病毒名称:
Worm.Mail.Gizer.a
类别: 蠕虫
病毒资料:
破坏方法:
通过邮件进行传播的蠕虫病毒
病毒运行后有以下行为:
一、弹出包含以下内容的对话框,用于迷惑用户:
"Could not patch due to bad CRC!"
二、发送携带病毒的邮件,以下为邮件内容:
邮件标题:"Urgent message for all Windows users"
邮件正文:
"Dear Windows User,
The Microsoft Security EXPerts have discovered a bug inside the Windows files that
poses a security threat to all versions of Windows newer than Windows98 (including
Windows98). Virus experts have reported that few known viruses have been
identified using this exploit, but more are expected.
A patch has been supplied with
this email and will fix the security hole.
**THIS MESSAGE WAS DELIVERED BY THE AUTHOR FROM ENERGY
WORM !!!** "
附件文件名为:"patch.exe"。
三、查找系统中扩展名为".ZIP"的文件,通过修改ZIP文件将病毒文件插入到这些找到的ZIP文件中,被修改的ZIP压缩包中将增加一个为"HEIDI.EXE"的文件,该文件为病毒文件。
病毒的清除法:
使用光华反病毒软件,彻底删除。
病毒演示:
病毒FAQ:
Windows下的PE病毒。
发现日期:
2004-9-3