Worm.P2P.Gkeki

王朝other·作者佚名  2008-05-31
窄屏简体版  字體: |||超大  

病毒名称:

Worm.P2P.Gkeki

类别: 蠕虫病毒

病毒资料:

破坏方法:

一个利用P2P软件共享目录进行传播的蠕虫病毒.

病毒行为:

病毒运行后,将自己复制到%windows%目录下,文件名为:CSRSS.exe,病毒将修改注册表中txt文件关联使其指向病毒,每次用户点击一个txt文件时,将先启动病毒.病毒还将在注册表

HKEY_LOCAL_MACHINE\Software\Microsoft

\Windows\Currentversion\Run中加入自己的键

"Norton Auto-Protect" = CSRSS.EXE

以达到随系统启动目的.

随后病毒驻留内存,并尝试从注册表中读出一些p2p软件的共享目录路径.

如:

Software\Imesh\Client\LocalContent\Dir0

病毒将自己复制到这些目录,文件名为:

Sex.exe

Porn.exe

Paris Hilton.exe

Naked Celebrity.exe

Celeb uncensored.exe

SUCK.exe

如果读取不到这些路径病毒将尝直接将自己复制到以下路径

C:\Program Files\Grokster\My Grokster

\Paris Hilton.exe

C:\Program Files\Grokster\My Grokster\PORNO.exe

C:\Program Files\Grokster\My Grokster\XXX.exe

C:\Program Files\Grokster\My Grokster

\Naked WWE Divas.exe

C:\Program Files\Grokster\My Grokster

\Naked Britney.exe

C:\Program Files\Grokster\My Grokster

\Naked Celebrity.exe

C:\Program Files\Grokster\My Grokster

\Celeb uncensord.exe

C:\Program Files\Grokster\My Grokster

\SUCK.exe

C:\Program Files\Morpheus\My Shared Folder

C:\Program Files\Morpheus\My Shared older\Sex.exe

C:\Program Files\Morpheus\My haredFolder\Porn.exe

C:\Program Files\Morpheus\My Shared Folder\Paris Hilton.exe

C:\Program Files\Morpheus\My Shared older\PORNO.exe

C:\Program Files\Morpheus\My Shared Folder\XXX.exe

C:\Program Files\Morpheus\My Shared Folder

\Naked WWE Divas.exe

C:\Program Files\Morpheus\My Shared Folder\Naked Britney.exe

C:\Program Files\Morpheus\My Shared Folder\Naked Celebrity.exe

C:\Program Files\Morpheus\My Shared Folder\Celeb uncensord.exe

C:\Program Files\Morpheus\My Shared Folder\SUCK.exe

C:\Program Files\kazaA lite\My Shared Folder

C:\Program Files\kazaA lite\My Shared Folder\Sex.exe

C:\Program Files\kazaA lite\My Shared Folder\Porn.exe

C:\Program Files\kazaA lite\My Shared Folder\Paris Hilton.exe

C:\Program Files\kazaA lite\My Shared Folder\PORNO.exe

C:\Program Files\kazaA lite\My Shared Folder\XXX.exe

C:\Program Files\kazaA lite\My Shared Folder\Naked WWE Divas.exe

C:\Program Files\kazaA lite\My Shared Folder\Naked Britney.exe

C:\Program Files\KMD\My Shared Folder\Sex.exe

C:\Program Files\kazaA lite\My Shared Folder\Naked Celebrity.exe

C:\Program Files\kazaA lite\My Shared Folder\Celeb uncensord.exe

C:\Program Files\kazaA lite\My Shared Folder\SUCK.exe

C:\Program Files\KMD\My Shared Folder

C:\Program Files\KMD\My Shared Folder\Porn.exe

C:\Program Files\KMD\My Shared Folder\Paris Hilton.exe

C:\Program Files\KMD\My Shared Folder\PORNO.exe

C:\Program Files\KMD\My Shared Folder\XXX.exe

C:\My Downloads\Naked WWE Divas.exe

C:\Program Files\KMD\My Shared Folder\Naked WWE Divas.exe

C:\Program Files\KMD\My Shared Folder\Naked Britney.exe

C:\Program Files\KMD\My

病毒的清除法:

使用光华反病毒软件,彻底删除。

病毒演示:

病毒FAQ:

Windows下的PE病毒。

发现日期:

2004-12-24

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
 
 
© 2005- 王朝網路 版權所有 導航