链接网络下载病毒:http://www.chuanshuo88.com/up.exe
释放文件
%CommonProgramFiles%\System\MsTcaPt.dll
注册表:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"MsTcsPt"="Cmd.exe /c Start Rundll32.exe \"C:\\Program Files\\Common Files\\System\\MsTcaPt.dll\",RunForRundll32"
附件就是chuanshuo.exe释放的文件
附件:
MsTcaPt.rar 附件:
procsvc.rar