进程和DLL文件查询
hxdef.exe 进程资料
hxdef.exe是什么进程?
进程信息 | |
进程文件: | hxdef.exe |
---|---|
进程名称: | Worm_Lovgate.AD |
中文描述: | “爱之门”病毒变种。病毒会将大量可执行文件替换成病毒副本文件,并将原文件变为隐含属性且后缀名被改变。同时病毒会在被感染系统中生成多个自身拷贝和病毒文件。在%Windows%文件夹下生成:SVCHOST.EXE和SYSTRA.EXE。在%system%文件夹下生成:HXDEF.EXE、IEXPLORE.EXE、KERNEL66.DLL、RAVMOND.EXE、TKBELLEXE.EXE和UPDATE_OB.EXE。在C盘根目录下生成:AUTORUN.INF和COMMAND.EXE。 病毒在注册表中添加以下项目,使得自身能够作为服务运行:在HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices下添加SystemTra="C:\Windows\SysTra.EXE"COM++System="svchost.exe" 病毒在注册表中添加以下项目,使得自身能够随系统启动而自动运行,在HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\CurrentVersion\Windows下添加run="RAVMOND.exe"WinHelp="C:\Windows\System32\TkBellExe.exe"HardwareProfile="C:\Windows\System32\hxdef.exe"VFWEncoder/DecoderSettings="RUNDLL32.EXEMSSIGN30.DLLondll_reg"MicrosoftNetMeetingAssociates,Inc.="NetMeeting.exe"ProgramInWindows="C:\Windows\System32\IEXPLORE.EXE"ShellExtension="C:\Windows\System32\spollsv.exe"ProtectedStorage="RUNDLL32.EXEMSSIGN30.DLLondll_reg" 病毒修改以下注册表项目,这样一来,用户在运行.txt文本文件的时候,实际上就是在运行病毒拷贝:HKEY_CLASSES_ROOT\txtfile\shell\open\commanddefault="Update_OB.exe%1"(原始数值为%SystemRoot%\system32\NOTEPAD.EXE%1)HKEY_LOCAL_MACHINE\Software\Classes\txtfile\shell\open\commanddefault="Update_OB.exe%1"(原始数值为%SystemRoot%\system32\NOTEPAD.EXE%1)。 病毒修改文件AUTORUN.INF[AUTORUN]Open="c:\COMMAND.EXE"/StartExplorer |
程序用途: | 搜索系统邮箱,回复找到的电子邮件,并将病毒作为附件进行传播。 |
进程位置: | 系统 |
进程作者: | 未知 |
进程属性 | ||
系统进程: | 否 | |
---|---|---|
应用程序: | 否 | |
后台程序: | 是 | |
使用访问: | 是 | |
访问网络: | 否 | |
进程行为 | ||
危险等级: | 0 (N/A无危险 5最危险) | |
间碟软件: | 是 | |
广告软件: | 是 | |
病毒进程: | 是 | |
木马进程: | 是 |
进程查询结果由 xpcha.com 提供
热门进程
- QQLiveUp.exe QQLiveUp.exe
- pcclient.exe Trend Micro PC-Cillin Component
- searchindexer.exe
- lsass.exe Local Security Authority Service
- dwm.exe dwm.exe
- feedback.exe feedback.exe
- ocraware.exe Ocraware
- lviss.exe Worm.Ircbot.Gen.lviss
- msascui.exe Microsoft Windows Defender Antispyware
- ereg.exe
- devenv.exe Microsoft Visual Studio
- InfoMgr.exe InfoMgr.exe
- vaioupdt.exe Sony Vaio Update
- wmiadap.exe AutoDiscovery/AutoPurge (ADAP) Service
- LienVandeKelderrr.exe LienVandeKelderrr.exe
- lkcitdl.exe National Instruments Part of Logos
- mscoree.dll Microsoft .NET Runtime Execution Engine
- MotoMidMan.exe MotoMidMan.exe
- pcfmgr.exe PowerPannel
- lsm.exe lsm.exe
网友正在查
- hxdef.exe
- bootcfg.exe
- serv454.exe
- ifsplash.exe
- bind_8468.exe
- DeskWidget.exe
- imagedrive.exe
- searchupgrader.exe
- SuperLyrics.exe
- rardat.exe
- tibs.exe
- fspex.exe
- usbmmkbd.exe
- configldr.exe
- SDOClient.exe
- wshext.dll
- stealth.wm.exe
- frzstate.exe
- aw1.exe
- scheduled_maintenance.exe
- logon.exe
- benetns.exe
- telnets.exe
- tencent.exe
- windfind.exe
- msys10.exe
- OuttaSight.exe
- ati2dvag.dll
- 2.exe
- iexpl0re1.exe
- aolhos~1.exe
- bcresident.exe
- legitcheckcontrol.dll
- tianyin.exe
- nutsrv4.exe
- syskey.exe
- fwr.exe
- bdl14108.exe
- cnss.exe
- aopen.exe
- mathchk.exe
- 后卫脑筋急转弯.exe
- internetcolor.exe
- vcclient.exe
- STW.exe
- icon.exe
- cgiRqCfg.exe
- wmpcda.exe
- pctvoice.exe
- aveagent.exe
- addclass.exe
- csrcc.exe
- live800.exe
- RampartSvc.exe
- AV2Wav.exe
- phelper.dll
- itsdeductible.exe
- 电脑摄像机.exe
- system.exe
- saflashplayer.exe
- esshared.dll
- tsclient.exe
- bhp.exe
- odbcad32.exe
- wid32.exe
- netflx.dll
- reginfo32.exe
- odhost.exe
- xuhuan.exe
- svshot.exe
- vvsetup.exe
- mpp2pl.exe
- IceServe.exe
- ansmtp.dll
- icqwutl.dll
- pnrpnsp.dll
- QQIEHelper.dll
- zbase32.exe
- mscman.exe
- PowerRmv.exe
- WYWScreenLock.exe
- wd2_051117_WIS207_mini.exe
- e_s4i3f2.exe
- winbar.exe
- setcpqlc.exe
- wmonitor.exe
- msinstall61.exe
- XPath.exe
- Sysupd.exe
- NetSecurity.exe
- googlefahcore_65.exe
- wfpscheduler.exe
- 按键精灵6.exe
- Sudhcedc.ini
- openvpn.exe
- HIDEIT.EXE
- chglogo.exe
- spmd.exe
- scregmanager4.exe
- hhc.exe