Win32.Troj.Goweh.a

王朝百科·作者佚名  2009-12-26  
宽屏版  字体: |||超大  

病毒别名:

处理时间:2005-10-11

威胁级别:★

中文名称:

病毒类型:木马

影响系统:Win 9x/ME,Win 2000/NT,Win XP,Win 2003

病毒行为:

该病毒是一个修改浏览器主页的木马病毒。该病毒运行后不停地添加启动项,修改浏览器主页,严重影响了系统的性能;该病毒还会会屏蔽大量站点,给网民造成了很大的不便。

1,生成文件

%Current%

etwork.sys

2,添加启动项

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun

"UserSystem" = "%CurrentFile%"

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun

"UserSystem" = "%CurrentFile%"

3,修改主页

HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain

"Start Page" = "http://smartsearch.ws"

HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain

"Default_Page_URL" = "http://smartsearch.ws"

HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerMain

"Start Page" = "http://smartsearch.ws"

HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerMain

"Default_Page_URL" = "http://smartsearch.ws"

HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain

"Search Page" = "http://smartsearch.ws/?q="

HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain

"Search Bar" = "http://smartsearch.ws/?q="

HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain

"Default_Search_URL" = "http://smartsearch.ws/?q="

HKEY_CURRENT_USERSoftwareMicrosoftInternet Explorer

"SearchURL" = "http://smartsearch.ws/?q="

HKEY_CURRENT_USERSoftwareMicrosoftInternet Explorer

"Search" = "http://smartsearch.ws/?q="

HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerMain

"Search Page" = "http://smartsearch.ws/?q="

HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerMain

"Search Bar" = "http://smartsearch.ws/?q="

HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerMain

"Default_Search_URL" = "http://smartsearch.ws/?q="

HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet Explorer

"SearchURL" = "http://smartsearch.ws/?q="

HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet Explorer

"Search" = "http://smartsearch.ws/?q="

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionURLDefaultPrefix

"default" = "http://smartsearch.ws/?q="

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionURLPrefixes

"www" = "http://smartsearch.ws/?q="

HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSearch

"SearchAssistant" = "http://smartsearch.ws/?q="

HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSearch

"CustomizeSearch"= "http://smartsearch.ws/?q="

3,通过改写hosts文件屏蔽以下网站

127.0.0.1 forums.spywareinfo.com

127.0.0.1 www.spywareinfo.com

127.0.0.1 www.merijn.org

127.0.0.1 merijn.org

127.0.0.1 spywareinfo.com

127.0.0.1 www.computercops.biz

127.0.0.1 computercops.biz

127.0.0.1 dslreports.com

127.0.0.1 www.dslreports.com

127.0.0.1 www.lavasoftsupport.com

127.0.0.1 lavasoftsupport.com

127.0.0.1 www.lurkhere.com

127.0.0.1 lurkhere.com

127.0.0.1 forums.net-integration.net

127.0.0.1 www.pctalk.info

127.0.0.1 pctalk.info

127.0.0.1 www.suggestafix.com

127.0.0.1 suggestafix.com

127.0.0.1 forums.thiefware.com

127.0.0.1 www.tomcoyote.org

127.0.0.1 tomcoyote.org

127.0.0.1 www.wilderssecurity.com

127.0.0.1 wilderssecurity.com

127.0.0.1 www.winguides.com

127.0.0.1 winguides.com

127.0.0.1 www.spybot-spyware.com

127.0.0.1 spybot-spyware.com

127.0.0.1 1spybot.com

127.0.0.1 www.1spybot.com

127.0.0.1 www.lavasoftusa.com

127.0.0.1 lavasoftusa.com

127.0.0.1 www.spychecker.com

127.0.0.1 spychecker.com

127.0.0.1 www.grc.com

127.0.0.1 grc.com

127.0.0.1 www.cexx.org

127.0.0.1 cexx.org

127.0.0.1 security.kolla.de

127.0.0.1 www.security.kolla.de

127.0.0.1 simplythebest.net

127.0.0.1 www.simplythebest.net

127.0.0.1 www.spywareguide.com

127.0.0.1 spywareguide.com

127.0.0.1 www.spyware.co.uk

127.0.0.1 spyware.co.uk

127.0.0.1 www.lavasoft.de

127.0.0.1 lavasoft.de

127.0.0.1 www.webopedia.com

127.0.0.1 webopedia.com

127.0.0.1 www.ZeroSpyWare.com

127.0.0.1 ZeroSpyWare.com

127.0.0.1 www.spectorsoft.com

127.0.0.1 spectorsoft.com

127.0.0.1 www.Spy--Software.com

127.0.0.1 Spy--Software.com

127.0.0.1 www.sunbelt-software.com

127.0.0.1 sunbelt-software.com

127.0.0.1 www.spycleaner.net

127.0.0.1 spycleaner.net

127.0.0.1 www.EnigmaSoftwareGroup.com

127.0.0.1 EnigmaSoftwareGroup.com

127.0.0.1 www.no-spybot.com

127.0.0.1 no-spybot.com

 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
 
© 2005- 王朝百科 版权所有