病毒大百科

这是一个通过网络$ipc共享传播的蠕虫病毒。该病毒的主要危害是通过IRC聊天系统使用户系统受黑客远程控制；该病毒还会在后台开启ftp服务端口，供别人下载上传及执行文件；该病毒会屏蔽大量网址，使用户上网不便。

1，生成文件
%system%\taskzg.exe
%system%\winxznet.exe
%system%\drivers\etc\hosts

2，添加注册表启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"WINTASK FORCE" = "taskzg.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
"WINTASK FORCE" = "taskzg.exe"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
"WINTASK FORCE" = "taskzg.exe"

HKEY_CURRENT_USER\Software\Microsoft\OLE
"WINTASK FORCE" = "taskzg.exe"

HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa
"WINTASK FORCE" = "taskzg.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole
"WINTASK FORCE" = "taskzg.exe"

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa
"WINTASK FORCE" = "taskzg.exe"

3，修改hosts文件，屏蔽下列网站
127.0.0.1 www.symantec.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 symantec.com
127.0.0.1 www.sophos.com
127.0.0.1 sophos.com
127.0.0.1 www.mcafee.com
127.0.0.1 mcafee.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 www.viruslist.com
127.0.0.1 viruslist.com
127.0.0.1 viruslist.com
127.0.0.1 f-secure.com
127.0.0.1 www.f-secure.com
127.0.0.1 kaspersky.com
127.0.0.1 www.avp.com
127.0.0.1 www.kaspersky.com
127.0.0.1 avp.com
127.0.0.1 www.networkassociates.com
127.0.0.1 networkassociates.com
127.0.0.1 www.ca.com
127.0.0.1 ca.com
127.0.0.1 mast.mcafee.com
127.0.0.1 my-etrust.com
127.0.0.1 www.my-etrust.com
127.0.0.1 download.mcafee.com
127.0.0.1 dispatch.mcafee.com
127.0.0.1 secure.nai.com
127.0.0.1 nai.com
127.0.0.1 www.nai.com
127.0.0.1 update.symantec.com
127.0.0.1 updates.symantec.com
127.0.0.1 us.mcafee.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 customer.symantec.com
127.0.0.1 rads.mcafee.com
127.0.0.1 trendmicro.com
127.0.0.1 www.microsoft.com
127.0.0.1 www.trendmicro.com