病毒名称(中文):
雷暴变种B
病毒别名:
Worm.P2P.Lemb.b[AVP],W32/Lemb.worm!p2p[McAfee],W
威胁级别:
★★★☆☆
病毒类型:
蠕虫病毒
病毒长度:
16896
影响系统:
Win9xWinNTWin2000WinXPWin2003
病毒行为:
编写工具:
传染条件:网络共享
发作条件:用户误运行
系统修改:
1复制病毒自身到
WINDOWS
un32.exe
WINDOWSWinstart.bat
WINDOWSsystem32askmgr.exe
WINDOWSsystem32
egedit.exe
该病毒没有判定操作系统,强制拷贝到上述目录,有可能会失败
2.将病毒以下列名字
Rosy.exe
Pipponoto.exe
Anastacia-LeftOutsideAlone.mp3.exe
TheRasmus-InTheShadows.mp3.exe
50Cent-IndaClub.mp3.exe
VanessaCarltron-OrdinaryDay.mp3.exe
Haiducii-DragosteaDinTei.mp3.exe
BlackEyedPeas-HeyMama.mp3.exe
Raf-Intuttiimieigiorni.mp3.exe
VascoRossi-Buoniecattivi.mp3.exe
LionelRichie-JustForYou.mp3.exe
复制到下列路径:
progra~1WinMXShared
progra~1TeslaFiles
progra~1LimeWireShared
progra~1MorpheusMySharedFolder
progra~1eMuleIncoming
progra~1eDonkey2000Incoming
progra~1BearshareShared
progra~1GroksterMyGrokster
progra~1ICQSharedFolder
progra~1KazaaLiteK++MySharedFolder
progra~1KazaaLiteMySharedFolder
progra~1KazaaMySharedFolder
3.在文件WINDOWSBlem.txt中写入下列内容:
P2PBlem-CodedbySarosoft
GedzacLabsGroup2004-http://www.gedzac.tk
DedicatedtomyLoveRosy
Saro&RosyForever
RosyTiAmo
发作现象:病毒运行后会打开网站http://www.gedzac.tk
非凡说明:
该病毒是利用
WinMX,Tesla,LimeWire,Morpheus,eMule,eDonkey2000,Bearshare,Grokster,ICQ,KazaaLiteK++,KazaaLite,Kazaa
的共享网络来传播,诱骗用户下载并运行该病毒
