木马Trojan-PSW.Win32.Magania.cjy
inst.exe,Setup.exe
Backdoor/Agent.apnf
病毒名称:Trojan-PSW.Win32.Magania.cjy
病毒类型:木马
江民杀毒10.00.650Backdoor/Agent.apnf1.395
NOD322.70.10avariantofWin32/PSW.OnLineGames.NFFtrojan4.185
该病毒为玛格尼亚病毒的新变种,释放一个DLL通过挂钩和内存截获来盗取网络游戏的帐号密码。运行之后将释放一些AV图片并打开,再释放病毒到ProgramFiles与WINDOWSHelp目录下。
行为分析
运行以后释放文件:
c:ProgramFilesinst.exe
Date:11-29-200711:00PM
Size:103,163bytes
c:ProgramFilesinst.txt
Date:11-29-200710:44PM
Size:0bytes
c:ProgramFilesSetup.exe
Date:12-28-20072:41PM
Size:76,388bytes
c:ProgramFilesMyPic2006924192650605.jpg
Date:7-19-20076:28AM
Size:7,613bytes
c:ProgramFilesMyPic2006924192732323.jpg
Date:7-19-20076:28AM
Size:7,649bytes
c:ProgramFilesMyPic2006924192810432.jpg
Date:7-19-20076:28AM
Size:7,598bytes
c:ProgramFilesMyPic2006924192810821.jpg
Date:7-19-20076:28AM
Size:13,258bytes
c:ProgramFilesMyPic2006924192810918.jpg
Date:7-19-20076:28AM
Size:7,702bytes
c:WINDOWS1.bat
Date:1-4-20081:06PM
Size:96bytes
c:WINDOWSHelpF3C74E3FA248.dll
Date:1-4-20031:06PM
Size:60,928bytes
c:WINDOWSHelpF3C74E3FA248.exe
Date:12-28-20072:41PM
Size:76,388bytes
图片均为AV图片。
释放问后运行
c:WINDOWSHelpF3C74E3FA248.dll
c:WINDOWSHelpF3C74E3FA248.exe
盗取游戏帐号密码。
建立服务进行开机启动:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows
CurrentVersionExplorerShellExecuteHooks"{1DBD6574-D6D0-4782-94C3-69619E719765}"
Type:REG_SZ
Data:c:WINDOWSHelpF3C74E3FA248.dll
解决方案:
删除文件:
c:ProgramFilesinst.exe
c:ProgramFilesinst.txt
c:ProgramFilesSetup.exe
c:ProgramFilesMyPic2006924192650605.jpg
c:ProgramFilesMyPic2006924192732323.jpg
c:ProgramFilesMyPic2006924192810432.jpg
c:ProgramFilesMyPic2006924192810821.jpg
c:ProgramFilesMyPic2006924192810918.jpg
c:WINDOWS1.bat
c:WINDOWSHelpF3C74E3FA248.dll
c:WINDOWSHelpF3C74E3FA248.exe
删除注册表服务启动项目:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows
CurrentVersionExplorerShellExecuteHooks{1DBD6574-D6D0-4782-94C3-69619E719765}
【inst.exe,Setup.exe木马Trojan-PSW.Win32.Magania.cjy解决方法】相关文章:
★ Trojan.DL.VBS.Agent.cpb(k[1].js)脚本病毒的解决方法
★ 木马程序Trojan-Spy.Win32.Agent.cfu清除方法
★ Backdoor.Win32.IRCBot.afm(video.exe)病毒的处理方法
★ 完美解决 Trojan-PSW.Win32.Mike的方法