Win32.Troj.Small.ab这是一个木马下载器,用于下载并执行木马。影响系统有Win9x / WinNT。
病毒别名:Trojan-Downloader.Win32.Small.abt[AVP]
处理时间:
威胁级别:★★
中文名称:
病毒类型:木马
影响系统:Win9x / WinNT
病毒行为:
1.在系统目录%system%\下创建文件:
cmd64.exe(本身)
systems32.exe
driver64.exe(Trojan.Win32.Dialer.gd)
mutlo.exe(Trojan.Serpo.a)
commandos.exe(Trojan-Dropper.Win32.Small.ol)
popup_bl.dll(Trojan-Dropper.Win32.Small)
systr.dll
在病毒当前目录下创建文件:
1.dat(systems32.exe)
2.dat(Trojan.Win32.Dialer.gd)
3.dat(Trojan.Serpo.a)
4.dat(Trojan-Dropper.Win32.Small.ol)
gigasoft.dll
2.修改注册表:
添加注册表项:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"ControlPanel"="C:\WINNT\System32\cmd64.exe internat.dll,LoadKeyboardProfile"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
"Sysctl Desktop Handler"=""
HKEY_CLASSES_ROOT\CLSID\\InProcServer32
"默认"="C:\\WINNT\\System32\\systr.dll"
"ThreadingModel"="Apartment"
3.访问某些预定的网址,下载木马程序并运行。
4.修改主页,并添加某些网址到收藏夹:
%Favorites%\Computers and Privacy\
Adware Removal.url
Broadband.url
Cable.url
Domain Hosting.url
Domain Names.url
DSL.url
E Commerce.url
Internet Access.url
Popup Blocker.url
Spyware Removal.url
Web Design.url
%Favorites%\Finance\
Bad Credit.url
Credit Cards.url
Debt Consolidation.url
Fast Cash.url
Home Business.url
Home Mortgage.url
Home Refinance.url
Investerment.url
Payday Loan.url
Student Loan.url
%Favorites%\Real Estate\
Commercial Mortgage.url
Condominiums.url
Home Business.url
Home Equity Loan.url
Home Improvement.url
Home Insurance.url
Home Mortgage.url
Interior Design.url
Mortgage Quote.url
Mortgage Refinancing.url
%Favorites%\Sport\
Baseball Betting.url
Basketball Betting.url
Fishing.url
Fitness.url
Football Betting.url
Golf.url
Horse Racing.url
Personal Trainers.url
Sport Cars.url
Sportsbook.url
%Favorites%\Dating\
Adult Dating.url
Chat Dating.url
Chat Flirt.url
Dating.url
Marriage.url
Matchmaking.url
Personals.url
Romance.url
Singles.url
Wedding.url
%Favorites%\Gambling\
Baccarat.url
Betting.url
Bingo.url
Blackjack.url
Horse Racing.url
Online Casinos.url
Online Roulette.url
Poker.url
Slot Machines.url
Sportsbook.url
%Favorites%\Pharmacy\
Acne Control.url
Breast Enhancement.url
Diet Patch.url
Human Growth Hormone.url
Penis Enlargement.url
Tramadol.url
Valium.url
Viagra.url
Vicodin.url
Weight.url
%Favorites%\Shopping\
Auto.url
Books.url
Clothing.url
Computers subaff.url
Cosmetics.url
Electronics.url
Gifts.url
Laptops.url
Printers.url
Skin Care.url
Trade Shows.url
Wedding Gift.url
%Favorites%\Travel\
Air Flight.url
Caribbean Cruises.url
Cruise Travel.url
Discount Travel.url
Hawaii Vacation.url
Hotels.url
Rental Cars.url
Carnival Cruises.url
Travel Insurance.url
Vacation Packages.url
5.在桌面上添加链接Adware Remover,Home Mortgages,Online Dating,Online Pharmacy,Poker。