Worm.Win32.Atak.j

王朝system·作者佚名  2008-05-31
窄屏简体版  字體: |||超大  

病毒名称:

Worm.Win32.Atak.j

类别: 蠕虫病毒

病毒资料:

破坏方法:

一个简单的蠕虫病毒.

病毒行为:

病毒运行后,将自己复制到%system%目录下,文件名为%随机字符%.exe.并在WIN.INI的WINDOWS节RUN项中加入%system%\%随机字符%.EXE以达到随系统启动的目的.

随后病毒驻留内存,搜索磁盘尝试从以下扩展名的文件中提取email地址.并向其发送病毒

邮件.

病毒将跳过地址中包含以下字串的地址

@pspl

@norman

@ozemail

@karpersky

@commandsoftware

@centralcommand

@eAladdin

@free-av

@bitdefender

@vsnl

@complex

@f-secure

@sophos

@symantec

@microsoft

submit

virus

samples

microsoft

邮件标题:

human spirit

Not Wars

and get money

for fun

will freedom

to other

with me

Not spam

...

邮件正文:

We have installed our anti-spam tools to protect your email

Your account info has been setting up to block spam email

We have make a few change for our customer. Please be informed

We have upgraded your account features

Your account has been upgraded with our new services

has been attached as a file and ready to be printed

[please change it after registeration]

(You can change it later)

(temp. pwd only)

(temporary passWord)

Remember this note

Please take note this info

Keep this info

Your account info

know about account features.

learn about our features.

get more info.

find out our services.

...

邮件附件扩展名:

.zip

病毒的清除法:

使用光华反病毒软件,彻底删除。

病毒演示:

病毒FAQ:

Windows下的PE病毒。

发现日期:

2004-12-17

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
 
 
© 2005- 王朝網路 版權所有 導航