²¡¶¾Ãû³Æ£ºTrojan.Win32.VB.xt(kaspersky)

²¡¶¾±ðÃû£ºMalware.d (McAfee) ,Trojan/QQMsg.AutoQQ.K(½­Ãñ)

Ó°Ïìϵͳ£ºWindowsϵͳ¡¡Íþв¼¶±ð£º¡ï

»ù±¾ÌØÕ÷£º´óС 16,384 ×Ö½Ú,ÊÇWIN32ƽ̨ϵÄÒ»¸öľÂí,²ÉÈ¡realoneÎļþͼ±ê,¾ßÓÐÃÔ»óÐÔ.VB±àд,PECompact¼Ó¿Ç

²¡¶¾ÐÐΪ£º

1:²¡¶¾ÔÚ%system32%ÏÂÉú³É

d11host.exe (16384,A);N0TEPAD.exe (16384,A);windll.dll (10,A)Èý¸öÎļþ×÷Ϊ²¡¶¾ÌåÎļþ

2:Éú³ÉÈçÏÂ×¢²á±íÏîÄ¿:

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run systemr "C:\\WINDOWS\\system32\\d11host.exe"

//XPʵÏÖ²¡¶¾µÄ×Ô¶¯Æô¶¯//

HKEY_USERS\\S-1-5-21-299502267-602609370-682003330-1003\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows load "" "C:\\WINDOWS\\system32\\N0TEPAD.EXE"

//¶ÔÓ¦ÓÚÔçÆÚϵͳµÄwin.iniÎļþ,load¼ÓÔØÏîÄ¿,ʵÏÖ×Ô¶¯Æô¶¯//

3:windll.dll ÓÃÓڼǼÓû§¸ÐȾ²¡¶¾Ê±¼ä(¼´ÏµÍ³µ±Ç°Ê±¼ä),±¾ÉíÎÞ¶¾.