病毒名称:
W32/Surnova-D
类别: 蠕虫
病毒资料:
技术特征:
该蠕虫可通过KaZaA网络及MSN即时聊天工具进行传播。感染此蠕虫后,它首先会将自身以如下名字之一拷贝至Windows文件夹下:
Alles-ist-vorbei.exe
Desktop-shooting.exe
Hello-Kitty.exe
BigMac.exe
Cheese-Burger.exe
Blaargh.exe
接着,设置注册表启动键HKLMSoftwareMicrosoftWindowsCurrenVersionRunSupernova 使得自己随Windows的启动而启动。
若病毒第一次运行,它会弹出假的报错对话框:
"Application attempted to read memory at 0xFFFFFFFFh Terminating application".
另外,它通过设置如下注册表键使得病毒能借助KaZaA网络上的共享文件夹传播:
HKLMSoftwareKaZaALocalContent
假如该键值未找到,病毒就会使用 C:Media文件夹,然后在此文件夹下创建如下名称的共七十个病毒副本:
Windows XP key generator.exe
Windows XP serial generator.exe
Key generator for all windows XP versions.exe
Warcraft 3 ONLINE key generator.exe
Half-life ONLINE key generator.exe
Quake 4 BETA.exe
Grand theft auto 3 CD1 crack.exe
GTA3 crack.exe
Battle.net key generator (WORKS!!).exe
Warcraft 3 battle.net serial generator.exe
Half-life WON key generator.exe
Star wars episode 2 downloader.exe
WinZip 8.0 + serial.exe
WinRAR + crack.exe
Britney spears nude.exe
Macromedia MX key generator (all prodUCts).exe
KaZaA media desktop v2.0 UNOFFICIAL.exe
Microsoft key generator, works for ALL microsoft products!!.exe
Microsoft Windows XP crack pack.exe
Hack into any computer!!.exe
DivX codec v6.0.exe
DivX newest version.exe
DivX.exe
DivX pro key generator.exe
Key generator for over 1,000 applications (really!).exe
DivX patch - Increases quality.exe
KaZaA spyware remover.exe
Age of empires 2 crack.exe
Norton antivirus 2002.exe
Macromedia Dreamweaver MX Key Generator.exe
Macromedia Flash MX Key Generator.exe
Neverwinter nights crack.exe
Microsoft Office XP (english) key generator.exe
Microsoft Office XP.iso.exe
CloneCD + crack.exe
CloneCD all-versions key generator.exe
XBOX emulator (WORKS!!).exeGamecube Emulator (WORKS!!).exeXbox.info.exeGrand Prix 4 crack.exe
Nokia simlock remover (includes new models).exe
Norton antivirus 2002.exe
Macromedia Dreamweaver MX Key Generator.exe
Macromedia Flash MX Key Generator.exe
Neverwinter nights crack.exe
Microsoft Office XP (english) key generator.exe
Microsoft Office XP.iso.exe
CloneCD + crack.exe
CloneCD all-versions key generator.exe
XBOX emulator (WORKS!!).exe
Gamecube Emulator (WORKS!!).exe
Xbox.info.exe
Grand Prix 4 crack.exe
Nokia simlock remover (includes new models).exe
Britney spears hard porn (REAL!).exe
Christina Aguilera fuck (REAL!).exe
Kiddy child incest porn.exe
Doom 3 preview!!.exe
Crazy taxi crack.exe
Copy protection remover.exe
Sex.exe
Jedi Knight 2 crack.exe
Warcraft 3 trainer.exe
Cable modem uncapper.exe
Grand theft auto 3 trainer.exe
KaZaA hack.exe
KaZaA lite.exe
Dragonball Z.exe
Dragonball Z COMPLETE episode guide.exe
Dragonball Z shootout.exe
Dragonball Z episode 1.exe
J-LO Nude (REAL!!).exe
Doom 3 screenshots.exe
Resident Evil [DivX].exe
Shrek.exe
Starcraft 2 preview!.exe
Starcraft battle.net key generator.exe
Starcraft ONLINE crack.exe
它同时还会偿试将自身发送给受感染用户的MSN好友,可能以如下形式出现:
Hehe, check this out :-)
Funny, check it out (h)
LOL!! See this :D
LOL!! Check this out :)
Hehe, this is fun :-)
病毒还会在Windows文件夹中新建一个文本文件,文件名是由随机生成的数字组成,内容如下:
W32.Supernova - Ban religion
Religion = War
Religion = Based on fairytales
Wars based on fairytales?
Ban religion, welcome to the truth
病毒的清除法:
使用光华反病毒软件,彻底删除。
病毒演示:
病毒FAQ:
借KaZaA传播 新蠕虫“Surnova-D”。
发现日期:
2003-7-20
