新病毒介绍(DLL9DSYS.EXE)
公司的香港服务器又重毒了,启动项中有一个DLL9DSYS.EXE ,Baidu搜索查不到任何结果,Google搜索出一堆英文资料。
下面是我搜索到的信息:
-----------------------------------------------------------------------
W32/Sdbot-HZ
Aliases
Backdoor.IRCBot.gen, W32/Sdbot.worm.gen.i
Type
Win32 worm
Description
W32/Sdbot-HZ is a worm which attempts to spread to remote network shares. It
also contains backdoor Trojan functionality, allowing unauthorised remote access
to the infected computer via IRC channels while running in the background as a service process.
W32/Sdbot-HZ copies itself to the Windows system folder as
DLL9DSYS.EXE and creates entries in the registry at the following locations to
run itself on system startup:
HKLMSoftwareMicrosoftWindowsCurrentVersionRun
HKLMSoftwareMicrosoftWindowsCurrentVersionRunServices
HKCUSoftwareMicrosoftWindowsCurrentVersionRun
More: http://www.sophos.com/virusinfo/analyses/w32sdbothz.html
Posted by: Marianna Schmudlach Posted on: 04/30/2004 9:05
-----------------------------------------------------------------------
怪不得直接在HKLM下的RUN和RunServices中删除了启动项,重启后还会有。原来还要删除HKCU下的相关键值,以前还一直不知道。
- 转载请注明来源:IT学习网 网址:http://www.t086.com/ 向您的朋友推荐此文章
- 特别声明: 本站除部分特别声明禁止转载的专稿外的其他文章可以自由转载,但请务必注明出处和原始作者。文章版权归文章原始作者所有。对于被本站转载文章的个人和网站,我们表示深深的谢意。如果本站转载的文章有版权问题请联系我们,我们会尽快予以更正。