病毒别名:Worm.P2P.Lemb.b [AVP],W32/Lemb.worm!p2p [McAfee],W32.SillyP2P[Norton]
处理时间:
威胁级别:★★★
中文名称:雷暴变种B
病毒类型:蠕虫
影响系统:Win9x/WinMe/WinNT/Win2000/WinXP/Win2003
病毒行为:
编写工具:
传染条件:网络共享
发作条件:用户误运行
系统修改:
1复制病毒自身到
WINDOWS
un32.exe
WINDOWSWinstart.bat
WINDOWSsystem32 askmgr.exe
WINDOWSsystem32
egedit.exe
该病毒没有判断操作系统,强制拷贝到上述目录,有可能会失败
2.将病毒以下列名字
Rosy.exe
Pipponoto.exe
Anastacia - Left Outside Alone.mp3.exe
The Rasmus - In The Shadows.mp3.exe
50 Cent - In da Club.mp3.exe
Vanessa Carltron - OrdinaryDay.mp3.exe
Haiducii - Dragostea Din Tei.mp3.exe
Black Eyed Peas - Hey Mama.mp3.exe
Raf - In tutti i miei giorni.mp3.exe
Vasco Rossi - Buoni e cattivi.mp3.exe
Lionel Richie - Just For You.mp3.exe
复制到下列路径:
progra~1WinMXShared
progra~1TeslaFiles
progra~1LimeWireShared
progra~1MorpheusMy Shared Folder
progra~1eMuleIncoming
progra~1eDonkey2000Incoming
progra~1BearshareShared
progra~1GroksterMy Grokster
progra~1ICQShared Folder
progra~1Kazaa Lite K++My Shared Folder
progra~1Kazaa LiteMy Shared Folder
progra~1KazaaMy Shared Folder
3.在文件WINDOWSBlem.txt中写入下列内容:
P2P Blem - Coded by Sarosoft
Gedzac Labs Group 2004 - http://www.gedzac.tk
Dedicated to my Love Rosy
Saro & Rosy Forever
Rosy Ti Amo
发作现象:病毒运行后会打开网站http://www.gedzac.tk
特别说明:
该病毒是利用
WinMX,Tesla,LimeWire,Morpheus,eMule,eDonkey2000,Bearshare,Grokster,ICQ,Kazaa Lite K++,Kazaa Lite,Kazaa
的共享网络来传播,诱骗用户下载并运行该病毒