本词条缺少名片图,补充相关内容使词条更完整,还能快速升级,赶紧来编辑吧!
Trojan/PopMonster是木马病毒。是一个不能自动激活的程序,运行时首先会进行安装。传播过程及特征是修改用户注册表。
- 中文名
- Trojan/PopMonster
- 病毒长度
- 变长
- 病毒类型
- 木马
- 影响平台
- Win9X/2000/XP/NT/Me
Trojan/PopMonster基本信息
编辑Trojan/PopMonster
病毒长度:变长
病毒类型:木马
危害等级:*
影响平台:Win9X/2000/XP/NT/Me
Trojan/PopMonster是一个不能自动激活的程序,运行时首先会进行安装。
Trojan/PopMonster传播过程
编辑1.修改注册表:
添加下列键值:
HKEY_CURRENT_USER\Software\180solutions\msbb
HKEY_LOCAL_MACHINE\Software\iefeatures\ "lastdate"
HKEY_LOCAL_MACHINE\Software\iefeatures\ "popstate"
HKEY_LOCAL_MACHINE\Software\iefeatures\ "sys"
HKEY_LOCAL_MACHINE\Software\iefeatures\ "userid"
HKEY_LOCAL_MACHINE\Software\iefeatures\ "version"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
"iefeatures" = "%Windir%\IEFEATURES.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
"msbb" = "%Windir%\MSBB\MSBB.EXE"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "MSVersion"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\msbb
"DisplayName" = "PAD Lookups by n-CASE "
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\msbb
"default" = "UninstallString"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\nCASE
"DisplayName" = "Interstitial Ad Delivery by n-CASE"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
"Start Page" = "http://popnav.com"
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
"Start Page" = "http://popnav.com"
2.生成文件:
%Windir%\Desktop\Eliminate Popups.url
%Windir%\Desktop\Internet Privacy Software.url
%Windir%\Desktop\Yahoo.url
%Windir%\Favorites\Ebay.url
%Windir%\Favorites\Search Now.url
%Windir%\Favorites\Stop Popups.url
%Windir%\Favorites\Internet Tools\Internet Privacy Software.url
%Windir%\Favorites\Internet Tools\Online Virus Scan.url
%Windir%\Favorites\Internet Tools\Popup Blocker.url
%Windir%\Favorites\Search\Search Casinos.url
%Windir%\Favorites\Search\Search Dating.url
%Windir%\Favorites\Search\Search Now.url
%Windir%\Favorites\Search\Search Sports.url
%Windir%\Favorites\Shopping\Best Buy.url
%Windir%\Favorites\Shopping\Buy.com.url
%Windir%\Favorites\Shopping\Ebay.url
%Windir%\Favorites\Shopping\WalMart.url
%System%\iefeatures.exe
%System%\MSrdk.xml
%System%\msbb\kyf.dat
%System%\msbb\msbb.exe
词条标签: