病毒名称(中文):
病毒别名:
威胁级别:
★☆☆☆☆
病毒类型:
蠕虫病毒
病毒长度:
180224
影响系统:
Win9xWinNTWin2000
病毒行为:
编写工具:
Delphi编写upx压缩
传染条件:
这是一个蠕虫,利用邮件和各种聊天工具在网络上传播,这些聊天工具包括:
KaZaA,KaZaALite,eDonkey2000,Gnucleus,Limewire,Morpheus,grokster,ICQ.
发作条件:
系统修改:
1,拷贝自己到%System%,文件名为:
analysis_mzn6.pif
animation-simpsons.scr
Cards_love.pif
counsels.pif
documents.scr
friends.pif
hoax-list.com
IEXPLORER_STACK.pif
Ivalue-much.pif
jokess.scr
Lorena.exe
love-forever.pif
my_best_friend.pif
NSPCLEAN.exe
OsamaBinLadenJokes.scr
Photookosmike.scr
reality_dreams.pif
real_love.scr
sexual_steps.pif
steps.pif
2,拷贝自身到C:Mark.vxd
3,添加注册表键值:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun
"LOAD32"="%System%Lorena.exe"
从而使得病毒在每次开机时自动加载。
4,蠕虫运行时结束掉以下程序:
_AVP32.exe
_AVPCC.exe
_AVPM.exe
ADVXDWIN.exe
AGENTW.EXE
ALERTSVC.exe
ALOGSERV.exe
AMON9X.exe
ANTI-TROJAN.exe
ANTS.exe
APVXDWIN.exe
ATCON.exe
ATUPDATER.exe
ATWATCH.exe
AUTODOWN.exe
AVCONSOL.exe
AVGCC32.exe
AVGCTRL.exe
AVGSERV.exe
AVGSERV9.exe
AVGW.exe
AVKPOP.exe
AVKSERV.exe
AVKSERVICE.exe
AVKWCTL9
AVP32.exe
AVPCC.exe
AVPM.exe
AVPM.EXE
AVSCHED32.exe
AVSYNMGR.exe
PAV.EXE
AVWINNT.EXE
AVXMONITOR9X.exe
AVXMONITORNT.exe
AVXQUAR.exe
AVXQUAR.EXE
AVXW.exe
BLACKD.exe
BLACKICE.exe
CCAPP.EXE
CCEVTMGR.EXE
CCPXYSVC.EXE
ETRUSTCIPE.EXE
EVPN.EXE
EXPERT.exe
F-AGNT95.exe
FAMEH32.exe
F-PROT.exe
F-PROT95.exe
FP-WIN.exe
FRWERV.exe
IOMON98.exe
NAVAUTO-PROTECT.exe
NAVAP.EXE
NAVAPSVC.EXE
Navapw32.exe
NAVENG
NAVEXEXE
NAVLU32.EXE
NAVW32.EXE
NAVWNT.EXE
NDD32.EXE
NPSSVC.EXE
NSCHED32.EXE
PCCIOMON.EXE
PCCNTMON.EXE
PCCWIN97.EXE
PCCWIN98.EXE
PCSCAN.EXE
PERSFW.EXE
PERSWF.EXE
POP3TRAP.EXE
RAV7.EXE
VPC32.EXE
VPTRAY.EXE
VSCHED.EXE
AVCONSOL.EXE
VSECOMR.EXE
VSHWIN32.EXE
VSMAIN.EXE
VSMON.EXE
VSSTAT.EXE
ZONEALARM.EXE
ICLOAD95.EXE
ICMON.EXE
ICSUPP95.EXE
ICLOADNT.EXE
ICSUPPNT.EXE
IFACE.EXE
Regedit.EXE
Regedit.com
msconfig.EXE
sfc.EXE
sysedit.EXE
regedt32.EXE
NSPCLEAN.exe
taskmgr.exe
5,拷贝自身到下列文件夹:
C:ProgramFilesKaZaAMysharedFolder
C:ProgramFilesKaZaALitemysharedfolders
C:ProgramFiles\edonkey2000incoming
C:ProgramFilesGnucleusdownloads
C:ProgramFilesICQsharedfiles
C:ProgramFilesLimewireshared
C:ProgramFilesMorpheusmysharedfolder
C:ProgramFilesGroksterMyGrokster
文件名为:
Ad-aware.exe
AOLInstantMessenger(AIM).exe
AvrilLavigneFuckedBitch.exe
BiromsoftWebCam.exe
CopernicAgent.exe
Delphi6Serial.exe
DietKaza.exe
DirectDVD.exe
DownloadAcceleratorPlus.exe
GlobalDiVXPlayer.exe
Grokster.exe
ICQLite.exe
ICQPro2003abeta.exe
iMesh.exe
KasperskyAntivirusCrack.exe
Kazaa2.05beta.exe
KazaaDownloadAccelerator.exe
KazaaMediaDesktop.exe
McafeeSerial.exe
MicrosoftInternetExplorer.exe
MicrosoftOfficeXPSerial.exe
MicrosoftWindows2003Serial.txt.exe
MicrosoftWindowsMediaPlayer.exe
Morpheus.exe
MsnHack.exe
NeroBurningROM.exe
NetworkCableeADSLSpeed.exe
NOD32AntivirusCrack.exe
NortonAntivirusCrack.exe
Office2003Serial.exe
PerAntivirusCrack.exe
Pop-UpStopper.exe
QuickTime.exe
RegistryMechanic.exe
ShakiraSucks.jpg.exe
SnagIt.exe
SofíaVergaraSexyBikini.exe
Spybot-Search&Destroy.exe
StarCraftNoCDCrack.exe
Trillian.exe
VisualStudioNetSerial.exe
Winamp.exe
WinMX.exe
WinZip.exe
WS_FTPLE(32-bit).exe
XoloXUltra.exe
ZoneAlarmFullVersion.exe
6,现被感染机器的msn好友名单发送垃圾邮件,邮件的附件为蠕虫本身,这些邮件的特征为:
发件人:antivirus@nod32.com|
主题:AlertaporVirusW32/Mapson
内容:
EnlosúltimosdíassehaidodetectandounnuevovirusllamadoMapson,yasehandetectadovariosinfectadosdeestegusano,siustedseencuentrainfectadopodráremoverestegusanoconestaherramientagratuitaquelehemosenviado,unavacunaquehemosdise?adoespecialmenteparausuariosdehotmail,siustedestadeacuerdohagacliceneladjuntoparaempezarelscaneoyeliminarestedespreciablegusanodesumaquina.Gracias.
附件:NSPCLEAN.exe
主题:Re:Reenviamelodenuevo
内容:Sitegustoreenviamelo.
附件:bromas.scr
主题:Re:Quitancuentasdehotmail.
内容:
Alparecerhotmailyaestamuysaturadodeusuariosyamenazanconquitarcuentas,perosepuedeevitarsiguiendounospasos,léelosynotendrásproblemas,chau
附件:pasos.pif
发作现象:
在C:会发现Mark.vxd这个文件,而且好友会收到大量垃圾邮件,同时中毒者机器速度会变慢并向外界大量发送数据包。另外,假如中毒者安装了病毒防火墙,将会出现防火墙变灰或者莫名其妙退出的情况。
非凡说明:
