重剑无锋 2007-11-19 14:28
病毒预警:光华反病毒资讯(11月19日-11月25日)
光华反病毒研究中心近日进行病毒特征码更新,请用户尽快到光华网站[url]http://www.viruschina.com[/url]下载升级包,以下是几个重要病毒的简介:
一、木马病毒:Trojan.Falupan 危害级别:★★★☆☆
根据光华反病毒研究中心专家介绍,Trojan.Falupan 是个木马病毒,长度可变,感染 Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000 系统。它减低系统安全设置,当收到、打开此病毒时,有以下危害:
A 创建以下病毒文件
用户目录\system.exe
用户目录\winlogon.exe
当前目录\explorer.exe
系统目录\scvhost.exe
Win目录\astry.exe
Win目录\Network-IPv6\network.exe
Win目录\scvhost.exe
B 创建以下无害文件
C:\Documents and Settings\All Users\Desktop\msvbvm60.dll
Win目录\msvbvm60.dll
C 创建以下注册表项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
Winlogon\"Shell" = "explorer.exe, scvhost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
Winlogon\"Userinit" = "%System%\Userinit.exe,scvhost.exe"
使得病毒每次开机后启动
D 修改以下注册表项,改变系统显示文件选项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\"Bitmap" = "%System%\SHELL32.DLL,11"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\FriendlyTree\"CheckedValue" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\Hidden\"Bitmap" = "%System%\SHELL32.DLL,22"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\Hidden\NOHIDDEN\"HKeyRoot" = "1010"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\Hidden\SHOWALL\"CheckedValue" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\Hidden\SHOWALL\"DefaultValue" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\Hidden\SHOWALL\"HKeyRoot" = "1018"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\HideFileExt\"CheckedValue" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\HideFileExt\"DefaultValue" = "1"
E 修改以下注册表项,改变系统Explorer设置
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\"Text" = "Gue pikir2x lo itu"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\ClassicViewState\"Text" = "Adik lo banyak"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\ControlPanelInMyComputer\"Text" = "Pacar lo Banyak"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\DesktopProcess\"Text" = "Kurang taat ibadah"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\DisableThumbCache\"Text" = "Sok tau"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\FolderSizeTip\"Text" = "Babe lo galak"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\FriendlyTree\"Text" = "Gue kangen berat"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\Hidden\"Text" = "Semua tentang lo"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\Hidden\"NOHIDDEN\Text" = "Akan gue lupakan semua"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\Hidden\SHOWALL\"Text" = "Akan gue ingat semua"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\HideFileExt\"Type" = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\HideFileExt\"Text" = "Lo dugem terus"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\NetCrawler\"Text" = "Terlalu banyak nuntut"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\PersistBrowsers\"Text" = "Lo gak romantis"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\ShowCompColor\"Text" = "Otak lo mesum"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\ShowFullPath\"Text" = "Lo bego"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\ShowFullPathAddress\"Text" = "Gue pandang2x lo jelek"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\ShowInfoTip\"Text" = "Jarang jajan"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\SimpleSharing\"Text" = "Gak punya mobil"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\SuperHidden\"Text" = "gue ada pacar baru"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\Thickets\"Text" = "Hidup bersama lo"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\Thickets\"Bitmap" = "%System%\SHELL32.DLL,29"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\Thickets\AUTO\"Text" = "Bakalan susah"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\Thickets\NOHIDE\"Text" = "Biasa aza"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\Thickets\NONE\"Text" = "Bakalan senang"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\WebViewBarricade\"Text" = "Gue masih cinta lo"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Tips\"[0-50]" = "Iloveu astry and never forget you"
F 显示对话框,内容如下
Windows Update (6300-NGSRP-TMR521A-SMG-542PH-3180) . Check system setting or upgrade system.
Maybe your system not full patch .System still safe. [url]www.microsoft.com[/url]
PATCH CODE : AS3-CTRKEA-SR.
光华反病毒软件已经对这种病毒进行了处理,请用户升级后,使用光华反病毒软件清除。
二 W32病毒 W32.Tvido.A 危害级别:★★☆☆☆
根据光华反病毒研究中心专家介绍,W32.Tvido.A 是一个 W32 病毒,长度 2978 字节,感染 Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP 系统。它是个可执行文件病毒,感染系统所有硬盘及网络盘中的PE文件,当收到、打开此病毒时,主要有以下危害:
A 感染系统所有硬盘及网络盘中的PE文件
B 修改 PE 文件的 DOS 头,加入标记
Virus WeeD v1.1 Made in Belarus!
北京日月光华软件公司网站([url]http://www.viruschina.com[/url])每日进行病毒特征码更新,光华反病毒研究中心专家提醒您:请尽快到光华安全网站在线订购光华反病毒软件来防范病毒的入侵,时刻保护您的电脑安全。光华反病毒软件用户升级到11月19日的病毒库(免费下载地址为:[url]http://www.viruschina.com/html/update.htm[/url])就可以完全查杀这些病毒。
meiying1973 2007-11-23 13:19
谢谢楼主的提醒: JM12 : JM12 : JM12 : JM12
goldenhorse 2008-2-20 12:52
,学习了,学习了,:,学习了,: JM15
。
shijian_asd 2008-2-22 00:39
这款杀毒软件怎么样?我还有正版的号。
