Win32.Troj.QQkdw

一個能將自身偽裝成網頁圖示的QQ盜號木馬

概述

病毒

別名:
處理時間:
威脅級別:★★
中文名稱:QQ狂盜王
病毒類型:木馬
影響系統:Win9x/WinNT/Win2K/WinXP/Win2003
病毒行為:
編寫工具:VB6.0
傳染條件:該木馬將圖示改成網頁圖示
發作條件:

系統修改:

1. 添加鍵值:
HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWindows
"Run" = "%SYSTEM%uqslkgw.exe"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
%filename% = "%filepath%\%filename%.exe"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
"ediinn" = "%SYSTEM%ediinn.exe"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
"iqhx" = "%SYSTEM%iqhx.exe"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
"oiqjvog" = "C:Program Filesoiqjvog.exe"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunservices
%filename% = "%filepath%\%filename%.exe"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunservices
ediinn" = "%SYSTEM%ediinn.exe"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunservices
"iqhx" = "%SYSTEM%iqhx.exe"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunservices
"oiqjvog" = "C:Program Filesoiqjvog.exe"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
%filename% = "%filepath%\%filename%.exe"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
"ediinn" = "%SYSTEM%ediinn.exe"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
"iqhx" = "%SYSTEM%iqhx.exe"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
"oiqjvog" = "C:Program Filesoiqjvog.exe"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunservices
%filename% = "%filepath%\%filename%.exe"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunservices
"ediinn" = "%SYSTEM%ediinn.exe"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunservices
"iqhx" = "%SYSTEM%iqhx.exe"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunservicesoiqjvog
"oiqjvog" = "C:Program Filesoiqjvog.exe"
2. 向病毒所在的當前目錄添加oiqjvog.exe,ediinn.exe,iqhx.exe三個隱藏檔案,
向C:Program Files添加oiqjvog.exe,
向%SYSTEM%添加ediinn.exe,iqhx.exe,uqslkgw.exe檔案

發作現象:

病毒運行後彈出QQ的界面(和QQ界面一模一樣) ,
偽裝成QQ, 如果用戶輸入了密碼, 那么該信息被傳送到指定的油箱
特別說明:

相關詞條

相關搜尋

熱門詞條

聯絡我們