Worm.P2P.Gkeki

病毒名称:

Worm.P2P.Gkeki

类别： 蠕虫病毒

病毒资料：

破坏方法：

一个利用P2P软件共享目录进行传播的蠕虫病毒.

病毒行为:

病毒运行后,将自己复制到％windows％目录下,文件名为:CSRSS.exe,病毒将修改注册表中txt文件关联使其指向病毒,每次用户点击一个txt文件时,将先启动病毒.病毒还将在注册表

HKEY_LOCAL_MACHINE\Software\Microsoft

\Windows\Currentversion\Run中加入自己的键

"Norton Auto-Protect" = CSRSS.EXE

以达到随系统启动目的.

随后病毒驻留内存,并尝试从注册表中读出一些p2p软件的共享目录路径.

如:

Software\Imesh\Client\LocalContent\Dir0

病毒将自己复制到这些目录,文件名为:

Sex.exe

Porn.exe

Paris Hilton.exe

Naked Celebrity.exe

Celeb uncensored.exe

SUCK.exe

如果读取不到这些路径病毒将尝直接将自己复制到以下路径

C:\Program Files\Grokster\My Grokster

\Paris Hilton.exe

C:\Program Files\Grokster\My Grokster\PORNO.exe

C:\Program Files\Grokster\My Grokster\XXX.exe

C:\Program Files\Grokster\My Grokster

\Naked WWE Divas.exe

C:\Program Files\Grokster\My Grokster

\Naked Britney.exe

C:\Program Files\Grokster\My Grokster

\Naked Celebrity.exe

C:\Program Files\Grokster\My Grokster

\Celeb uncensord.exe

C:\Program Files\Grokster\My Grokster

\SUCK.exe

C:\Program Files\Morpheus\My Shared Folder

C:\Program Files\Morpheus\My Shared older\Sex.exe

C:\Program Files\Morpheus\My haredFolder\Porn.exe

C:\Program Files\Morpheus\My Shared Folder\Paris Hilton.exe

C:\Program Files\Morpheus\My Shared older\PORNO.exe

C:\Program Files\Morpheus\My Shared Folder\XXX.exe

C:\Program Files\Morpheus\My Shared Folder

\Naked WWE Divas.exe

C:\Program Files\Morpheus\My Shared Folder\Naked Britney.exe

C:\Program Files\Morpheus\My Shared Folder\Naked Celebrity.exe

C:\Program Files\Morpheus\My Shared Folder\Celeb uncensord.exe

C:\Program Files\Morpheus\My Shared Folder\SUCK.exe

C:\Program Files\kazaA lite\My Shared Folder

C:\Program Files\kazaA lite\My Shared Folder\Sex.exe

C:\Program Files\kazaA lite\My Shared Folder\Porn.exe

C:\Program Files\kazaA lite\My Shared Folder\Paris Hilton.exe

C:\Program Files\kazaA lite\My Shared Folder\PORNO.exe

C:\Program Files\kazaA lite\My Shared Folder\XXX.exe

C:\Program Files\kazaA lite\My Shared Folder\Naked WWE Divas.exe

C:\Program Files\kazaA lite\My Shared Folder\Naked Britney.exe

C:\Program Files\KMD\My Shared Folder\Sex.exe

C:\Program Files\kazaA lite\My Shared Folder\Naked Celebrity.exe

C:\Program Files\kazaA lite\My Shared Folder\Celeb uncensord.exe

C:\Program Files\kazaA lite\My Shared Folder\SUCK.exe

C:\Program Files\KMD\My Shared Folder

C:\Program Files\KMD\My Shared Folder\Porn.exe

C:\Program Files\KMD\My Shared Folder\Paris Hilton.exe

C:\Program Files\KMD\My Shared Folder\PORNO.exe

C:\Program Files\KMD\My Shared Folder\XXX.exe

C:\My Downloads\Naked WWE Divas.exe

C:\Program Files\KMD\My Shared Folder\Naked WWE Divas.exe

C:\Program Files\KMD\My Shared Folder\Naked Britney.exe

C:\Program Files\KMD\My

病毒的清除法：

使用光华反病毒软件，彻底删除。

病毒演示：

病毒FAQ：

Windows下的PE病毒。

发现日期：

2004-12-24

• ·I-Worm.Win32.Rivon.a
• ·I-Worm.DTM.a
• ·Worm.Win32.Atak.j
• ·Worm.Win32.Breacuk.a
• ·Worm.Win32.Kipis.a
• ·Worm.P2P.Delf.ab
• ·Worm.Win32.Heher.h
• ·Worm.Win32.Atak.h
• ·Worm.Reperv.a
• ·Worm.Wukill.h