Win32.Hack.Prorat.i.2027052_操作系统_软件频道

这是一个黑客程序，它实际上是一个木马文件，会获取用户系统的操作权限，然后连接到黑客的远程服务器，以便黑客盗窃电脑中的信息或对电脑进行非法控制。

在磁盘中释放出以下文件:
C:Windowssystem32fservice.exe
C:Windowssystemsservice.exe
C:sample.exe.bat
C:Windowsservices.exe
C:WindowsSYSTEM32winkey.dll

在磁盘中删除了以下文件:
C:Windowssystem32fservice.exe
C:Windowssystemsservice.exe
"c:sample.exe"
病毒会删除自身
C:Windowsservices.exe

在注册表中创建了以下信息:
"HKCUSoftwareMicrosoftWindows NT Script HostMicrosoft DxDiagWinSettings"
"HKLMSoftwareMicrosoftActive SetupInstalled Components"

在注册表中设置了以下信息:
"HKCUSoftwareMicrosoftWindows NT Script HostMicrosoft DxDiagWinSettings" "Bulas" "1"
"HKCUSoftwareMicrosoftWindows NT Script HostMicrosoft DxDiagWinSettings" "FW_KILL" "1"
"HKCUSoftwareMicrosoftWindows NT Script HostMicrosoft DxDiagWinSettings" "XP_FW_Disable" "1"
"HKCUSoftwareMicrosoftWindows NT Script HostMicrosoft DxDiagWinSettings" "XP_SYS_Recovery" "1"
"HKCUSoftwareMicrosoftWindows NT Script HostMicrosoft DxDiagWinSettings" "ICQ_UIN" "`lddon/on,hq/hogn"
"HKCUSoftwareMicrosoftWindows NT Script HostMicrosoft DxDiagWinSettings" "ICQ_UIN2" ""
"HKCUSoftwareMicrosoftWindows NT Script HostMicrosoft DxDiagWinSettings" "Kurban_Ismi" "whbuhl"
"HKCUSoftwareMicrosoftWindows NT Script HostMicrosoft DxDiagWinSettings" "Mail" ""
"HKCUSoftwareMicrosoftWindows NT Script HostMicrosoft DxDiagWinSettings" "Online_List" ""
"HKCUSoftwareMicrosoftWindows NT Script HostMicrosoft DxDiagWinSettings" "Port" "4001"
"HKCUSoftwareMicrosoftWindows NT Script HostMicrosoft DxDiagWinSettings" "Sifre" "0325"
"HKCUSoftwareMicrosoftWindows NT Script HostMicrosoft DxDiagWinSettings" "Hata" ""
"HKCUSoftwareMicrosoftWindows NT Script HostMicrosoft DxDiagWinSettings" "KSil" "1"
"HKCUSoftwareMicrosoftWindows NT Script HostMicrosoft DxDiagWinSettings" "LanNotifie" ""
"HKLMSoftwareMicrosoftActive SetupInstalled Components" "StubPath" "C:Windowssystemsservice.exe"