病毒别名: 处理时间:2006-08-30 威胁级别:★
中文名称: 病毒类型:蠕虫 影响系统:Win 9x/ME,Win 2000/NT,Win XP,Win 2003
病毒行为:
这是一种通过邮件传播的蠕虫病毒,该病毒搜索被感染机器上的邮件地址把自己的拷贝发送出去,病毒运行时会弹出一个对话框来迷惑被感染用户.
1.生成文件:
%WINNT%Flagex.Flg
%WINNT%inetexplore.exe
%WINNT%systemActorsGallery.zip
%WINNT%systeminetalert.exe
%WINNT%systemInstallGallery.exe
%WINNT%systemsysfile.dat
%WINNT%systemzippwdinfo.dat
2.添加注册表起始项,使病毒开机运行:
HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun
inetexplore
"%WINNT%inetexplore.exe"
3.修改以下注册表键值,使病毒关联到exe:
HKCRexefileshellopencommand
@
"%WINNT%systeminetalert.exe "%1" %*"
HKLMSOFTWAREClassesexefileshellopencommand
@
"%WINNT%systeminetalert.exe "%1" %*"
4.生成互斥量:
OneCopyMutex
5.病毒在第一次运行的时候会弹出对话框,迷惑用户自己运行失败:
The installation has failed to start because
_agl43.dll was not found. Re-installing the
application may fix this problem.
6.发送在用户机器上搜索邮件地址并且把自己发送出去
邮件标题为:
Actors Sexy Pictures! (Axe Sexye Bazigarhaye Cinema)
内容为:
Hi my friend. This is a funny sexy actors pictures.
Enjoy it!!
Salam be tamamie baro bach inam ye collectione bahal
az axaye sexye bazigaraye cinamast. bebinid va faghat
Bekhandid!! ;)
附件文件名:
ActorsGallery.zip