病毒名称:
Worm.Holar.a.enc
类别: 蠕虫病毒
病毒资料:
破坏方法:
Visual Basic写的病毒,是一个通过自己的SMTP引擎或微软的Outlook传播的蠕虫。
一旦执行,病毒将:
1.显示一个虚假的消息。
2.可能创建一个文件夹:%WINDIR%\Sys32s,并复制自己为:ZaCker.exe 到此目录下。
同时复制自己到系统目录下:%SYSDIR%\MizZabbat32.exe.
可能创建如下文件:
%SYSDIR%\Syschk.exe: 这是病毒传播的组件。
%SYSDIR%\Smtp.Ocx: SMTP 库
%SYSDIR%\Runhelp.cab: 包含文件: runhelp.inf
%WINDIR%\Sys32s\Runhelp.cab
%WINDIR%\Web\Folder.htt
3.可能添加如下值:
"SystemChecker"="%SYSDIR%\Syschk.exe"
到注册表的启动项:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrenVersion\Run
这样病毒就可以随系统自启动。
可能添加值:
"Cya"
到注册表键值:
HKEY_CURRENT_USER 下
4.病毒从internet的暂存目录下、微软outlook地址薄、
Yahoo Messenger和下列扩展名的文件中搜索email地址:
.asf, .avi, .doc, .jpg, .mdb, .mpe, .mpeg, .mpg, .pps, .ram, .rar, or .xls.
病毒使用自己的 SMTP 引擎或 Outlook 发送带毒邮件到搜索到的地址。
病毒的邮件消息可能有如下内容:
hey
Check this out ;)
Hey
I thought you trusted me but ...
i haven't ever thought i should send u my briefcase to gain ur Trust .
Have it all :) bye
Hey Wussap?
Here is the Emmy ;) Dont tell Sam aBT it
Cya
Another one?
Heyyyy
I lost the other email , anyway i sent u all u need
Cya
Hey
i have just got it , plz tell me if u need more.
bye
Heyyyyyyyy Lola Wussaaap??
I forgot to tell u , the other file is with Sam:) bye
YO DUMP , IM SICK OF UR EMAILS , IF U LOSE IT
AGAIN I WONT GIVE IT TO U, SAVE IT
BYEEE
Hey wussap?
i lost Sara's Email plzz send this file to her :)
and tell her i can't be online tonight
Bye
heyyy
I can't be online tonight :(
anyway , i sent u something u r gonna love ;)
cya tomorrow
Hi
i just wanted to say sorry for last night
and .. i wish u accept this as an apology
bye dear
elegant ppl should satisfy thier taste with elegant things ;)
Wait for more :)
I've got your email , but you forgot to upload the attachments.
Don't be selfish , i sent you all the files i have, send me anything :(
bye
heyyyy
i tried many times to send u this email but ur account
was out of storage as i think
any way , make sure that i didn't and i won't forget u :)
Cya Forgotten :P
i thing the subject is enough to describe the attached file !
check it out and replay your opinion
Cya
Hiiiiiii
i've got this surprise from a friend :)
it really deserves a few minutes of your time.
Bye
Never mind !
Attatchments
See the attatched file
you seem to be mad @ me coz i didn't send u anything for along time,
i didn't forget u , but i was kinda busy , i've got all of ur emails
thanx :) and i hope u accept this one as an apology.
gift :)
Surprise!
Hi
i'm fine , thanx for aSKINg :)
and thanx for the nice attachements.
but unfortunately, i don't remember you
i will be waiting for u emaill to remind me of your self.
Hummm , i hope u accept this show as an apology.
bye
save it for hard times
Happy Times :)
Useful
Very funny
hey wuts up?
i found this amazing file in my Recycled , i know u love this kind of things ;)
cyaaa
you have to see this!
amazing!
病毒的清除法:
使用光华反病毒软件,彻底删除。
病毒演示:
病毒FAQ:
Windows下的PE病毒。
发现日期:
2003-12-1
