Win32.Troj.Harvester.a

王朝system·作者佚名 2008-08-14

宽屏版字体: 小|中|大|超大

病毒名称(中文):

病毒别名:

威胁级别:

★☆☆☆☆

病毒类型:

木马程序

病毒长度:

105472

影响系统:

Win9xWinMeWinNTWin2000WinXPWin2003

病毒行为:

这是一个盗取多种游戏密码的木马病毒，病毒通过向多种流行软件（包括系统进程）

注入病毒代码，利用搜索注册表等方法，获取多种游戏的密码等相关信息。

1.病毒首先在%WinDir%目录下释放动态链接文件thedll.dll(毒霸可查，

Win32.Troj.Harvester.a.84032)。盗取游戏密码的病毒代码就存在于

这个动态链接库文件中。

2.病毒搜索以下流行软件（包括系统进程）进程，并将thedll.dll代码

注入这些进程：

iexplore.exe

firefox.exe

Opera.exe

netscape.exe

miranda32.exe

icq.exe

ICQLite.exe

trillian.exe

aim.exe

thunderbird.exe

msimn.exe

emule.exe

WinMX.exe

KazaaLite.exe

skype.exe

TeamSpeak.exe

假如系统中找不到这些进程，病毒将病毒代码注入自身。

3.病毒代码在注册表中寻找游戏密码等相关信息，这些游戏包括：

[HKLM\SOFTWARE\ElectronicArts\EAGames\Battlefield2\ergc]

[HKLM\SOFTWARE\ElectronicArts\EAGAMES\Battlefield1942\ergc]

[HKLM\SOFTWARE\ElectronicArts\EAGames\Battlefield1942TheRoadtoRome\ergc]

[HKLM\SOFTWARE\ElectronicArts\EAGames\Battlefield1942SecretWeaponsofWWII\ergc]

[HKLM\SOFTWARE\ElectronicArts\EAGames\BattlefieldVietnam\ergc]

[HKLM\SOFTWARE\Activision\CallofDutyUnitedOffensive]

[HKLM\SOFTWARE\Activision\CallofDuty]

[HKLM\SOFTWARE\Activision\CallofDuty2]

[HKLM\Software\Techland\Chrome]

[HKLM\SOFTWARE\Westwood\RedAlert2]

[HKLM\Software\Westwood\TiberianSun]

[HKLM\SOFTWARE\ElectronicArts\EAGames\Generals\ergc]

[HKLM\SOFTWARE\ElectronicArts\EAGames\CommandandConquerGeneralsZeroHour\ergc]

[HKLM\Software\Valve\CounterStrike\Settings]

[HKLM\SOFTWARE\Crytek\FarCry\Ubi.com]

[HKLM\SOFTWARE\ElectronicArts\EASports\FIFA2002\ergc]

[SOFTWARE\ElectronicArts\EASports\FIFA2003\ergc]

[SOFTWARE\ElectronicArts\EASPORTS\FIFA06\ergc]

[SOFTWARE\ElectronicArts\EADistribution\FreedomForce\ergc]

[SOFTWARE\ElectronicArts\EAGAMES\GlobalOperations\ergc]

[Software\Valve\Gunman\Settings]

[Software\Valve\Half-Life\Settings]

[SOFTWARE\Microsoft\MicrosoftGames\Halo]

[SOFTWARE\IllusionSoftworks\Hidden&Dangerous2]

[Software\JoWooD\InstalledGames\IG2]

[SOFTWARE\ElectronicArts\EAGAMES\JamesBond007Nightfire\ergc]

[SOFTWARE\ElectronicArts\EAGames\TheBattleforMiddle-earth\ergc]

[SOFTWARE\ElectronicArts\EAGames\MedalofHonorAlliedAssault\ergc]

[SOFTWARE\ElectronicArts\EAGames\MedalofHonorAlliedAssaultBreakthrough\ergc]

[SOFTWARE\ElectronicArts\EAGames\MedalofHonorPacificAssaulttm\ergc]

[SOFTWARE\ElectronicArts\EAGames\MedalofHonorAlliedAssaultSpearhead\ergc]

[Software\ElectronicArts\EASports\NascarRacing2002\ergc]

[Software\ElectronicArts\EASports\NascarRacing2003\ergc]

[SOFTWARE\ElectronicArts\EAGAMES\NeedForSpeedHotPursuit2\ergc]

[SOFTWARE\ElectronicArts\EAGames\NeedForSpeedUnderground\ergc]

[SOFTWARE\ElectronicArts\EAGames\NeedForSpeedUnderground2\ergc]

[SOFTWARE\ElectronicArts\EASports\MaddenNFL06\ergc]

[Software\ElectronicArts\EASports\NHL2002\ergc]

[Software\ElectronicArts\EASports\NHL2003\ergc]

[SOFTWARE\ElectronicArts\EASPORTS\NHL06\ergc]

[Software\Westwood\Nox]

[SOFTWARE\UnrealTechnology\InstalledApps\Pariah]

[SOFTWARE\KONAMIPES5\PES5]

[SOFTWARE\id\Quake4]

[SOFTWARE\RedStormEntertainment\RAVENSHIELD]

[SOFTWARE\ElectronicArts\EAGAMES\ShogunTotalWar-WarlordEdition\ergc]

[SOFTWARE\SilverStyleEntertainment\SoldiersofAnarchy\Settings]

[SOFTWARE\LucasArts\StarWarsBattlefront\1.0]

[Software\LucasArts\StarWarsRepublicCommando\1.0]

[Software\EugenSystems\TheGladiators]

[SOFTWARE\UnrealTechnology\InstalledApps\UT2003]

[SOFTWARE\UnrealTechnology\InstalledApps\UT2004]