obfuscated.XZ 是什么木马
发布网友
发布时间:2022-04-26 21:21
共3个回答
热心网友
时间:2023-11-04 01:12
W32/Obfuscated.XZ是一个感染Windows 系统的木马,最早发现于08年4月17日,又名 Win32.Trojan.Obfuscated.gx.3 和 Trojan.Win32.Obfuscated.xz 。该木马一旦执行后,将会在Documents and Settings\All Users\Application Data文件夹中留下自己的一个拷贝,而后删除掉原始的病毒文件。与此同时,它将做出如下动作:
1。 修改注册表,在下列位置添加自动运行:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
HKEY_USERS\(SID)\Software\Microsoft\Windows\CurrentVersion\Run
2。 关闭并禁止任务管理器(Task Manager)运行
3。 尝试从hxxp://antispyware-reviews.biz/?wmid=4663&pwebmid=XQcoP2rR2W 下载一个广告插件CAnitivirus_Installer.exe
4。 在下列文件夹中装入如下文件:
twdmheje.exe in the Windows System folder,
ChkStr.dll in the Windows System folder,
def.htm in the Windows\Web folder,
System32vbsys2.dll in the Windows folder,
System32awtoolb.dll in the Windows folder,
System32sysreq.exe in the Windows folder,
System32WINWGPX.EXE in the Windows folder,
System32bdn.com in the Windows folder,
System32mssecu.exe in the Windows folder,
System32winsystem.exe in the Windows folder,
bdn.com in the Windows folder,
mssecu.exe in the Windows folder,
winsystem.exe in the Windows folder,
System32anticipator.dll in the Windows folder,
System32vcatchpi.dll in the Windows folder,
System32akttzn.exe in the Windows folder,
System32newsd32.exe in the Windows folder,
System32emesx.dll in the Windows folder,
System32Rundl1.exe in the Windows folder,
System32thun.dll in the Windows folder,
System32thun32.dll in the Windows folder,
System32msvchost.exe in the Windows folder,
System32regc64.dll in the Windows folder,
System32regm64.dll in the Windows folder,
System32ssvchost.com in the Windows folder,
System32ssvchost.exe in the Windows folder,
System32dpcproxy.exe in the Windows folder,
System32h@tkeysh@@k.dll in the Windows folder,
System32temp#01.exe in the Windows folder,
System32msgp.exe in the Windows folder,
System32mtr2.exe in the Windows folder,
System32netode.exe in the Windows folder,
System32mep012.dll in the Windows folder,
System32mep020.dll in the Windows folder,
System32ssurf022.dll in the Windows folder,
System32msnbho.dll in the Windows folder,
System32bsva-egihsg52.exe in the Windows folder,
System32ps1.exe in the Windows folder,
System32psof1.exe in the Windows folder,
System32psoft1.exe in the Windows folder,
iTunesMusic.exe in the Windows folder,
System32hxiwlgpm.dat in the Windows folder,
System32hxiwlgpm.exe in the Windows folder,
System32taack.dat in the Windows folder,
System32taack.exe in the Windows folder,
System32sncntr.exe in the Windows folder,
System32mwin32.exe in the Windows folder,
a.bat in the Windows folder,
System32VBIEWER.OCX in the Windows folder,
System32hoproxy.dll in the Windows folder,
base64.tmp in the Windows folder,
FVProtect.exe in the Windows folder,
userconfig9x.dll in the Windows folder,
zip1.tmp in the Windows folder,
zip2.tmp in the Windows folder,
zip3.tmp in the Windows folder,
zipped.tmp in the Windows folder,
System32winlogonpc.exe in the Windows folder,
2_mslagent.dll in the WINDOWS\mslagent folder,
mslagent.exe in the WINDOWS\mslagent folder,
uninstall.exe in the WINDOWS\mslagent folder,
Desktopfwebd.exe in the Documents and Settings\%Current User% folder,
DesktopFWebdEditor.exe in the Documents and Settings\%Current User% folder,
DesktopEditorFKWP1.5.exe in the Documents and Settings\%Current User% folder,
DesktopEditorFKWP2.0.exe in the Documents and Settings\%Current User% folder,
Desktopfilemanagerclient.exe in the Documents and Settings\%Current User% folder,
Desktopfkwp1.5.exe in the Documents and Settings\%Current User% folder,
Desktopfkwp2.0.exe in the Documents and Settings\%Current User% folder.
由于该木马出现较早,因此早已被收录入各个病毒库或者木马库,当前国内的众多杀毒软件应当均可查杀该木马。
参考资料:http://www.pspl.com/virus_info/trojans/obfuscatedxz.htm
热心网友
时间:2023-11-04 01:13
如果你遇到病毒问题,可以使用我们的金山网盾,一键修复解决问题。
百度金山网盾,官方下载有惊喜。
热心网友
时间:2023-11-04 01:13
