Win32.Troj.StartPage.r

病毒别名：

处理时间：2005-09-02

威胁级别：★

中文名称：

病毒类型：木马

影响系统：Win 9x/ME,Win 2000/NT,Win XP,Win 2003

病毒行为:

该病毒是一个更改用户主页的木马。病毒运行后，拷贝自身到%windows%syschk.exe，并释放网页到本地，添加启动项，使得开机控制用户机器，使用户无法改变浏览器主页。该木马还会禁用注册表编辑器和控制面板中一些项。

1，生成文件

%windows%syschk.exe

%windows%lank.htm

2，更改注册表

HKLMSOFTWAREMicrosoftInternet ExplorerAboutURLs

"Search" = "file://%windows%lank.htm"

HKLMSOFTWAREMicrosoftInternet ExplorerMain

"Start Page" = "about:search"

"Search Page" = "about:search"

"Default_Page_URL" = "about:search"

"Default_Search_URL" = "about:search"

HKLMSOFTWAREMicrosoftInternet ExplorerSearch

"SearchAssistant = "about:search"

"CustomizeSearch" = "about:search"

HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun

"syschk" = "syschk.exe /fastcheck"

HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun

"syschk" = "syschk.exe /fastcheck"

HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallSearchIt component

HKCUSOFTWAREMicrosoftInternet ExplorerMain

"Start Page" = "about:search"

"Search Page" = "about:search"

"Disable Script Debugger" = "yes"

"Error Dlg Displayed On Every Error" = "no"

"Error Dlg Details Pane Open" = "no"

"Show_URLinStatusBar" = "no"

HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel

"HomePage" = 0x1

"ResetWebSettings" = 0x1

HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictions

"NoViewSource" = 0x1

HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem

"DisableRegistryTools" = 0x1