杀毒Backdoor.Trojan cmpku.exe cmpkunt.exe。。

本文详细分析了一种名为Troj/Tompai-B的木马病毒,该病毒针对Windows平台,通过复制自身并修改注册表实现自启动。Troj/Tompai-B能够改变IE设置,并通过联系预定义URL及发送邮件报告感染状态。此外,它还为远程用户提供了一系列控制选项。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

Troj/Tompai-B
  Backdoor.Trojan cmpku.exe cmpkunt.exe
    近来计算机莫明奇妙的现象。还有些奇怪的进程。查了资料后才知道是中毒了。哎。。。在显示所有文件和显示后缀名的时候。刷新后又变回去了,,
This section is for technical experts who want to know more.
Troj/Tompai-B is a backdoor Trojan for the Windows platform.
When first run Troj/Tompai-B copies itself to mapserver.exe in the Windows folder and creates three copies of itself in the <system> folder. One of these copies will be called mainsv.exe and the others are chosen randomly from the following pairs of names:
cmpku.exe and cmpkunt.exe
netcompt.exe and netcomptnt.exe
ptsnopt.exe and ptsnoptnt.exe
ntdllf.exe and ntdllfnt.exe
The following registry entries are created to run the copies of the Trojan.
HKCU/Software/Microsoft/Windows/CurrentVersion/Run
Ntcheck

<Windows>/mapserver.exe
HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run
Cmpnt
<System>/<random name>.exe
HKCU/Software/Microsoft/Windows/CurrentVersion/Runonce
Cmpnt
<System>/mainsv.exe
HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/RunServices
Shell
<System>/mainsv.exe
Troj/Tompai-B changes settings for Microsoft Internet Explorer by modifying values under:
HKCU/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Zones/
The Trojan also changes the following registry values:
显示所有文件和显示后缀名:
HKCU/Software/Microsoft/Windows/CurrentVersion/Explorer/Advanced/
Hidden
0x00000000
HKCU/Software/Microsoft/Windows/CurrentVersion/Explorer/Advanced/
HideFileExt
0x00000001
HKCU/Software/Microsoft/Windows/CurrentVersion/Explorer/Advanced/
ShowSuperHidden
0x00000000
Troj/Tompai-B will open a backdoor on the infected system and report the infection by contacting a predefined URL and via email.
Troj/Tompai-B gives the following options to a remote user:
Access folder.
Access parent folder.
Change attribute of file/folder.
Change drive.
Delete any file.
Execute any file.
Force PC to Shut Down.
Get IP WAN.
Get the date/time of the server.
Get the list of commands supported by the server
Get the list of the directories.
Get the list of the files.
Logoff PC.
Logout from the server.
Reboot the PC.
Show the User.
 
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值