病毒名称:
I-Worm.Delanaber.c
类别: 蠕虫病毒
病毒资料:
破坏方法:
该病毒是Delphi写的通过邮件传播的蠕虫病毒
一旦运行,病毒将:
1.病毒首先显示一个消息框,其内容为:
Microsoft Anti Virus Plugin Detected any Suspiciuos files.
Well it's time to check if your system is ready.
Do you want start the Av Test ?
这是病毒的伪装信息
病毒从Windows AddressBook(Wab)文件和注册表中搜索Email(邮件)地址,并向这个地址发送带毒邮件,邮件内容大致如下:
Subject: Fwd: Microsoft Anti Virus Plugin
Microsoft Anti Virus Plugin Detected any Suspiciuos files.
Test your computer today and foward this Email.
Free service (for win95/98/Me/NT/2000/XP).
TrendMicro has scanned this mail for viruses, vandalsand suspicious attachments
and has found it to be CLEAN.
attachment:MSPlug-in.exe 此附件就是病毒本身
病毒修改注册表如下:
HKCR\De_Lanabras\210880 = "to die or not to die"
修改Exe文件关联,导致用户在执行任何扩展名为 .exe 的文件时会首先运行病毒
HKCR\exefile\shell\open\command
(Default) = "kernel32.vxd "%1" %*"
病毒的清除法:
使用光华反病毒软件,彻底删除。
病毒演示:
病毒FAQ:
Windows下的PE病毒。
发现日期:
2004-12-24