Worm.Win32.Wurmark.c - 王朝网络宽屏版

病毒名称:

Worm.Win32.Wurmark.c

类别：蠕虫病毒

病毒资料：

破坏方法：

一个用VB编写的蠕虫病毒.

病毒行为:

病毒将自己的病毒文件压缩成attached.zip文件.并将其复制到％system％目录下,病毒还将释放一个名为uglym.jpg的文件到％system％目录,并使用ie打开它.

病毒启动一个线程:

不断的查找标题为"Windows Security Alert"的窗口,找到后将关闭该窗口所有者进程.

病毒修改hotst文件:

127.0.0.1 rads.McAfee.com

127.0.0.1 liveupdate.symantecliveupdate.com

127.0.0.1 update.symantec.com

127.0.0.1 downloads-us2.kASPersky-labs.com

127.0.0.1 downloads-us3.kaspersky-labs.com

127.0.0.1 downloads-us4.kaspersky-labs.com

127.0.0.1 updates3.kaspersky-labs.com

127.0.0.1 symantecliveupdate.com

127.0.0.1 symatec.com

127.0.0.1 downloads3.kaspersky-labs.com

127.0.0.1 FTP.downloads1.kaspersky-labs.com

127.0.0.1 liveupdate.symantecliveupdate.com

127.0.0.1 liveupdate.symantec.com

127.0.0.1 updates1.kaspersky-labs.com

127.0.0.1 downloads-us1.kaspersky-labs.com

127.0.0.1 updates1.kaspersky-labs.com

127.0.0.1 updates2.kaspersky-labs.com

127.0.0.1 updates3.kaspersky-labs.com

127.0.0.1 downloads1.kaspersky-labs.com

127.0.0.1 downloads2.kaspersky-labs.com

127.0.0.1 downloads3.kaspersky-labs.com

127.0.0.1 ftp.downloads1.kaspersky-labs.com

127.0.0.1 ftp.downloads2.kaspersky-labs.com

127.0.0.1 ftp.downloads3.kaspersky-labs.com

使一些反毒软件的网站不能正常的访问.

邮件传播:

病毒遍历磁盘文件,尝试从以下扩展名文件中提取email地址

.wab,.adb,.tbb,.dbx,.asp,.PHP,.htm,Html,.sht,.txt,.doc成功提取后,病毒将向其发送带毒邮件.

(病毒将不向email地址中包含以下字串的地址发送病毒邮件)

adawarenod32trendmicroavgukgrisoftpandasoftwaresophossophos.

govsymanteclavasoftmcafeekaspersky

邮件标题:

i found this on my computer from ages ago

download it and see if you can remember it

lol i was lauging like mad when i saw it! :D

email me back haha...

Your Pic On A Website!!

I was looking at a website and came across

this pic they look just like you! infact im sure

it is lol , did you send this pic into them ? or

is it someonce else :S ? Ive Added the pic in

a zip so download it and check & email me back!

Rate My Pic.......

Hi ive sent 5 emails now and nobody will rate

my pic!! :( please download and tell me what you

think out of 10 , dont worry if you dont like it

just say i wont be offended p.s i was drunk when

it was taken :P

邮件附件名:

Pic_001.exe

Mary-Christmas.scr

Hapy-new-year.scr

Photo_01.pif

admire_001.exe

is_this_you.scr

love_04.scr

for_you.pif

...

病毒的清除法：

使用光华反病毒软件，彻底删除。

病毒演示：

病毒FAQ：

Windows下的PE病毒。

发现日期：

2004-12-23