病毒名称:
I-Worm.Cydog.c
类别: 蠕虫病毒
病毒资料:
破坏方法:
这是偷传奇密码的蠕虫。
1.终止包含下列字符串的进程:
NETSERVICES
COMMAND
SYSHELP
RAVMOND
WINRPC
WINHELP
WINGATE
NPROTECT
CLEANER
WINDRIVER
TASKMGR
MSCONFIG
REGEDIT
ANTI-TROJAN
BLACKICE
ZONEALARM
LOCKDOWNADVANCED
NVC95
FP-WIN
IOMON98
PCCWIN98
F-PROT
F-STOPW
IAMSERV.EXE
NAVWNT
NAVRUNR
NAVLU32
NAVAPSVC
VSMON.EXE
SYMPROXYSVC
RESCUE32
NISSERV
VSECOMR
VETTRAY
TDS2-NT
CCAPP.EXE
SCAN32
PCFWALLICON
NSCHED32
SPHINX.EXE
FRW.EXE
McAfee
ATRACK
PVIEW.EXE
LUCOMSERVER
LUALL.EXE
NMAIN.EXE
NAVW32
NAVAPW32
VSSTAT
VSHWIN32
AVSYNMGR
AVCONSOL
WEBTRAP
POP3TRAP
PCCMAIN
PCCIOMON
ESAFE.EXE
AVPM.EXE
AVPCC.EXE
AMON.EXE
ALERTSVC
ZAPRO.EXE
AVP32
LOCKDOWN2000
AVP.EXE
CFINET32
CFINET
ICMON
SAFEWEB
WEBSCANX
IAMAPP
2.修改exe文件关联,指向病毒
3.拷贝自身若干份到系统
\WebAttack-DoS Tool.exe
\FTP Cracker-2003(Crack the passWord of ANY FTP server
with this tool!).exe
\Yahoo Remote Password Cracker Deluxe 2003.exe
\AIM Remote Password Cracker.exe
\Hotmail EXPloiter 2003.exe
\XNuker 2003.exe
\Ultimate HackProg.exe
\MSN Messenger Remote Password Cracker 2003.exe
\Netbios hacker.exe
\Chaos Ip Spoof 2003.exe
\mapi32.drv
\format.com
\SARS-Guide.scr
\MsnMsgs.exe
\Setup.exe
\Virtual Joke.scr
\Saddam-the real pics.scr
\Christina Aguilera-The most beautiful girl on earth.scr
\Soccer Database.exe
\OutWar Demo.exe
\Love.scr
\Last Summer.scr
\Hotmail Hacker.exe
\FixSql.com
\Q30215HOTFIX.pif
\Api Hooking-Tutorial.exe
4.生成mIRC通讯script.ini,传播病毒文件
Magical-Screensaver.scr。
5.发送携带病毒的信件。
使用下列邮件服务器
mailserver.hCss.com
140.111.84.3
62.219.169.170
mailhost.chi.ameritech.net
131.107.22.132
mail.openforum.us
mail.siak.ch
208.137.28.230
212.160.143.67
mail.datashapers.com
mail.msileads.com
mail.cardisoft.gr
65.166.136.182
66.240.140.209
200.78.242.123
203.122.18.210
200.241.111.36
mailgate-ath.forthnet.gr
mail.ofoghnet.com
61.73.107.67
web.humanlink.co.kr
mailinx.nettlinx.com
gate1.kcm.org
mail.hotmail.com
6:信件内容参考
标题:Fwd:Fwd:Fwd:Watch out for SARS!
正文:
SARS aka Severe Acute Respiration Syndrome is infecting more and
more people every day
Soon it will get to USA,Europe,Asia,Africa and Australia if we don't
do something
Thats why we started this chain letter with a single attachment
Our mission is to make all people aware of the disease and to give
them a handy guide on how
to protect themselves
The attachment(SARS-Guide) is a guide (like the name says;)) with instructions for avoiding
infection and what to do
when infected
Ofcourse we cannot send this Guide to all people,thats why the WHO(World Health Organisation) has made a deal with WISI(World Internet Statistic Institute):For mail FORWARD of this email
WITH the Guide,0.50US$
will be transfered to the WHO bank account
They will use this money to make a vaccin for the SARS Virus,
and thus help mankind
If you want to participate to this project,and thus help mankind,
you should FORWARD this
email to at least 1 person with this Guide Attached
Thas all you'll have to do
Do,'t forget!Every FORWARD is 0.50US$ more for the vaccin,a vaccin is very
expensive,so forward it if you want to participate in helping mankind!
For more information contact:
Dick Thompson - Communication Officer
Communicable Disease Prevention, Control and Eradication WHO, Geneva
Telephone: (+41 22) 791 26 84
病毒的清除法:
使用光华反病毒软件,彻底删除。
病毒演示:
病毒FAQ:
Windows下的PE病毒。
发现日期:
2003-9-22