Win32.Troj.AdSetup.vb是什么病毒 - shashadu.com 杀杀毒病毒库

Win32.Troj.AdSetup.vb 病毒信息
- 病毒别名：N/A
  中文名称：N/A
  威胁级别：★
- 处理时间：N/A
  病毒类型：木马
  影响系统：Win 9x/ME,Win 2000/NT,Win XP,Win 2003
病毒行为：
该病毒是一个流氓软件安装包。运行该病毒会在系统安装带驱动的流氓软件，一般方法很难清除。
建议电脑用户升级病毒库查杀该病毒及该病毒安装的隐秘软件。

1、生成的文件
C:\WINNT\system32\SCIntruder.dll
C:\WINNT\system32\ejcokx08.dll
C:\WINNT\system32\drivers\ejcokx08.sys

2、注册CLSID组件
HKCR\CLSID\{DED96F80-2B97-407C-8E09-D7233448753F}\InprocServer32
"(Default)" = "C:\WINNT\system32\SCIntruder.dll"
HKCR\CLSID\{566CB5F7-D9FA-4B01-8A1A-168F706CBE41}\InprocServer32
"(Default)" = "C:\WINNT\system32\SCIntruder.dll"
HKCR\CLSID\{C5668031-4BDE-43D4-8766-8E9AAC16C56E}\InprocServer32
"(Default)" = "C:\WINNT\system32\SCIntruder.dll"
HKCR\CLSID\{9ACEEE31-1440-471B-AA46-72B061FE7D61}\InprocServer32
"(Default)" = "C:\WINNT\system32\SCIntruder.dll"
HKCR\CLSID\{0D8CA513-282F-4E40-8971-F5EE879AF7FD}\InprocServer32
"(Default)" = "C:\WINNT\system32\SCIntruder.dll"
HKCR\CLSID\{566CB5F7-D9FA-4B01-8A1A-168F706CBE41}\InprocServer32
"(Default)" = "C:\WINNT\system32\SCIntruder.dll"
HKCR\CLSID\{86DC8694-AACC-4CE6-B8EC-A75DEEDA698D}\InprocServer32
"(Default)" = "C:\WINNT\system32\SCIntruder.dll"

3、安装驱动
HKLM\System\CurrentControlSet\Services\ejcokx08
"Type" = "0x1"
HKLM\System\CurrentControlSet\Services\ejcokx08
"Start" = "0x3"
HKLM\System\CurrentControlSet\Services\ejcokx08
"ImagePath" = "\??\C:\WINNT\system32\drivers\ejcokx08.sys"
HKLM\System\CurrentControlSet\Services\ejcokx08
"DisplayName" = "ejcokx08"
HKLM\system\controlset001\services\ejcokx08
"ImagePath" = "System32\DRIVERS\ejcokx08.sys"
HKLM\system\controlset001\services\ejcokx08
"Type" = "0x1"
HKLM\system\controlset001\services\ejcokx08
"Start" = "0x0"
HKLM\system\controlset001\services\ejcokx08
"DisplayName" = "ejcokx08"
HKLM\system\controlset001\services\ejcokx08
"Group" = "System Bus Extender"

4、添加BHO浏览器辅助项
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ACEEE31-1440-471B-AA46-72B061FE7D61}
"(Default)" = "NewWeb Controller"

点击数：