病毒名称(中文):
病毒别名:
威胁级别:
★☆☆☆☆
病毒类型:
黑客程序
病毒长度:
62464
影响系统:
Win9xWinMeWinNTWin2000WinXPWin2003
病毒行为:
这是一个后门病毒,病毒会屏蔽一些安全网站,连接远程主机,等待黑客命令。
1、病毒复制自身到系统目录并运行,删除原病毒文件:
%system%\Winclock.exe
2、修改hosts文件,屏蔽如下安全网站:
www.symantec.com
securityresponse.symantec.com
symantec.com
www.sophos.com
sophos.com
www.mcafee.com
mcafee.com
liveupdate.symantecliveupdate.com
www.viruslist.com
viruslist.com
viruslist.com
f-secure.com
www.f-secure.com
kaspersky.com
kaspersky-labs.com
www.avp.com
www.kaspersky.com
avp.com
www.networkassociates.com
networkassociates.com
www.ca.com
ca.com
mast.mcafee.com
my-etrust.com
www.my-etrust.com
download.mcafee.com
dispatch.mcafee.com
secure.nai.com
nai.com
www.nai.com
update.symantec.com
updates.symantec.com
us.mcafee.com
liveupdate.symantec.com
customer.symantec.com
rads.mcafee.com
trendmicro.com
pandasoftware.com
www.pandasoftware.com
www.trendmicro.com
www.grisoft.com
www.microsoft.com
microsoft.com
www.virustotal.com
virustotal.com
3、修改注册表使病毒随系统自启动:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"MicrosoftWindowsServicesClock"="WinClock.exe"
[HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices]
"MicrosoftWindowsServicesClock"="WinClock.exe"
[HKLM\Software\Microsoft\OLE]
"MicrosoftWindowsServicesClock"="WinClock.exe"
[HKLM\SYSTEM\CurrentControlSet\Control\Lsa]
"MicrosoftWindowsServicesClock"="WinClock.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"MicrosoftWindowsServicesClock"="WinClock.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices]
"MicrosoftWindowsServicesClock"="WinClock.exe"
[HKCU\Software\Microsoft\OLE]
"MicrosoftWindowsServicesClock"="WinClock.exe"
[HKCU\SYSTEM\CurrentControlSet\Control\Lsa]
"MicrosoftWindowsServicesClock"="WinClock.exe"
4、连接远程主机的9797端口,接受黑客命令。
