Win32.Hack.Agent.gt是什么病毒 - shashadu.com 杀杀毒病毒库

Win32.Hack.Agent.gt 病毒信息
- 病毒别名：N/A
  中文名称：N/A
  威胁级别：★
- 处理时间：N/A
  病毒类型：黑客程序
  影响系统：Win 9x/ME,Win 2000/NT,Win XP,Win 2003
病毒行为：
这是一个后门病毒，病毒会屏蔽一些安全网站，连接远程主机，等待黑客命令。

1、病毒复制自身到系统目录并运行，删除原病毒文件：
%system%\Winclock.exe

2、修改hosts文件,屏蔽如下安全网站:
www.symantec.com
securityresponse.symantec.com
symantec.com
www.sophos.com
sophos.com
www.mcafee.com
mcafee.com
liveupdate.symantecliveupdate.com
www.viruslist.com
viruslist.com
viruslist.com
f-secure.com
www.f-secure.com
kaspersky.com
kaspersky-labs.com
www.avp.com
www.kaspersky.com
avp.com
www.networkassociates.com
networkassociates.com
www.ca.com
ca.com
mast.mcafee.com
my-etrust.com
www.my-etrust.com
download.mcafee.com
dispatch.mcafee.com
secure.nai.com
nai.com
www.nai.com
update.symantec.com
updates.symantec.com
us.mcafee.com
liveupdate.symantec.com
customer.symantec.com
rads.mcafee.com
trendmicro.com
pandasoftware.com
www.pandasoftware.com
www.trendmicro.com
www.grisoft.com
www.microsoft.com
microsoft.com
www.virustotal.com
virustotal.com

3、修改注册表使病毒随系统自启动:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Windows Services Clock"="WinClock.exe"
[HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices]
"Microsoft Windows Services Clock"="WinClock.exe"
[HKLM\Software\Microsoft\OLE]
"Microsoft Windows Services Clock"="WinClock.exe"
[HKLM\SYSTEM\CurrentControlSet\Control\Lsa]
"Microsoft Windows Services Clock"="WinClock.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Windows Services Clock"="WinClock.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices]
"Microsoft Windows Services Clock"="WinClock.exe"
[HKCU\Software\Microsoft\OLE]
"Microsoft Windows Services Clock"="WinClock.exe"
[HKCU\SYSTEM\CurrentControlSet\Control\Lsa]
"Microsoft Windows Services Clock"="WinClock.exe"

4、连接远程主机的9797端口，接受黑客命令。

点击数：