|
“灰鸽子变种679936”,这是一个灰鸽子木马的变种。它会在用户电脑里建立全局监视,并与病毒作者指定的远程服务器通讯,帮助黑客进行一系列的远程监控等操作。它为迷惑用户,还会将自己伪装成一个数据安全保护进程。
“对抗型魔兽盗号器11353”,这是一个针对《魔兽世界》的网游盗号木马。它会把盗取的账号信息通过网页提交的方式发送到木马种植者手上。它还具有一定的对抗安全软件能力。
一.“灰鸽子变种679936” 威胁级别:★★
此木马是的主要威胁行为是它能协助黑客对用户电脑进行远程控制。它在用户系统中运行起来后,就会启动IE浏览器的进程,在后台静静地访问IP查询网站,获得用户电脑的IP信息,然后反向连接病毒作者指定的远程服务器<黑客控制端>。
连接成功后,此木马就监视用户的操作和网络访问情况,并等待黑客控制端发出的指令。利用该木马制造的后门,黑客可以对用户系统进行任何想要的控制。
该木马的文件被隐藏在%windows%目录下,名为systme.txt。它会被写入注册表,注册为服务启动。为蒙蔽用户,它给自己取的服务名为Protected Storag,服务描述为“提供对敏感数据(如私钥)的保护性存储”。习惯手动查杀的用户可对此留意。
当运行完成后,此木马就释放一个BAT文件,删除自己的原始文件。
关于该病毒的具体分析报告,可在金山病毒大百科中查阅 http://vi.duba.net/virus/win32-hack-huigezi2007-679936-50881.html
二.“对抗型魔兽盗号器11353” 威胁级别:★
此盗号木马具有一定的对抗能力,它进入系统后会首先搜索360安全卫士的进程,尝试将其强行关闭。
假如上面的步骤成功,它便把自己的dll文件注入到游戏进程当中,并展开消息监视。它监视用户与游戏服务器之间的通讯,从中筛选出《魔兽世界》玩家的游戏帐号与密码。
在顺利盗窃了帐号和密码后,它立即静静连接病毒作者指定的远程地址,以网页提交的方式将赃物发送出去。
病毒文件exlplo.Dll会被隐藏在系统盘%WINDOWS%\system32\目录下,习惯手动查杀的用户要留意。
关于该病毒的具体分析报告,可在金山病毒大百科中查阅 http://vi.duba.net/virus/win32-troj-onlinegames-ak-11353-50882.html
金山反病毒工程师建议
1.最好安装专业的杀毒软件进行全面监控,防范日益增多的病毒。用户在安装反病毒软件之后,应将一些主要监控经常打开<如邮件监控.内存监控等>.经常进行升级.碰到问题要上报,这样才能真正保障计算机的安全。
2.由于玩网络游戏.利用QQ等即时聊天工具交流的用户数量逐渐增加,所以各类盗号木马必将随之增多,建议用户一定要养成良好的网络使用习惯,如不要登录不良网站.不要进行非法下载等,切断病毒传播的途径,不给病毒以可乘之机。
金山毒霸反病毒应急中心及时进行了病毒库更新,升级毒霸到2008年8月20的病毒库即可查杀以上病毒;如未安装金山毒霸,可以登录http://www.5kdj.com免费下载最新版金山毒霸2008或使用金山毒霸在线杀毒来防止病毒入侵。拨打金山毒霸反病毒急救电话010—82331816,反病毒专家将为您提供帮助。
英文介绍:
"Grey dove is varietal 679936 " (Win32.Hack.Huigezi2007.679936) , this is the mutation of trojan of a grey dove. It can build global surveillance in user computer, the long-range server communication that appoints with virus author, help hacker undertakes a series of the operation such as long-range monitoring. It is puzzle user, still can pretend oneself security of a data to protect a process.
"Date of pilfer of antagonism demon animal implement 11353 " (Win32.Troj.OnLineGames.ak.11353) , this is one is aimed at " demon animal world " the net swims pilfer date trojan. It is met the means that submits the Zhang number information of purloin through the webpage sends trojan cropper on the hand. It still has capacity of certain antagonism safety software.
One, " is grey dove varietal 679936 " (Win32.Hack.Huigezi2007.679936) ? Minatory level: ★ ★
This trojan basically browbeats yes behavior is it can assist a hacker to undertake be controllinged remotely to user computer. It moves in user system after rising, with respect to the process that can start IE browser, backstage visits IP stealthily to inquire a website, obtain the IP information of user computer, the long-range server that joins virus author is appointed reversely next (the hacker dominates end) .
After link is successful, this trojan visits a circumstance with respect to the operation of surveillant user and network, await a hacker to control the statement that end issues. Use the back door that this trojan makes, the hacker can have any wanted control to user system.
The file of this trojan is concealed below %windows% catalog, the name is Systme.txt. It can be written register a watch, register start for the service. For becloud user, the service name that it takes to oneself is Protected Storag, service described as " provide pair of sensitive data (like illicit key) protection stores " . Habitual hand is moved check killed user to be able to be opposite this is advertent.
Should move after finishing, this trojan releases document of a BAT, delete oneself original document.
About the labor report of this virus, can be in golden hill virus consults in 100 divisions greatly Http://vi.duba.net/virus/win32-hack-huigezi2007-679936-50881.html
2, " date of pilfer of antagonism demon animal implement 11353 " (Win32.Troj.OnLineGames.ak.11353) ? Minatory level: ★
Trojan of this pilfer date has certain antagonism capacity, the meeting after it enters a system searchs the process of 360 safe bodyguard above all, try to shut its forcibly.
If the measure above is successful |
