病毒类型:蠕虫
病毒长度:18,254字节
受影响的系统:Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
风险指数:低
破坏能力:中
传播能力:高
当该病毒发作时:
1,显示如下的出错信息,点击“OK”会导致出现更多的消息,如:
Error!
Can't find a viewer associated with the file
2,创建下列七个互斥实例:
MuXxXxTENYKSDesignedAsTheFollowerOfSkynet-D
'D'r'o'p'p'e'd'S'k'y'N'e't'
_-oOaxX|-+S+-+k+-+y+-+N+-+e+-+t+-|XxKOo-_
[SkyNet.cz]SystemsMutex
AdmSkynetJklS003
____--->>>>U<<<<--____
_-oO]xX|-S-k-y-N-e-t-|Xx[Oo-_
其中的一些变量将会阻止Netsky的启动(黑吃黑……)
3,删除如下注册表项:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun
中的如下键值:
"My AV"
"Zone Labs Client Ex"
"9XHtProtect"
"Antivirus"
"Special Firewall Service"
"service"
"Tiny AV"
"ICQNet"
"HtProtect"
"NetDy"
"Jammer2nd"
"FirewallSvr"
"MsInfo"
"SysMonXP"
"EasyAV"
"PandaAVEngine"
"Norton Antivirus AV"
"KasperskyAVEng"
"SkynetsRevenge"
"ICQ Net"
4,创建如下文件:
%System%sysinit.exe
%System%sysinit.exeopen
%System%sysinit.exeopenopen
%System%sysinit.exeopenopenopen
%System%sysinit.exeopenopenopenopen
5,在如下注册表项:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
添加如下键值:
"Syskey" = "%System%sysinit.exe"
6,有可能添加如下注册表键值:
HKEY_CURRENT_USERSoftwareMicrosoftDownloadManager
HKEY_LOCAL_MACHINESoftwareMicrosoftDownloadManager
7,尝试终止如下进程的防病毒或安全程序:
ATUPDATER.EXE
AUPDATE.EXE
AUTODOWN.EXE
AUTOTRACE.EXE
AUTOUPDATE.EXE
AVPUPD.EXE
AVWUPD32.EXE
AVXQUAR.EXE
AVXQUAR.EXE
CFIAUDIT.EXE
DRWEBUPW.EXE
ESCANH95.EXE
ESCANHNT.EXE
FIREWALL.EXE
ICSSUPPNT.EXE
ICSUPP95.EXE
LUALL.EXE
MCUPDATE.EXE
NUPGRADE.EXE
OUTPOST.EXE
sys_xp.exe
sysxp.exe
UPDATE.EXE
winxp.exe
kavsvc.exe