Virus name (Chinese): Terrorists
Virus alias:
Threat Level: ★★☆☆☆
Virus type: Hacker program
Virus Length: 118825
Impact System: WIN9X\WINNT
Virus behavior:
This is a backdoor virus, the virus will record the keyboard information on the infected machine, open the ipc$ share, open the HTTP service, crawl the network packet, IP camouflage, accept the Remote control command, launch DDoS. And will try the user's password for the other machines, and copy the past by sharing it, The machine will be completely controlled by the remote machine, so the infected user becomes a member of the network Zombie. The damage is very serious.
1. Generate Files:
C:\WINNT\System32\MSbz32.exe
2. Add the starting entry to enable the virus to run:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
MicrosoftCoreSupport
MSbz32.exe
3. Add services to disguise yourself as a Microsoft Upgrade service:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
MicrosoftCoreSupport
MSbz32.exe
4. Information collected on infected machines:
Eagames
Tournament2004
UT2004
Tournament2004
UT2004
Microsoftwindowsproductid
Half-Life
Counter-Strike (Retail) CDKey