“VB蠕虫变种ZPZ”病毒技术细节
病毒运行后,将自身复制到本地所有磁盘的\recycled\目录中,并运行.这几个进程相互守护.并不断的回写注册表的这几个地方,达到隐藏自己的目的。HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
"Userinit" = C:\RECYCLED\SVCHOST.EXE,
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced"
HideFileExt" = 0X00000001
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced"
ShowSuperHidden" = 0X00000000 看不懂 发```````````````````
页:
[1]