病毒行为：
这是一个发送QQ消息的木马病毒，病毒运行后会释放病毒文件，修改注册表，并在后台寻找QQ聊天窗口，找到后自动向好友发送消息。

1、释放病毒文件到如下路径：
%system32%\1A783BD2.EXE
%system32%\1A783BD2T.EXE
%system32%\1A783BD2.dll
%system%为可变路径，一般为c:\windows\system32

2、释放.bat文件到%system32%\delme.bat删除病毒体自身。

3、修改注册表项，添加服务1A783BD2：
HKLM\System\CurrentControlSet\Services\1A783BD2
HKLM\System\CurrentControlSet\Services\1A783BD2\Type 0x10
HKLM\System\CurrentControlSet\Services\1A783BD2\Start 0x2
HKLM\System\CurrentControlSet\Services\1A783BD2\ErrorControl 0x1
HKLM\System\CurrentControlSet\Services\1A783BD2\ImagePath "C:\WINDOWS\system32\1A783BD2.EXE -service"
HKLM\System\CurrentControlSet\Services\1A783BD2\DisplayName "1A783BD2"
HKLM\System\CurrentControlSet\Services\1A783BD2\ObjectName "LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Services\1A783BD2\Description "为系统提供加速启动功能。"

HKLM\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_1A783BD2
HKLM\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_1A783BD2\NextInstance 0x1
HKLM\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_1A783BD2\0000\Control\*NewlyCreated* 0x0
HKLM\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_1A783BD2\0000\Service "1A783BD2"
HKLM\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_1A783BD2\0000\Legacy 0x1
HKLM\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_1A783BD2\0000\ConfigFlags SUCCESS 0x0
HKLM\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_1A783BD2\0000\Class "LegacyDriver"
HKLM\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_1A783BD2\0000\ClassGUID "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKLM\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_1A783BD2\0000\DeviceDesc "1A783BD2"
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\1A783BD2\Enum\0 "Root\LEGACY_1A783BD2\0000"
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\1A783BD2\Enum\Count 0x1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\1A783BD2\Enum\NextInstance 0x1
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_1A783BD2\0000\Control\ActiveService "1A783BD2"

4、插入Winlogon.exe和Explorer.exe进程，下载配置文件，根据配置文件修改用户主页。

5、遍历当前所有窗口，当找到QQ聊天窗口时，自动向好友发送消息。