病毒名称:
Worm.P2P.Skater.a.enc
类别: 蠕虫
病毒资料:
破坏方法:
利用P2P软件传播的病毒。同时执行恶意指令
“ping -l 56550 www.kkk.biz -t”
试图拷贝自身到下列目录
C:\Program Files\KaZaA Lite\My Shared FolderC:\Program Files
\mirc\downloadC:\Program Files\mirc32\downloadC:\Program Files\icq\sharedC:\Program
Files\limewire\sharedC:\My Downloads
病毒随机的采用下列名称
Visual Basics 6 Key Generator.exe
Nero 6 Crack.exe
Windows ProdUCts Key Generator.exe
FlashGet Crack.exe
Visual C++ Key Generator.exe
Quake 3 Key Generator.exe
Brood Wars Key Generator.exe
UT2004 Key Generator.exe
Halo 2 Crack.exe
Hotmail Account Hacker.exe
E-Mail Cracker.exe
Delphi Crack.exe
Norton Anti-Virus Crack.exe
McAfee Crack.exe
Counter Strike Key Generator.exe
在windows目录查找下列路径
\msagent\Sun\I386\Cache\security\Help\Web\Prefetch\Config\ime\AppPatch
如果找到,拷贝过去为com文件。名称随机。
病毒在注册表中增加下列数据
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion
\Run\System Startup = "C:\WINNT\system32\sysfile.exe"
HKLM\SOFTWARE\Scatter Worm\INFeCTeD!!! = "INFeCTeD By The Scatter Worm."
HKLM\SOFTWARE\Scatter Worm\INFeCTeD$$$ = "Spreads Via LAN, E-Mail, P2P"
HKLM\SOFTWARE\Scatter Worm\INFeCTeD??? =
"Every Boot Scatters 390 Copies Of The Worm On The Machine."
病毒的清除法:
使用光华反病毒软件,彻底删除。
病毒演示:
病毒FAQ:
Windows下的PE病毒。
发现日期:
2004-5-26