wireshark arp攻击:请问哪位高手知道trojan.generic怎么杀除?

来源:百度文库 编辑:神马品牌网 时间:2024/07/08 20:47:11


McAfee VirusScan (麦咖啡杀毒软件) v10.0.27 最新汉化完全版

注册很简单,到这个网址: http://us.mcafee.com/root/register.asp用你的邮箱注册一个Mcafee帐号, 安装的时候填入你注册用的那个邮箱地址&密码就可以在线升级了。

Generic PWS.oType Trojan SubType Win32 Discovery Date 04/06/2005 Length Minimum DAT 4463 (04/06/2005) Updated DAT 4790 (06/21/2006) Minimum Engine 4.4.00 Description Added 04/06/2005 Description Modified 01/11/2006 9:47 AM (PT)

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

This is a password stealing trojan that captures keystrokes and sends notification and captured information to the author via HTTP. Online email and bank account information (username/password) is particularly vulnerable to this threat.

There are several variants of the trojan. The description is for a specific sample.

When run, the trojan copies itself to %Sysdir% directory. The following file names are used:

MSSVC.EXE Itt creates a registry run key to load itself at Windows start up.

"winnsvc" = "msvc.exe "
Existence of files and registry keys mentioned above.

Contacts a server via port 80 (g2.slapeddw.info) and proceeds posting system info to a PHP file. Info such as OS, Service pack, Browser, etc....

Trojan also has a keylogger component attached to it. Waiting for keystrokes and then posting these strokes to the PHP file.

Acts a Proxy Server

Method of Infection
Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, etc.

McAfee全球最畅销的杀毒软件之一,McAfee防毒软件, 除了*作介面更新外,也将该公司的WebScanX功能合在一起,增加了许多新功能! 除了帮你侦测和清除病毒,它还有VShield自动监视系统,会常驻在System Tray,当你从磁盘、网络上、E-mail夹文件中开启文件时便会自动侦测文件的安全性,若文件内含病毒,便会立即警告,并作适当的处理,而且支持鼠标右键的快速选单功能,并可使用密码将个人的设定锁住让别人无法乱改你的设定。