Worm.Mapson.c

王朝other·作者佚名  2008-08-14
窄屏简体版  字體: |||超大  

病毒名称(中文):

病毒别名:

威胁级别:

★☆☆☆☆

病毒类型:

蠕虫病毒

病毒长度:

180224

影响系统:

Win9xWinNTWin2000

病毒行为:

编写工具:

Delphi编写upx压缩

传染条件:

这是一个蠕虫,利用邮件和各种聊天工具在网络上传播,这些聊天工具包括:

KaZaA,KaZaALite,eDonkey2000,Gnucleus,Limewire,Morpheus,grokster,ICQ.

发作条件:

系统修改:

1,拷贝自己到%System%,文件名为:

analysis_mzn6.pif

animation-simpsons.scr

Cards_love.pif

counsels.pif

documents.scr

friends.pif

hoax-list.com

IEXPLORER_STACK.pif

Ivalue-much.pif

jokess.scr

Lorena.exe

love-forever.pif

my_best_friend.pif

NSPCLEAN.exe

OsamaBinLadenJokes.scr

Photookosmike.scr

reality_dreams.pif

real_love.scr

sexual_steps.pif

steps.pif

2,拷贝自身到C:Mark.vxd

3,添加注册表键值:

HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun

"LOAD32"="%System%Lorena.exe"

从而使得病毒在每次开机时自动加载。

4,蠕虫运行时结束掉以下程序:

_AVP32.exe

_AVPCC.exe

_AVPM.exe

ADVXDWIN.exe

AGENTW.EXE

ALERTSVC.exe

ALOGSERV.exe

AMON9X.exe

ANTI-TROJAN.exe

ANTS.exe

APVXDWIN.exe

ATCON.exe

ATUPDATER.exe

ATWATCH.exe

AUTODOWN.exe

AVCONSOL.exe

AVGCC32.exe

AVGCTRL.exe

AVGSERV.exe

AVGSERV9.exe

AVGW.exe

AVKPOP.exe

AVKSERV.exe

AVKSERVICE.exe

AVKWCTL9

AVP32.exe

AVPCC.exe

AVPM.exe

AVPM.EXE

AVSCHED32.exe

AVSYNMGR.exe

PAV.EXE

AVWINNT.EXE

AVXMONITOR9X.exe

AVXMONITORNT.exe

AVXQUAR.exe

AVXQUAR.EXE

AVXW.exe

BLACKD.exe

BLACKICE.exe

CCAPP.EXE

CCEVTMGR.EXE

CCPXYSVC.EXE

ETRUSTCIPE.EXE

EVPN.EXE

EXPERT.exe

F-AGNT95.exe

FAMEH32.exe

F-PROT.exe

F-PROT95.exe

FP-WIN.exe

FRWERV.exe

IOMON98.exe

NAVAUTO-PROTECT.exe

NAVAP.EXE

NAVAPSVC.EXE

Navapw32.exe

NAVENG

NAVEXEXE

NAVLU32.EXE

NAVW32.EXE

NAVWNT.EXE

NDD32.EXE

NPSSVC.EXE

NSCHED32.EXE

PCCIOMON.EXE

PCCNTMON.EXE

PCCWIN97.EXE

PCCWIN98.EXE

PCSCAN.EXE

PERSFW.EXE

PERSWF.EXE

POP3TRAP.EXE

RAV7.EXE

VPC32.EXE

VPTRAY.EXE

VSCHED.EXE

AVCONSOL.EXE

VSECOMR.EXE

VSHWIN32.EXE

VSMAIN.EXE

VSMON.EXE

VSSTAT.EXE

ZONEALARM.EXE

ICLOAD95.EXE

ICMON.EXE

ICSUPP95.EXE

ICLOADNT.EXE

ICSUPPNT.EXE

IFACE.EXE

Regedit.EXE

Regedit.com

msconfig.EXE

sfc.EXE

sysedit.EXE

regedt32.EXE

NSPCLEAN.exe

taskmgr.exe

5,拷贝自身到下列文件夹:

C:ProgramFilesKaZaAMysharedFolder

C:ProgramFilesKaZaALitemysharedfolders

C:ProgramFiles\edonkey2000incoming

C:ProgramFilesGnucleusdownloads

C:ProgramFilesICQsharedfiles

C:ProgramFilesLimewireshared

C:ProgramFilesMorpheusmysharedfolder

C:ProgramFilesGroksterMyGrokster

文件名为:

Ad-aware.exe

AOLInstantMessenger(AIM).exe

AvrilLavigneFuckedBitch.exe

BiromsoftWebCam.exe

CopernicAgent.exe

Delphi6Serial.exe

DietKaza.exe

DirectDVD.exe

DownloadAcceleratorPlus.exe

GlobalDiVXPlayer.exe

Grokster.exe

ICQLite.exe

ICQPro2003abeta.exe

iMesh.exe

KasperskyAntivirusCrack.exe

Kazaa2.05beta.exe

KazaaDownloadAccelerator.exe

KazaaMediaDesktop.exe

McafeeSerial.exe

MicrosoftInternetExplorer.exe

MicrosoftOfficeXPSerial.exe

MicrosoftWindows2003Serial.txt.exe

MicrosoftWindowsMediaPlayer.exe

Morpheus.exe

MsnHack.exe

NeroBurningROM.exe

NetworkCableeADSLSpeed.exe

NOD32AntivirusCrack.exe

NortonAntivirusCrack.exe

Office2003Serial.exe

PerAntivirusCrack.exe

Pop-UpStopper.exe

QuickTime.exe

RegistryMechanic.exe

ShakiraSucks.jpg.exe

SnagIt.exe

SofíaVergaraSexyBikini.exe

Spybot-Search&Destroy.exe

StarCraftNoCDCrack.exe

Trillian.exe

VisualStudioNetSerial.exe

Winamp.exe

WinMX.exe

WinZip.exe

WS_FTPLE(32-bit).exe

XoloXUltra.exe

ZoneAlarmFullVersion.exe

6,现被感染机器的msn好友名单发送垃圾邮件,邮件的附件为蠕虫本身,这些邮件的特征为:

发件人:antivirus@nod32.com|

主题:AlertaporVirusW32/Mapson

内容:

EnlosúltimosdíassehaidodetectandounnuevovirusllamadoMapson,yasehandetectadovariosinfectadosdeestegusano,siustedseencuentrainfectadopodráremoverestegusanoconestaherramientagratuitaquelehemosenviado,unavacunaquehemosdise?adoespecialmenteparausuariosdehotmail,siustedestadeacuerdohagacliceneladjuntoparaempezarelscaneoyeliminarestedespreciablegusanodesumaquina.Gracias.

附件:NSPCLEAN.exe

主题:Re:Reenviamelodenuevo

内容:Sitegustoreenviamelo.

附件:bromas.scr

主题:Re:Quitancuentasdehotmail.

内容:

Alparecerhotmailyaestamuysaturadodeusuariosyamenazanconquitarcuentas,perosepuedeevitarsiguiendounospasos,léelosynotendrásproblemas,chau

附件:pasos.pif

发作现象:

在C:会发现Mark.vxd这个文件,而且好友会收到大量垃圾邮件,同时中毒者机器速度会变慢并向外界大量发送数据包。另外,假如中毒者安装了病毒防火墙,将会出现防火墙变灰或者莫名其妙退出的情况。

非凡说明:

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
 
 
© 2005- 王朝網路 版權所有 導航