金山毒霸2009
金山清理专家
专杀工具
在线杀毒
密保
网盾
系统急救箱
ARP防火墙
本病毒所有命名:
影响系统:
Win9x,WinMe,Linux
简介:
释放出以下文件 %Windir%MSWINSCK.OCX %Windir%setupconfig.dat %Windir%syskernel.dll %Windir%sysproc.dll 让smss.exe加载自己的sysproc.dll来执行
行为分析:
这是一个监控木马。该毒能收集用户系统的信息和帮助黑客控制用户电脑。它会利用系统进程强行加载自己的文件,使得用户无法利用任务管理器来关闭它,以保证自己能顺利作案。
:
影响系统:
Win9x,WinMe,Linux
简介:
释放出以下文件 %Windir%MSWINSCK.OCX %Windir%setupconfig.dat %Windir%syskernel.dll %Windir%sysproc.dll 让smss.exe加载自己的sysproc.dll来执行
行为分析:
这是一个监控木马。该毒能收集用户系统的信息和帮助黑客控制用户电脑。它会利用系统进程强行加载自己的文件,使得用户无法利用任务管理器来关闭它,以保证自己能顺利作案。
描述:
释放出以下文件
%Windir%MSWINSCK.OCX
%Windir%setupconfig.dat
%Windir%syskernel.dll
%Windir%sysproc.dll
让smss.exe加载自己的sysproc.dll来执行
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CC1356E6-C5AA-4BA6-927D-FBBEA3B11E8A}
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CC1356E6-C5AA-4BA6-927D-FBBEA3B11E8A}Implemented Categories
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CC1356E6-C5AA-4BA6-927D-FBBEA3B11E8A}Implemented Categories{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CC1356E6-C5AA-4BA6-927D-FBBEA3B11E8A}InprocServer32
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CC1356E6-C5AA-4BA6-927D-FBBEA3B11E8A}ProgID
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CC1356E6-C5AA-4BA6-927D-FBBEA3B11E8A}Programmable
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CC1356E6-C5AA-4BA6-927D-FBBEA3B11E8A}TypeLib
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CC1356E6-C5AA-4BA6-927D-FBBEA3B11E8A}VERSION
HKEY_LOCAL_MACHINESOFTWAREClassesInterface{A424219B-3F96-4D9A-86A3-DE5A8BB9C00C}
HKEY_LOCAL_MACHINESOFTWAREClassesInterface{A424219B-3F96-4D9A-86A3-DE5A8BB9C00C}ProxyStubClsid
HKEY_LOCAL_MACHINESOFTWAREClassesInterface{A424219B-3F96-4D9A-86A3-DE5A8BB9C00C}ProxyStubClsid32
HKEY_LOCAL_MACHINESOFTWAREClassesInterface{A424219B-3F96-4D9A-86A3-DE5A8BB9C00C}TypeLib
HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{2DF27952-C9DD-47CC-961E-CFF592E7A320}
HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{2DF27952-C9DD-47CC-961E-CFF592E7A320}1.0
HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{2DF27952-C9DD-47CC-961E-CFF592E7A320}1.0�
HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{2DF27952-C9DD-47CC-961E-CFF592E7A320}1.0�win32
HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{2DF27952-C9DD-47CC-961E-CFF592E7A320}1.0FLAGS
HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{2DF27952-C9DD-47CC-961E-CFF592E7A320}1.0HELPDIR
HKEY_LOCAL_MACHINESOFTWAREClassesSysProc.Afire
HKEY_LOCAL_MACHINESOFTWAREClassesSysProc.AfireClsid
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CC1356E6-C5AA-4BA6-927D-FBBEA3B11E8A}VERSION]
(Default) = "1.0"
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CC1356E6-C5AA-4BA6-927D-FBBEA3B11E8A}TypeLib]
(Default) = "{2DF27952-C9DD-47CC-961E-CFF592E7A320}"
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CC1356E6-C5AA-4BA6-927D-FBBEA3B11E8A}ProgID]
(Default) = "SysProc.Afire"
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CC1356E6-C5AA-4BA6-927D-FBBEA3B11E8A}InprocServer32]
(Default) = "%Windir%sysproc.dll"
ThreadingModel = "Apartment"
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CC1356E6-C5AA-4BA6-927D-FBBEA3B11E8A}]
(Default) = "SysProc.Afire"
[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{A424219B-3F96-4D9A-86A3-DE5A8BB9C00C}TypeLib]
(Default) = "{2DF27952-C9DD-47CC-961E-CFF592E7A320}"
Version = "1.0"
[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{A424219B-3F96-4D9A-86A3-DE5A8BB9C00C}ProxyStubClsid32]
(Default) = "{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{A424219B-3F96-4D9A-86A3-DE5A8BB9C00C}ProxyStubClsid]
(Default) = "{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{A424219B-3F96-4D9A-86A3-DE5A8BB9C00C}]
(Default) = "Afire"
[HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{2DF27952-C9DD-47CC-961E-CFF592E7A320}1.0�win32]
(Default) = "%Windir%sysproc.dll"
[HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{2DF27952-C9DD-47CC-961E-CFF592E7A320}1.0HELPDIR]
(Default) = "C:WINDOWS"
[HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{2DF27952-C9DD-47CC-961E-CFF592E7A320}1.0FLAGS]
(Default) = "0"
[HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{2DF27952-C9DD-47CC-961E-CFF592E7A320}1.0]
(Default) = "SysProc"
[HKEY_LOCAL_MACHINESOFTWAREClassesSysProc.AfireClsid]
(Default) = "{CC1356E6-C5AA-4BA6-927D-FBBEA3B11E8A}"
[HKEY_LOCAL_MACHINESOFTWAREClassesSysProc.Afire]
(Default) = "SysProc.Afire"
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
smss = "%Windir%securitysmss.exe"
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{248DD896-BB45-11CF-9ABC-0080C7E7B78D}]
(Default) = "Microsoft WinSock Control, version 6.0 (SP6)"
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{248DD896-BB45-11CF-9ABC-0080C7E7B78D}InprocServer32]
(Default) = "%System%MSWINSCK.OCX"
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{248DD896-BB45-11CF-9ABC-0080C7E7B78D}ToolboxBitmap32]
(Default) = "%System%MSWINSCK.OCX, 1"
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{248DD897-BB45-11CF-9ABC-0080C7E7B78D}InprocServer32]
(Default) = "%System%MSWINSCK.OCX"
[HKEY_LOCAL_MACHINESOFTWAREClassesMSWinsock.Winsock]
(Default) = "Microsoft WinSock Control, version 6.0 (SP6)"
[HKEY_LOCAL_MACHINESOFTWAREClassesMSWinsock.Winsock.1]
(Default) = "Microsoft WinSock Control, version 6.0 (SP6)"
[HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{248DD890-BB45-11CF-9ABC-0080C7E7B78D}1.0]
(Default) = "Microsoft Winsock Control 6.0 (SP6)"
[HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{248DD890-BB45-11CF-9ABC-0080C7E7B78D}1.0�win32]
(Default) = "%System%MSWINSCK.OCX"
[HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{248DD890-BB45-11CF-9ABC-0080C7E7B78D}1.0HELPDIR]
(Default) = ""
释放出以下文件
%Windir%MSWINSCK.OCX
%Windir%setupconfig.dat
%Windir%syskernel.dll
%Windir%sysproc.dll
让smss.exe加载自己的sysproc.dll来执行
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CC1356E6-C5AA-4BA6-927D-FBBEA3B11E8A}
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CC1356E6-C5AA-4BA6-927D-FBBEA3B11E8A}Implemented Categories
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CC1356E6-C5AA-4BA6-927D-FBBEA3B11E8A}Implemented Categories{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CC1356E6-C5AA-4BA6-927D-FBBEA3B11E8A}InprocServer32
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CC1356E6-C5AA-4BA6-927D-FBBEA3B11E8A}ProgID
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CC1356E6-C5AA-4BA6-927D-FBBEA3B11E8A}Programmable
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CC1356E6-C5AA-4BA6-927D-FBBEA3B11E8A}TypeLib
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CC1356E6-C5AA-4BA6-927D-FBBEA3B11E8A}VERSION
HKEY_LOCAL_MACHINESOFTWAREClassesInterface{A424219B-3F96-4D9A-86A3-DE5A8BB9C00C}
HKEY_LOCAL_MACHINESOFTWAREClassesInterface{A424219B-3F96-4D9A-86A3-DE5A8BB9C00C}ProxyStubClsid
HKEY_LOCAL_MACHINESOFTWAREClassesInterface{A424219B-3F96-4D9A-86A3-DE5A8BB9C00C}ProxyStubClsid32
HKEY_LOCAL_MACHINESOFTWAREClassesInterface{A424219B-3F96-4D9A-86A3-DE5A8BB9C00C}TypeLib
HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{2DF27952-C9DD-47CC-961E-CFF592E7A320}
HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{2DF27952-C9DD-47CC-961E-CFF592E7A320}1.0
HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{2DF27952-C9DD-47CC-961E-CFF592E7A320}1.0�
HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{2DF27952-C9DD-47CC-961E-CFF592E7A320}1.0�win32
HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{2DF27952-C9DD-47CC-961E-CFF592E7A320}1.0FLAGS
HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{2DF27952-C9DD-47CC-961E-CFF592E7A320}1.0HELPDIR
HKEY_LOCAL_MACHINESOFTWAREClassesSysProc.Afire
HKEY_LOCAL_MACHINESOFTWAREClassesSysProc.AfireClsid
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CC1356E6-C5AA-4BA6-927D-FBBEA3B11E8A}VERSION]
(Default) = "1.0"
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CC1356E6-C5AA-4BA6-927D-FBBEA3B11E8A}TypeLib]
(Default) = "{2DF27952-C9DD-47CC-961E-CFF592E7A320}"
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CC1356E6-C5AA-4BA6-927D-FBBEA3B11E8A}ProgID]
(Default) = "SysProc.Afire"
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CC1356E6-C5AA-4BA6-927D-FBBEA3B11E8A}InprocServer32]
(Default) = "%Windir%sysproc.dll"
ThreadingModel = "Apartment"
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CC1356E6-C5AA-4BA6-927D-FBBEA3B11E8A}]
(Default) = "SysProc.Afire"
[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{A424219B-3F96-4D9A-86A3-DE5A8BB9C00C}TypeLib]
(Default) = "{2DF27952-C9DD-47CC-961E-CFF592E7A320}"
Version = "1.0"
[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{A424219B-3F96-4D9A-86A3-DE5A8BB9C00C}ProxyStubClsid32]
(Default) = "{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{A424219B-3F96-4D9A-86A3-DE5A8BB9C00C}ProxyStubClsid]
(Default) = "{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{A424219B-3F96-4D9A-86A3-DE5A8BB9C00C}]
(Default) = "Afire"
[HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{2DF27952-C9DD-47CC-961E-CFF592E7A320}1.0�win32]
(Default) = "%Windir%sysproc.dll"
[HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{2DF27952-C9DD-47CC-961E-CFF592E7A320}1.0HELPDIR]
(Default) = "C:WINDOWS"
[HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{2DF27952-C9DD-47CC-961E-CFF592E7A320}1.0FLAGS]
(Default) = "0"
[HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{2DF27952-C9DD-47CC-961E-CFF592E7A320}1.0]
(Default) = "SysProc"
[HKEY_LOCAL_MACHINESOFTWAREClassesSysProc.AfireClsid]
(Default) = "{CC1356E6-C5AA-4BA6-927D-FBBEA3B11E8A}"
[HKEY_LOCAL_MACHINESOFTWAREClassesSysProc.Afire]
(Default) = "SysProc.Afire"
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
smss = "%Windir%securitysmss.exe"
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{248DD896-BB45-11CF-9ABC-0080C7E7B78D}]
(Default) = "Microsoft WinSock Control, version 6.0 (SP6)"
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{248DD896-BB45-11CF-9ABC-0080C7E7B78D}InprocServer32]
(Default) = "%System%MSWINSCK.OCX"
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{248DD896-BB45-11CF-9ABC-0080C7E7B78D}ToolboxBitmap32]
(Default) = "%System%MSWINSCK.OCX, 1"
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{248DD897-BB45-11CF-9ABC-0080C7E7B78D}InprocServer32]
(Default) = "%System%MSWINSCK.OCX"
[HKEY_LOCAL_MACHINESOFTWAREClassesMSWinsock.Winsock]
(Default) = "Microsoft WinSock Control, version 6.0 (SP6)"
[HKEY_LOCAL_MACHINESOFTWAREClassesMSWinsock.Winsock.1]
(Default) = "Microsoft WinSock Control, version 6.0 (SP6)"
[HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{248DD890-BB45-11CF-9ABC-0080C7E7B78D}1.0]
(Default) = "Microsoft Winsock Control 6.0 (SP6)"
[HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{248DD890-BB45-11CF-9ABC-0080C7E7B78D}1.0�win32]
(Default) = "%System%MSWINSCK.OCX"
[HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{248DD890-BB45-11CF-9ABC-0080C7E7B78D}1.0HELPDIR]
(Default) = ""
