CMD32.exe U盘病毒详细介绍
中毒表现:
释放文件
%Windows%CMD32.exe
%System%voice.cpl
%System%timedate.cpl
各分区根目录释放
X:autorun.inf
autorun.inf 内容
[autorun]
Open=EvilDay.exe
shellexecute=EvilDay.exe
shell打开(&O)command=EvilDay.exe
shell=打开(&O)
shell2=浏览(&B)
shell2Command=EvilDay.exe
shell3=资源管理器(&X)
shell3Command=EvilDay.exe
修改注册表:
病毒创建启动项
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun]
"NOTEPAD"="%Windows%CMD32.exe"
修改自动播放禁用设置
[HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer] www.upan.cc
"NoDriveTypeAutoRun"=dword:0000005b
禁用“显示所有文件和文件夹”
[HKCUSOFTWAREMicrosoftWindowsCurrentVersionexplorerAdvancedFolderHiddenSHOWALL]
"CheckedValue"=dword:00000000
禁用“注册表编辑器”
[HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
"DisableRegistryTools"=dword:00000001 www.upan.cc
CMD32.exe U盘病毒详细介绍:https://www.upan.cc/security/news/2009/youpan_375.html