病毒名称:
Backdoor.Helios
类别: 特洛伊木马
病毒资料:
受影响系统:Windows 95, Windows 98, Windows NT, windows 2000,
Windows XP, Windows Me
不受影响系统:Windows 3.x, Microsoft IIS, Macintosh, Unix, Linux
病毒危害:
1.通过终止运行的进程来关闭反病毒及防火墙程序;
特征:
该木马会让黑客未授权访问被感染机器。默认情况下,它会打开被感染机
器的3737端口。此木马是用Visual Basic 6进行编写的。运行后,它会:
1.将自己复制成%system%Scanstartup.exe,该文件的属性为只读、系统及
隐藏。
2.添加键值SCANSTRTUP %system%Scanstartup.exe
到注册表
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices中
,使得每次启动Windows木马会自动运行。
另外,还会在注册表键
HKEY_LOCAL_MACHINESoftwareMicrosoftActiveSetupInstalled Components中
创建StubPath %system%Scanstartup.exe键值;
3.利用ICQ寻呼机及打开的3737端口通知客户端;
4.试图杀掉如下进程:
_Avp32.exe
_Avpcc.exe
_Avpm.exe
Avp32.exe
Avpcc.exe
Avpm.exe
Avp.exe
Navapw32.exe
Agv.exe
Norton.exe
Nav.exe
Nav32.exe
Nortonav.exe
Npfw32.exe
Npfw.exe
Norton_Av.exe
Netprotect.exe
Netpro.exe
Conseal.exe
Spygate.exe
Blackice.exe
Winroute.exe
Sophos.exe
Sophos_Av.exe
Sophosav.exe
Norman.exe
Normanav.exe
Norman32.exe
Norman_Av.exe
Norman_32.exe
Icload95.exe
Icmon.exe
Icsupp95.exe
Icloadnt.exe
Icsuppnt.exe
Iface.exe
Ants.exe
Anti-Trojan.exe
Iamapp.exe
Iamserv.exe
Frw.exe
Blackice.exe
Blackd.exe
Zapro.exe
Minilog.exe
Zonealarm.exe
Vsmon.exe
Wrctrl.exe
Wradmin.exe
Cleaner3.exe
Cleaner.exe
Tca.exe
Moolive.exe
Lockdown2000.exe
Sphinx.exe
Rav.exe
Atscan.exe
Ats.exe
Panda.exe
Pav.exe
Pandaav.exe
Spyx.exe
Spy.exe
Pc-Cillan
Vshwin32.exe
Vsecomr.exe
Webscanx.exe
Avconsol.exe
Vsstat.exe
Aplica32.exe
Cfiadmin.exe
Cfiaudit.exe
Cfinet32.exe
Cfinet.exe
Iamserv.exe
Iamapp.exe
Pcfwallicon.exe
Lockdown2000.exe
Netcommando.exe
Net2000.exe
Nc2000.exe
Tds2-98.exe
Defense.exe
Defence.exe
Cleaner.exe
Safeweb.exe
Zauinst.exe
Zapro.exe
Zonealarm.exe
Zatutor.exe
Minilog.exe
Vsmon.exe
Lockdown.exe
Fast.exe
Guard.exe
Update.exe
Autoupdate.exe
Tc.exe
Spyxx.exe
Pview95.exe
Regedit.exe
Drwatson.exe
Nsched32.exe
Moolive.exe
Tca.exe
Tcm.exe
Tds-3.exe
Ss3edit.exe
Anti-Trojan.exe
Atcon.exe
Atupdater.exe
Atwatch.exe
Wgfe95.exe
Poproxy.exe
Nprotect.exe
Ndd32.exe
Mcagent.exe
Mcupdate.exe
Watchdog.exe
Taumon.exe
Smc.exe
5.允许黑客在被感染机器上执行如下操作:
(1)、将系统及网络信息发送给黑客,包括登陆名及缓冲网络Frethem/
index.htm" target="_blank" style='text-decoration: underline;color:
#0000FF'>密码;
(2)、打印文本,播放多媒体文件、打开或关闭光驱;
(3)、通过击键程序拦截用户的私人信息,并截取屏幕上的信息并将之发
往黑客;
(4)、迫使计算机关闭、重启或注销。
病毒的清除法:
使用光华反病毒软件,彻底删除。
病毒演示:
病毒FAQ:
别名:Backdoor.Helios.12.d [AVP]
发现日期:
2002-1-22
|
