病毒名称:
I-Worm.Ronoper.x
类别: 蠕虫病毒
病毒资料:
破坏方法:
利用MAPI发送邮件,邮件的附件是病毒本身。
1.终止下列反病毒软件
AVPCC
AVPCC Service
BlackIce Utility
F-StopW
McAfee Firewall
McAfee Winguage
McAfee.InstantUpdate.Monitor
McAfeeVirusScanService
McAfeeWebscanX
McAgentExe
McUpdateExe
NAV Agent
NAV Configuration Wizard
NAV DefAlert
NB Common Dialog Enhancements
NB Start Menu
NB Windows Patterns
Norton Auto-Protect
Norton eMail Protect
Norton Navigator Loader
Norton Program Scheduler
Norton Program Scheduler Event Checker
NPS Event Checker
Panda Scheduler
PP2000 Instaupdate
PP2000 Real Time Scan
PP2000 Taskbar Control
SymTray - Norton SystemWorks
Tiny Personal Firewall
TrendMicro Antivirus
TrueVector
WinProxy
ZoneAlarm
ZoneAlarm Pro
2.修改Software\Mirabilis\ICQ\Agent\Apps\IcqWinCfg\Path 的值,指向病毒。
3.在注册表Run项添加“System Toolkit”,指向病毒。
4.附件的文件名称随机地取下列之一
\Norton Antivirus 2003 Professional Edition.exe
Systools.exe
\Norton Internet Security 2003 Professional.exe
\Windows XP Key Generator.exe
\Windows XP Keygen.exe
\Icq Hack.exe
\Hotmail Hack.exe
\Spy Cam - Girl Masterbating.scr
\PornStar in Hardcore Action.scr
\WarCraft 3 Battle.net Key Generator.exe
\WarCraft 3 MapHack.exe
\StarCraft Battle.net Keygen.exe
\StarCraft Maphack.exe
\HardCore Action In The School.scr
\HardCore - College Webcam.scr
\Penis Enlargement Secrets.scr
病毒的清除法:
使用光华反病毒软件,彻底删除。
病毒演示:
病毒FAQ:
Windows下的PE病毒。
发现日期:
2003-9-22
