMicrosoftWindowsCurrentVersion
RunonceSystryt
"D:auto.exe"
HKLM\SoftwareMicrosoftWindowsCurrentVersion
RunonceexSystryt
"%CURDIR%SYSBOY.exe"
HKLM\SoftwareMicrosoftWindowsCurrentVersion
Runservicesoncerundll32
"%CURDIR%SYSBOY.exe"
HKLM\SoftwareMicrosoftWindowsCurrentVersion
Runservicesoncerundll64
"%CURDIR%SYSBOY.exe"
HKCU\SOFTWAREMICROSOFTWINDOWSCURRENTVERSION
POLICiESSYSTEMdisableregistrytools
0x313131 -->禁止使用注册表工具
HKLM\SOFTWAREMICROSOFTWINDOWSCURRENTVERSION
POLICiESEXPLORERnofolderoptions
0x313131 -->禁止打开文件夹选项
HKCU\SoftwareMicrosoftWindowsCurrentVersion
Policieswinoldappnorealmode
0x313131 -->禁止进入实模式
HKCU\SoftwareMicrosoftInternet Explorer
Mainstart page
" http://xxxwwwjjjhd.20forfree.com" -->修改IE默认页
HKCU\SoftwareMicrosoftInternet Explorer
Mainfirst home page
" http://xxxwwwjjjhd.20forfree.com" -->修改IE默认页
HKLM\SoftwareCLASSESDirectoryshell
Winamp.Playfirst home page
"用 Winamp 播放(&p)"
HKLM\SoftwareCLASSESDirectoryshell
Winamp.Playcommandfirst home page
"C:WINDOWSauto.exe"
HKLM\SoftwareCLASSESDirectoryshell
Winamp.Enqueuefirst home page
"加入 Winamp 队列(&E)"
HKLM\SoftwareCLASSESDirectoryshell
Winamp.Enqueue
commandfirst home page
"C:auto.exe"
HKLM\SoftwareCLASSESDirectoryshell
Winamp.Bookmarkfirst home page
"添加到 Winamp 的书签清单中(&B)"
HKLM\SoftwareCLASSESDirectoryshell
Winamp.Bookmark
commandfirst home page
"D:auto.exe"

HKCR\txtfileshellopencommandfirst home page
"%CURDIR%SYSBOY.exe"
HKCR\swffileshellopencommandfirst home page
"C:auto.exe"
HKCR\mp3fileshellopencommandfirst home page
"D:auto.exe"
HKCR\dllfileshellopencommandfirst home page
"E:auto.exe"
HKCR\htmfileshellopencommandfirst home page
"%CURDIR%SYSBOY.exe"

病毒也将自动连接网站:
http://***xxxwwwjjjhd.20forfree.com

这是一种使用网络非法传播来骗钱的病毒,即所

搜索更多相关主题的帖子: AUTO 
2007-09-20 13:23



参与讨论请移步原网站贴子:https://bbs.bccn.net/thread-171478-1-1.html




关于我们 | 广告合作 | 编程中国 | 清除Cookies | TOP | 手机版

编程中国 版权所有,并保留所有权利。
Powered by Discuz, Processed in 0.199407 second(s), 7 queries.
Copyright©2004-2024, BCCN.NET, All Rights Reserved