Win32.Troj.AdSetup.dx是什么病毒 - shashadu.com 杀杀毒病毒库

Win32.Troj.AdSetup.dx 病毒信息
- 病毒别名：N/A
  中文名称：N/A
  威胁级别：★
- 处理时间：N/A
  病毒类型：木马
  影响系统：Win 9x/ME,Win 2000/NT,Win XP,Win 2003
病毒行为：
这是个流氓软件安装包。运行病毒读会再系统中安装多宽流氓软件。建议电脑用户不要随便运行不明程序，以免中毒受害。

1、生成的文件
%Program Files%\Common Files\System\Updaterun.exe
%SystemRoot%\system32\wbem\ocmor.dll
%SystemRoot%\system32\wbem\jqtyi.dll
%SystemRoot%\system32\rundllfromwin2000.exe
%Documents and Settings%\administrator\Favorites\多特软件站-最安全放心的软件站.url
%SystemRoot%\bar.exe
%Program Files%\superutilbar\superutilbar.dll
%Program Files%\superutilbar\uninst.exe

2、添加启动项
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"System" = "%Program Files%\Common Files\System\Updaterun.exe"

3、添加伪系统服务
HKLM\System\CurrentControlSet\Services\BRGNS
"Type" = "0x10"
HKLM\System\CurrentControlSet\Services\BRGNS
"Start" = "0x2"
HKLM\System\CurrentControlSet\Services\BRGNS
"ImagePath" = "%SystemRoot%\SYSTEM32\RUNDLLFROMWIN2000.EXE %SystemRoot%\SYSTEM32\WBEM\JQTYI.DLL,Export 1087"
HKLM\System\CurrentControlSet\Services\BRGNS
"DisplayName" = "Microsoft Update Service"
HKLM\System\CurrentControlSet\Services\BRGNS
"Description" = "提供Microsoft(R) Windows 及应用程序的升级和安全漏洞修复服务。"

4、添加注册信息
HKCU\SOFTWARE\Microsoft\Internet Explorer\typedUrls\
"url5" = "http://www.3839.***/index.html"
HKCR\6781.TOOLBAR.1
"(Default)" = "实用搜索工具条2.0"
HKCR\6781.TOOLBAR.1\CLSID
"(Default)" = "{03465FF5-00AE-411a-9C34-960ED566EC03}"
HKCR\6781.TOOLBARLOADER.1
"(Default)" = "实用搜索"
HKCR\6781.TOOLBARLOADER\CLSID
"(Default)" = "{6CFD436C-7AAD-4e50-992F-C0C87A94CAD2}"
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\实用搜索工具条
"URLInfoAbout" = "http://www.shiyongsousuo.***"

5、注册CLSID组件
HKCR\CLSID\{03465FF5-00AE-411a-9C34-960ED566EC03}
"(Default)" = "实用搜索工具条2.0"
HKCR\CLSID\{03465FF5-00AE-411a-9C34-960ED566EC03}\InprocServer32
"(Default)" = "%Program Files%\superutilbar\superutilbar.dll"
HKCR\CLSID\{6CFD436C-7AAD-4e50-992F-C0C87A94CAD2}
"(Default)" = "实用搜索"
HKCR\CLSID\{6CFD436C-7AAD-4e50-992F-C0C87A94CAD2}\InprocServer32
"(Default)" = "%Program Files%\superutilbar\superutilbar.dll"

6、添加BHO组建
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6CFD436C-7AAD-4e50-992F-C0C87A94CAD2}
"(Default)" = "实用搜索"

7、添加工具条
HKLM\Software\Microsoft\Internet Explorer\Toolbar
"{03465FF5-00AE-411a-9C34-960ED566EC03}" = "实用搜索工具条2.0"

点击数：