客服邮箱
kaba365@pcstars.com.cn
销售客服
(购买咨询|订单查询|兑换帮助)
400-819-1313(9:00-18:00)
技术客服
(安装|使用问题咨询)
400-611-6633(5×8小时)
排名 | 病毒名称 | 病毒类型 | 周爆发率(%) |
1. | not-a-virus:AdWare.Win32.BHO.gtq | 广告软件 | 12.40 |
2. | HEUR:Trojan.Win32.Generic | 木马 | 7.93 |
3. | Trojan-Dropper.Win32.Agent.bkao | 木马 | 7.85 |
4. | Trojan-Dropper.Win32.Small.edx | 木马 | 6.09 |
5. | Trojan-Dropper.Win32.Agent.bjzk | 木马 | 5.33 |
6. | HEUR:Trojan.Win32.StartPage | 木马 | 4.66 |
7. | Trojan.Win32.Pakes.lmb | 木马 | 4.17 |
8. | Trojan-Dropper.Win32.Agent.bjck | 木马 | 2.38 |
9. | HEUR:Trojan-Downloader.Win32.Generic | 木马 | 2.13 |
10. | Trojan-Downloader.Win32.Agent.cuap | 木马 | 1.81 |
关注恶意软件:
具体表现: 感染计算机后,木马会释放以下文件到系统: %systemroot%\TEMP\Sermon.sys %temp%\Random.bat 还会下载文件: http://pc1.114central.com/ooo/0.exe http://pc2.114central.com/ooo/0.exe http://pc3.114central.com/ooo/0.exe http://pc4.114central.com/ooo/0.exe http://pc5.114central.com/ooo/0.exe http://pc6.114central.com/ooo/0.exe http://pc7.114central.com/ooo/0.exe http://pc8.114central.com/ooo/0.exe http://pc9.114central.com/ooo/0.exe http://pc10.114central.com/ooo/0.exe http://pc11.dy2004.com/ooo/0.exe 修改注册表: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe\Debugger = 3(次) "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsnetsvr.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsnetsvr.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsTray.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsTray.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ScanFrm.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ScanFrm.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavstart.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavstart.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kissvc.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kissvc.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfw32.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfw32.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfwsvc.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfwsvc.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kswebshield.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kswebshield.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwatch.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwatch.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kmailmon.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kmailmon.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe\Debugger = 3(次) "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mcagent.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mcagent.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmscsvc.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmscsvc.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McNASvc.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McNASvc.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mcods.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mcods.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McProxy.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McProxy.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mcshield.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mcshield.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpfSrv.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpfSrv.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McSACore.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McSACore.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msksrver.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msksrver.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sched.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sched.exe\Debugger = 2(次) "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe\Debugger = 2(次) "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwebgrd.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwebgrd.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UfSeAgnt.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UfSeAgnt.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TMBMSRV.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TMBMSRV.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfCtlCom.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfCtlCom.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TmProxy.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TmProxy.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360SoftMgrSvc.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360SoftMgrSvc.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qutmserv.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qutmserv.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\livesrv.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\livesrv.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\seccenter.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\seccenter.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPSVC.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPSVC.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPSVC1.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPSVC1.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPSVC2.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPSVC2.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPMon.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPMon.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ast.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ast.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360speedld.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360speedld.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360SoftMgrSvc.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\修复工具.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\修复工具.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360hotfix.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360hotfix.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\krnl360svc.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\krnl360svc.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zhudongfangyu.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zhudongfangyu.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360sd.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360sd.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rp.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rp.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360se.exe = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360se.exe\Debugger = "ntsd -d" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray. = 新建子键 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.\Debugger = "ntsd -d" 进入系统后,木马会首先释放一个驱动文件Sermon.sys,并将其加载为服务运行。此服务会映像劫持系统上安装的所有常见杀毒软件,强制将这些软件关闭。同时,木马还会在计算机临时目录下释放一个批处理文件random.bat,运行并删除驱动文件、木马以及批处理文件自身,不留下任何感染痕迹。获取计算机的控制权限后,已启动的服务程序会连接远程服务器,下载恶意程序到计算机本地,给计算机用户造成更为严重的损失。 专家预防建议:
|