病毒名称:
Worm.4HorseMan.b
类别: 蠕虫病毒
病毒资料:
破坏方法:
通过Outlook邮件和文件共享传播的蠕虫病毒
安装:
病毒通过替换windows的资源管理器eXPlorer.exe来使自己能够自启动,同时将原来的explorer.exe复制到其它地方。
行为:
1.病毒能够终止内存中运行包含下列字符串的的进程:
avp,kav,nav,scan,anti,alert,mon,
check,prot,vir,safe,guard,alarm,
detect,clean,
等
2.通过IRC软件传播是消息一般为:
Watch this, it's very simple and can add a lot of things into your pIRCh!
Hi! try this useful program, it helped me a lot!
mIRC_Utilities.exe
3.通过outlook发送邮件时信息一般为:
New update! Interesting file
Update your system
A windows patch
Very important!
Try this patch that i've found yesterday, it's very useful!
this Windows update is very simple and powerful!It helped me a lot!
Check out this program, it has a lot of functions!
Install this useful program, and tell me what you think about it! Greets!
WindowsPatch
Updater
WinTool
BugFixer
Upgrade_Installer
Microsoft_patch_720
附件即病毒
4.病毒复制到P2P共享目录使得文件名一般为:
Porn_Downloader.exe
Soccer game.exe
WinBugsFixInstaller.exe
AIM passWord stealer.exe
Norton AntiVirus Crack.exe
Easy_Crack_creator.exe
Christina Aguilera fUCked.exe
Pamela Anderson Sex.exe
Saddam-Alive.exe
Bin Laden-The truth.exe
Hotmail password stealer.exe
RegCleaner_Setup.exe
病毒的清除法:
使用光华反病毒软件,彻底删除。
病毒演示:
病毒FAQ:
Windows下的PE病毒。
发现日期:
2003-6-13