I-Worm/Centar.a
病毒长度:28,672 bytes
病毒类型:网络蠕虫
危害等级:*
影响平台:Win9X/2000/XP/NT/Me
I-Worm/Centar.a是一群发邮件蠕虫,它可以结束一些反病毒软件的进程。通过搜索扩展名为 .htm, .html, .htt, .dbx 的文件查找邮件地址,并向其发送病毒邮件进行传播。
传播过程及特征:
1.复制自身为:
%Temp%SProcess.exe
%Temp%Great_Virus_Creation_Kit.exe
或者
%Temp%Win_Security_Patch_2602.exed
%Windir%Explorer.exe
%Windir%SystemExplorer.exe
2.结束包含下列字符串的进程:
avp
kav
nav
scan
anti
alert
mon
check
3.该蠕虫病毒还会在临时文件夹下生成一个LogData.vbs脚本文件,用于发送病毒邮件。邮件特征:
主题: Very important patch!
内容: Hi. Here i've attached a very important
patch, very useful to find and fix a lot of bugs
in windows and to improve the security of your
windows. If installed, this patch it's able to
prevent virus infections or other dangerous
things. I hope that this will be useful! Bye!
附件可能是下列之一:
Win_Security_Patch_2602.exe
SProcess.exe
Great_Virus_Creation_Kit.exe
注:%Windir%为变量,一般为C:Windows 或 C:Winnt;
%System%为变量,一般为C:WindowsSystem (Windows 95/98/Me),
C:WinntSystem32 (Windows NT/2000), 或
C:WindowsSystem32 (Windows XP)。