病毒名称:
I-Worm.Epon
类别: 蠕虫病毒
病毒资料:
破坏方法:
病毒是一个Visual C++6.0编写的蠕虫,采用UPX压缩。
一旦执行,病毒将自我复制到系统文件夹:
%SYSDIR%krnl32.exe
并建立一个隐藏文件夹,将病毒复制于此:
%SYSDIR%\Epyon
可能的文件名为:
Britney Spears.jpg.exe
Windows Longhorn (Beta Version).exe
Norton Anti-Virus 2004 Professional.exe
Anna Kournikova Screensaver (HOT!).scr
15 yr old masturbating (hidden cam)
.avi.exe
HOW TO write viruses.pif
Free XXX passWords.pif
me fUCking my sweet ex-girlfriend
(she is so HOT!!).mpg.exe
Teen gangbang.avi.exe
Blonde in short skirt fucking
(upskirt).mpg.exe
Drunk girl fucked by 3 guys (awsome!)
.mpg.exe
Estella Warren Screensaver
(Hottest babe ever!).scr
Jennifer Lopez Screensaver.scr
Sarah Michelle Gellar Screensaver.scr
Buffy The Vampire Slayer Screensaver.scr
Grand Theft Auto Vice City - Multiplayer
patch.exe
Quake IV (Beta but working!).exe
Unreal II - The Awakening Serail
Generator.exe
Lord of the Rings - The Return
of the King.exe
Need For Speed Underground.exe
The Fast and the Furious.exe
The Matrix Online.exe
Unreal Tournament 2004 (Full Game).exe
Final Fanatasy XII (English version).exe
Counter-Strike Condition Zero (Full working Game!).exe
Half Life 2 (Full Game).exe
它将创建下列注册表键值来使自己随Windows系统自启动:
HKLM\Software\Microsoft\Windows
\CurrentVersion\Run
"Kernel32"="%SYSDIR%\krnl32.exe"
网络传播:
病毒释放一个VBS脚本文件:Epyon.vbs,并通过它进行Outlook
邮件传播:
它向所有outlook联系人发送带毒邮件,邮件带有下列特征:
标题: Britney Spears poses nude in the Playboy!
附件t: Britney Spears.jpg.exe
文件共享传播:
将文件夹 %SYSDIR%\Epyon 向下列网络开放文件共享:
Morpheus
eDonkey2000
Overnet
iMesh
Grokster
KaZaA
mIRC传播:
病毒释放一个mIRC的脚本文件:script.ini,并使用这个文件来传播病毒
删除下列文件:
C:\IO.SYS
C:\MSDOS.SYS
C:\CONFIG.SYS
C:\boot.ini
注: %SYSDIR% 是可变的WINDOWS系统文件夹,默认为:
C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32
(Windows NT/2000),
或 C:\Windows\System32 (Windows XP).
病毒的清除法:
使用光华反病毒软件,彻底删除。
病毒演示:
病毒FAQ:
Windows下的PE病毒。
发现日期:
2003-12-5