[06-26] About Virus Trojan.dl.Agent.Alb (3rd Edition)

xiaoxiao2021-04-11  1.6K+

Endurer original

2006-06-26 Item 3 Supplement: Kaspersky confirmed as virus: Trojan.win32.Agent.ut2006-06-26 2nd version of the complement: Kaspersky (2006-06-26 09:06:15), Jiangmin KV2006 engine version : 9.02.2040 Date of viral library: 2006-06-26 Never report.

2006-06-25 1st Edition

A netizen said that his computer has recently viewed the web. Sometimes, sometimes it will pop up a inexplicable web hxxp://www.88u.com. And sent the Log of HijackThis scan.

In the log, find the following suspicious items:

O2 - BHO: IEHLPROBJ CLASS - {A3803141-3CF5-4D66-B7EA-8D2674FE152C} - C: /Windows/stdie.dll

O4 - hkcu /../ Run: [localsystem] c: /windows/system/svchost.exe

After replying, the netizen packed two files.

Among them: SVCHOST.EXE Ruixing is Trojan.dl.Agent.Alb

This file is written in Microsoft Visual C 7.0 [Debug]

Download by creating a naming pipeline micpip:

HXXP: //www.ad***369.com/filmweb/webad.asphxxp: //www.ad***369.com/filmweb/file.asphxxp: //www.ad***369.com/ Filmweb / file.dathxxp://www.ad***369.com/filmweb/ehu.up

Create a file 1,% windir% / setupsvc.txt

2,% userprofile% / local settings / temp / run1.bat

The file content is:

Rundll32 Syssetup, SetupinfobjectInstallAction DefaultInstall 128 Drv1.inf

3,% userprofile% / local settings / temp // drv1.inf

The file content is:

[Version] Signature = "$ Windows NT $" [DefaultInstall] DELREG = MyDEL [MyDel] HKCU, Software / Microsoft / Windows / CurrentVersion / Policies / System, DisableregistryTrytools

4, NetInfo.xml

5,% windir% / system / svchost.exe

6,% windir% / system / netshell.dll

7,% WINDIR% / Netshell.dll

Modify the registry multiple key values

One of the most important items is:

Software / Microsoft / Windows / CurrentVersion / Policies / Explorer% S.dll

To load NetShell.dll.

This item will not be reported in the concise log of HijackThis.


New Post(0)