| upside    
         
       
  反病毒 反詐騙 反虐犬 
  
 | 分享:                 
 [病毒蠕蟲] Email-Worm.Win32.Brontok.q
                      
                        
                        
                          |  x0 | 
 
   Email-Worm.Win32.Brontok.q
 在登錄檔中加入的鍵值(讓病毒自動執行並鎖定登錄):
 [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System]
 "DisableRegistryTools"="1"
 "DisableCMD"="0"
 
 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
 "Hidden"="0"
 "HideFileExt"="1"
 "ShowSuperHidden"="0"
 
 [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
 "NoFolderOptions"="1"
 
 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
 "Bron-Spizaetus"=""
 "Bron-Spizaetus-<random symbols>"="%WinDir%\ShellNew\bbm-<random symbols>.exe"
 
 [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
 "Tok-Cirrhatus"=""
 "Tok-Cirrhatus-<random number>"="%UserProfile%\Local Settings\Application Data\br<random number>on .exe"
 
 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
 "Shell"="Explorer.exe "%WinDir%\sembako-<random symbols>.exe""
 
 [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot]
 "AlternateShell"="cmd-bro-<random symbols>.exe"
 
 病毒還會複製以下檔案到磁碟上:
 %UserProfile%\Local Settings\Application Data\br<random number>on.exe
 %UserProfile%\Local Settings\Application Data\csrss.exe
 %UserProfile%\Local Settings\Application Data\inetinfo.exe
 %UserProfile%\Local Settings\Application Data\lsass.exe
 %UserProfile%\Local Settings\Application Data\services.exe
 %UserProfile%\Local Settings\Application Data\smss.exe
 %UserProfile%\Local Settings\Application Data\svchost.exe
 %UserProfile%\Local Settings\Application Data\winlogon.exe
 同一資料夾下的文字檔 Kosong.Bron.Tok.txt
 
 %WinDir%\sembako-<隨機字串>.exe
 %WinDir%\ShellNew\bbm-<隨機字串>.exe
 %System%\DXBLBO.exe
 %System%\cmd-bro-<隨機字串>.exe
 %System%\%UserName%'s Setting.scr
 
 %UserProfile%\%Autorun%\Empty.pif
 %UserProfile%\Templates\<random number>-NendangBro.com
 %MyPictures%\Mypictures.exe
 %MyPictures%\about.Brontok.A.html
 
 病毒還會在系統資料夾下新增檔案sistem.sys,記錄中毒的資料和時間
 
 
 |