现在还让不让活了`网易新闻好多页面都有毒
先是下载upnpsvc.exe并运行
然后添加服务Asynchronous UPnP Support Services
改写注册表如下
HKLM\SYSTEM\ControlSet001\Services\Asynchronous UPnP Support Services\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\SYSTEM\ControlSet001\Services\Asynchronous UPnP Support Services\Type: 0x00000010
HKLM\SYSTEM\ControlSet001\Services\Asynchronous UPnP Support Services\Start: 0x00000002
HKLM\SYSTEM\ControlSet001\Services\Asynchronous UPnP Support Services\ErrorControl: 0x00000000
HKLM\SYSTEM\ControlSet001\Services\Asynchronous UPnP Support Services\ImagePath: "C:\Documents and Settings\Administrator\桌面\12.06\upnpsvc.exe"
HKLM\SYSTEM\ControlSet001\Services\Asynchronous UPnP Support Services\DisplayName: "Asynchronous UPnP Support Services"
HKLM\SYSTEM\ControlSet001\Services\Asynchronous UPnP Support Services\ObjectName: "LocalSystem"
HKLM\SYSTEM\ControlSet001\Services\Asynchronous UPnP Support Services\Description: "使用您的 UPnP 设备为P2P数据传输提供支持。如果此服务被终止，此计算机BitTorrent等传输将受到影响。"

并创建启动服务
[Asynchronous UPnP Support Services / Asynchronous UPnP Support Services][Running/Auto Start]
<C:\WINDOWS\system32\upnpsvc.exe><Microsoft Corporatio>

然后生成sysauto.exe ,rendom.exe autorun.inf到各盘符根目录！
感染exe文件，并下载wpcap.dll,packet.dll,pthreadVC.dll,npf.sys等文件到系统目录
并使用wpcap组件开始局域网嗅探，然后感染局域网有漏洞的机子，
并会使网速奇卡，并且会造成局部掉线！
熊猫和arp病毒的结晶！牛叉！！

病毒网址：http://news.163.com/07/0406/10/3BD02HQ70001124J.html

还有酷狗里的排行榜链接也有这个毒~

新浪也有好多~

反正各大网站都有！更不用说那些本来就是病毒传播者挂马的小网站了！

建议编辑注册表来做文件镜像地址屏蔽，
屏蔽掉upnpsvc.exe,ravdom.exe sysauto.exe,autorn.inf
wpcap.dll,等等`！

镜像屏蔽注册表如下

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Control Panel\Desktop]
"AutoEndTasks"="1"
"HungAppTimeout"="200"
"WaitToKillAppTimeout"="200"
"WaitTOKillService"="200"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
"WaitToKillServiceTimeout"="200"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters]
"EnablePrefetcher"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SFCDisable"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AlwaysUnloadDLL]
@="0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]
"AutoShareServer"=dword:00000000
"AutoSharewks"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows]
"NoPopUpsOnBoot"=dword:00000001
[HKEY_CLASSES_ROOT\lnkfile]
@="快捷方式"
"EditFlags"=dword:00000001
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RemoteComputer\NameSpace]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RemoteComputer\NameSpace\{2227A280-3AEA-1069-A2DE-08002B30309D}]
@="Printers"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer]
"Link"=hex:00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters]
"EnablePrefetcher"=dword:00000003
[HKEY_USERS\.DEFAULT\Control Panel\Desktop]
"FontSmoothing"="2"
"FontSmoothingType"=dword:00000002
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MaxConnectionsPer1_0Server"=dword:00000008
"MaxConnectionsPerServer"=dword:00000008
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control]
"WaitToKillServiceTimeout"="1000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upnpsvc.exe]
"Debugger"="c:\\屏蔽病毒.exe"

通过把upnpsvc.exe重定向到不存在的c:\屏蔽病毒.exe上
而使病毒不能运行！后面自己继续加！比如:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravdom.exe]
"Debugger"="c:\\屏蔽病毒.exe"