×¢Ò⣺wowexec.exeÊÇϵͳ½ø³Ì£¬µ«ÊÇÈç¹ûÇ°Ãæ´øÒ»¸ö¿Õ¸ñ£¬¾ÍÊDz¡¶¾¡£
wowexec.exe²¡¶¾½â¾ö°ì·¨£º
1¡¢ÏÂÔض¾°Ô£¬²¢Éý¼¶µ½×îв¡¶¾¿â£¬½øÈ밲ȫģʽ£¬¹Ø±Õϵͳ»¹Ô£¬²éɱ¸Ã²¡¶¾£¬ÏÂÔصØÖ·£º£ºhttp://www.duba.net£¬±ÜÃâ¸ÐȾ²¡¶¾±äÖÖ£¬ÒýÆðÎļþ»òÕÕƬ±»Æƻ᣻
Ò»°ãµÚÒ»²½¾Í¿É½â¾öÎÊÌ⣬½¨Òé´ó¼Ò°²×°360£¬ÕâÑù¶ÔÓÚÌí¼Ó×¢²á±íÔËÐеŦÄܾÍûÓÐÁË£¬ÏÂÃæµÄ²Ù×÷Ò²¾Í²»±ØÒªÁË¡£
2¡¢É¾³ý²¡¶¾µÄ×¢²á±í¼üÖµ£¬HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
¼üÃû£ºMSIEXEC ¼üÖµ£º"ÿwowexec.exe"
¸ÃľÂí»¹»áÔÚ×¢²á±íÖÐÔö¼ÓÈçϼüÖµ£¬ÓÃÀ´´æ´¢×ÔÉíÉèÖãº
HKEY_CLASSES_ROOTZPwd_box
HKEY_CLASSES_ROOTZPwd_box tmUpgrade_p dword:41bfabb0
HKEY_LOCAL_MACHINESOFTWAREClassesZPwd_box
HKEY_LOCAL_MACHINESOFTWAREClassesZPwd_box tmUpgrade_p dword:41bfabb0
3¡¢ÏÂÔØAVGľÂíרɱ¹¤¾ß£¬Éý¼¶²¡¶¾¿â£¬½øÈ밲ȫģʽ£¬¹Ø±Õϵͳ»¹Ô¹¦ÄÜ£¬½øÐÐÈ«ÅÌɱ¶¾¡£
½ø³ÌÎļþ£º wowexec »òÕß wowexec.exe
½ø³ÌÃû³Æ£º Microsoft Windows On Windows Execution Process
³öÆ·Õߣº Microsoft Corp.
ÊôÓÚ£º Microsoft Windows On Windows Execution Process
¿É´Ë½ø³ÌÇ°ÃæÓпոñ£¬ÊDz¡¶¾ Çë²Î¿¼ÏÂÁÐ×ÊÁÏ£º ¾¯Ìè×îÐÂQQ.EmailÈä³æ
²¡¶¾Ãû³Æ£ºEmail-Worm.Win32.VB.ac
Îļþ´óС£º13.279k
±àдÓïÑÔ£ºMicrosoft Visual Basic
¿ÇÀàÐÍ£ºUPX-Scrambler RC1.x ->
½üÁ½ÈÕ£¬ÖÚ¶àQQÓû§¾³£½Óµ½±ðÈË·¢À´µÄQQÓʼþ£¬ÇëСÐIJ»Òª´ò¿ª²é¿´£¬ÒÔÃâÖÐľÂí¡£
¸ÃÈä³æʹÓÃÎı¾Í¼±êºÍ.txt.exeÀ©Õ¹Ãûαװ×ÔÉí£¬ÓÕµ¼Óû§Ö´ÐÐÈä³æÌå¡£ wowexec.exe »á·ÃÎʱàºÅΪ£º163com[20030606]¡¢IP£º202.108.44.153µÄ163ÐÅÏ䣬»ñÈ¡Éý¼¶ÐÅÏ¢¡£¶Ë¿Ú:110
Óû§wdboxup
ÃÜÂë:shengjile ÃÜÂë½â°ÔÊÇΣº¦±È½Ï´óµÄľÂí£¬¿ÉÒÔ»ñÈ¡¸÷ÖÖ¼°Ê±Í¨Ñ¶Èí¼þ¡¢EMAIL¡¢ÍøÂçÓÎÏ·¡¢ÍøÂçÒøÐС¢IEÖÐÊäÈëµÄ¸÷ÖÖÃÜÂëµÈ²¢Ôö¼Ó×¢²á±íÆô¶¯Ï
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
¼üÃû£ºMSIEXEC ¼üÖµ£º"ÿwowexec.exe"
¸ÃľÂí»¹»áÔÚ×¢²á±íÖÐÔö¼ÓÈçϼüÖµ£¬ÓÃÀ´´æ´¢×ÔÉíÉèÖãº
HKEY_CLASSES_ROOTZPwd_box
HKEY_CLASSES_ROOTZPwd_box tmUpgrade_p dword:41bfabb0
HKEY_LOCAL_MACHINESOFTWAREClassesZPwd_box
HKEY_LOCAL_MACHINESOFTWAREClassesZPwd_box tmUpgrade_p dword:41bfabb0