病毒名称:
I-Worm.Alcaul.f
类别: 蠕虫
病毒资料:
破坏方法:
替换常用文件:
\WINDOWS\FAVORITES\PACMAN.COM
\RECYCLED\CD12.COM
\WINDOWS\BOOT32.DAT
\WINDOWS\SCANREGW.EXE
\WINDOWS\REGEDIT.EXE
\WINDOWS\PING.EXE
\WINDOWS\MARLEY.mp3
\WINDOWS\VSHWIN32.COM
\WINDOWS\SYSTEM32\2002.COM
\WINDOWS\TELNET.EXE
\WINDOWS\HELP.COM
\PUSSY.COM
\PUSSY.COM
创建文件:
\WINDOWS\BANNER.JS弹出一个msgbox
修改了\WINDOWS\COMMAND.PIF,但不影响使用。
HKLM\SOFTWARE\Microsoft\Windows
\CurrentVersion\RunServices\*Ping
"c:\WINDOWS\ping.exe"
HKCU\Software\Microsoft\Windows
\CurrentVersion\Run\*Regedit
"c:\WINDOWS\regedit.exe"
HKCU\Software\Microsoft\Windows
\CurrentVersion\Run\*Spawn
"command.com /c copy /y
c:\WINDOWS
\boot32.dat c:\WINDOWS\SYSTEM\command.com"
HKLM\SOFTWARE\Microsoft\Windows
\CurrentVersion\Run\Vshwin32COM
"c:\WINDOWS\vshwin32.com"
HKLM\SOFTWARE\Microsoft\Windows
\CurrentVersion\Run\INTERNET
"C:\INETPUB\WWWROOT\INTERNET.EXE"
HKLM\SOFTWARE\Microsoft\Windows
\CurrentVersion\RunOnce\*Help
"c:\WINDOWS\Help.com"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion
\RunServicesOnce\*Command
"c:\WINDOWS\SYSTEM\command.com"
HKCU\Software\Microsoft\Windows
\CurrentVersion\Runonce\*Telnet
"c:\WINDOWS\telnet.exe"
改图标
HKCR\comfile"JPEG Image"
HKCR\comfile\DefaultIcon
"shimgvw.dll,3"
运行exe时,弹出
HKCR\exefile"Ei Slagehammer, I
hate exe files.. - Alcopaul"
HKCR\jpegfile"Hi, Janis RUCkenbrod..
Search my nude picture in your pc..
- Alcopaul"
HKCR\mp3file"Download only punk,
ska and reggae mp3s..
- Alcopaul"
HKCR\Htmlfile\shell\opennew\command"c:\WINDOWS\telnet.exe"
HKCR\txtfile\shell\open
\command
"c:\Recycled\dos\restore.com"
启动vbs,mpeg时
HKCR\VBSFile\Shell\Open\Command
"c:\WINDOWS\Wscript.exe c:\Windows\banner.js"
HKCR\VBSFile\Shell\Open2\Command
"c:\WINDOWS\Cscript.exe c:\Windows\banner.js"
HKCR\MPEGFILE\shell\open
\command"c:\Recycled\cd12.com"
病毒的清除法:
使用光华反病毒软件,彻底删除。
病毒演示:
病毒FAQ:
Windows下的PE病毒。
发现日期:
2004-9-28
