病毒大百科

这是一个木马下载器程序。它会自动调用IE浏览器，下载大量病毒到用户机器上，同时还会擅自登录Google页面搜索色情视频，让用户以为它是个色情广告软件。

1.程序运行后，生成文件
C:\smp.bat
C:\Documents and Settings\fish\Cookies\fish@google[1].txt
C:\Documents and Settings\fish\Cookies\fish@google[2].txt
C:\Documents and Settings\fish\Local Settings\History\History.IE5\MSHist012008050620080507
C:\Documents and Settings\fish\Local Settings\History\History.IE5\MSHist012008050620080507\index.dat
C:\Documents and Settings\fish\Local Settings\Temp\A10-tmpaoi.exe
C:\Documents and Settings\fish\Local Settings\Temp\Perflib_Perfdata_6e8.dat
C:\Documents and Settings\fish\Local Settings\Temporary Internet Files\Content.IE5\2PF3QNZE\sU0He6l7Lhs[1].js
C:\Documents and Settings\fish\Local Settings\Temporary Internet Files\Content.IE5\C4DGV5NI\drv32[1].data
C:\Documents and Settings\fish\Local Settings\Temporary Internet Files\Content.IE5\C4DGV5NI\nav_logo3[1].png
C:\Documents and Settings\fish\Local Settings\Temporary Internet Files\Content.IE5\R146ZVU7\search[1]
C:\Documents and Settings\fish\Local Settings\Temporary Internet Files\Content.IE5\R146ZVU7\search[1].htm
C:\Documents and Settings\fish\Local Settings\Temporary Internet Files\Content.IE5\TIH5F1C8\gcn[1].png
C:\WINDOWS\tokry.dll

2.病毒修改注册表的系统设置
HKEY_CURRENT_USER\Software\Microsoft\Bind comment "3913170"
HKEY_CURRENT_USER\Software\Microsoft\Bind comment2 "f"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95E1D855-9232-48F7-80D9-1ADB65B7939C} @ ""

3.病毒会生成文件C:\smp.bat，去运行下载病毒。

　4.病毒首次运行时，会自动联网去网上下载x**@google[1].txt,x**@google[2].txt病毒列表，然后去下载病毒.