分享
 
 
 

Worm.Saros.a

王朝other·作者佚名  2008-08-14
窄屏简体版  字體: |||超大  

病毒名称(中文):

萨露丝

病毒别名:

I-Worm.Saros.a[AVP]

威胁级别:

★★☆☆☆

病毒类型:

蠕虫病毒

病毒长度:

60014

影响系统:

Win9xWinNTWin2000WinXPWin2003

病毒行为:

编写工具:

传染条件:

Email

发作条件:

系统修改:

1.复制自身到以下文件:

WINDOWSsystem32NonYou.exe

WINDOWSsystem32Love-ScreenSaver.scr

WINDOWSsystem32MSOutlookInternetUpdate.exe

progra~1KazaaMySharedFolderRosy.exe

progra~1KazaaMySharedFolderPipponoto.exe

progra~1KazaaMySharedFolderAnastacia-LeftOutsideAlone.mp3.exe

progra~1KazaaMySharedFolderTheRasmus-InTheShadows.mp3.exe

progra~1KazaaMySharedFolder50Cent-IndaClub.mp3.exe

progra~1KazaaMySharedFolderVanessaCarltron-OrdinaryDay.mp3.exe

progra~1KazaaMySharedFolderHaiducii-DragosteaDinTei.mp3.exe

progra~1KazaaMySharedFolderBlackEyedPeas-HeyMama.mp3.exe

progra~1KazaaMySharedFolderRaf-Intuttiimieigiorni.mp3.exe

progra~1KazaaMySharedFolderVascoRossi-Buoniecattivi.mp3.exe

progra~1KazaaMySharedFolderLionelRichie-JustForYou.mp3.exe

progra~1KazaaLiteMySharedFolderRosy.exe

progra~1KazaaLiteMySharedFolderPipponoto.exe

progra~1KazaaLiteMySharedFolderAnastacia-LeftOutsideAlone.mp3.exe

progra~1KazaaLiteMySharedFolderTheRasmus-InTheShadows.mp3.exe

progra~1KazaaLiteMySharedFolder50Cent-IndaClub.mp3.exe

progra~1KazaaLiteMySharedFolderVanessaCarltron-OrdinaryDay.mp3.exe

progra~1KazaaLiteMySharedFolderHaiducii-DragosteaDinTei.mp3.exe

progra~1KazaaLiteMySharedFolderBlackEyedPeas-HeyMama.mp3.exe

progra~1KazaaLiteMySharedFolderRaf-Intuttiimieigiorni.mp3.exe

progra~1KazaaLiteMySharedFolderVascoRossi-Buoniecattivi.mp3.exe

progra~1KazaaLiteMySharedFolderLionelRichie-JustForYou.mp3.exe

progra~1KazaaLiteK++MySharedFolderRosy.exe

progra~1KazaaLiteK++MySharedFolderPipponoto.exe

progra~1KazaaLiteK++MySharedFolderAnastacia-LeftOutsideAlone.mp3.exe

progra~1KazaaLiteK++MySharedFolderTheRasmus-InTheShadows.mp3.exe

progra~1KazaaLiteK++MySharedFolder50Cent-IndaClub.mp3.exe

progra~1KazaaLiteK++MySharedFolderVanessaCarltron-OrdinaryDay.mp3.exe

progra~1KazaaLiteK++MySharedFolderHaiducii-DragosteaDinTei.mp3.exe

progra~1KazaaLiteK++MySharedFolderHaiducii-Dragosteadintei.mp3.exe

progra~1KazaaLiteK++MySharedFolderRaf-Intuttiimieigiorni.mp3.exe

progra~1KazaaLiteK++MySharedFolderVascoRossi-Buoniecattivi.mp3.exe

progra~1KazaaLiteK++MySharedFolderLionelRichie-JustForYou.mp3.exe

progra~1ICQSharedFolderRosy.exe

progra~1ICQSharedFolderPipponoto.exe

progra~1ICQSharedFolderAnastacia-LeftOutsideAlone.mp3.exe

progra~1ICQSharedFolderTheRasmus-InTheShadows.mp3.exe

progra~1ICQSharedFolder50Cent-IndaClub.mp3.exe

progra~1ICQSharedFolderVanessaCarltron-OrdinaryDay.mp3.exe

progra~1ICQSharedFolderHaiducii-DragosteaDinTei.mp3.exe

progra~1ICQSharedFolderBlackEyedPeas-HeyMama.mp3.exe

progra~1ICQSharedFolderRaf-Intuttiimieigiorni.mp3.exe

progra~1ICQSharedFolderVascoRossi-Buoniecattivi.mp3.exe

progra~1ICQSharedFolderLionelRichie-JustForYou.mp3.exe

progra~1GroksterMyGroksterRosy.exe

progra~1GroksterMyGroksterPipponoto.exe

progra~1GroksterMyGroksterAnastacia-LeftOutsideAlone.mp3.exe

progra~1GroksterMyGroksterTheRasmus-InTheShadows.mp3.exe

progra~1GroksterMyGrokster50Cent-IndaClub.mp3.exe

progra~1GroksterMyGroksterVanessaCarltron-OrdinaryDay.mp3.exe

progra~1GroksterMyGroksterHaiducii-DragosteaDinTei.mp3.exe

progra~1GroksterMyGroksterBlackEyedPeas-HeyMama.mp3.exe

progra~1GroksterMyGroksterRaf-Intuttiimieigiorni.mp3.exe

progra~1GroksterMyGroksterVascoRossi-Buoniecattivi.mp3.exe

progra~1GroksterMyGroksterLionelRichie-JustForYou.mp3.exe

progra~1BearshareSharedRosy.exe

progra~1BearshareSharedPipponoto.exe

progra~1BearshareSharedAnastacia-LeftOutsideAlone.mp3.exe

progra~1BearshareSharedTheRasmus-InTheShadows.mp3.exe

progra~1BearshareShared50Cent-IndaClub.mp3.exe

progra~1BearshareSharedVanessaCarltron-OrdinaryDay.mp3.exe

progra~1BearshareSharedHaiducii-DragosteaDinTei.mp3.exe

progra~1BearshareSharedBlackEyedPeas-HeyMama.mp3.exe

progra~1BearshareSharedRaf-Intuttiimieigiorni.mp3.exe

progra~1BearshareSharedVascoRossi-Buoniecattivi.mp3.exe

progra~1BearshareSharedLionelRichie-JustForYou.mp3.exe

progra~1eDonkey2000IncomingRosy.exe

progra~1eDonkey2000IncomingPipponoto.exe

progra~1eDonkey2000IncomingAnastacia-LeftOutsideAlone.mp3.exe

progra~1eDonkey2000IncomingTheRasmus-InTheShadows.mp3.exe

progra~1eDonkey2000Incoming50Cent-IndaClub.mp3.exe

progra~1eDonkey2000IncomingVanessaCarltron-OrdinaryDay.mp3.exe

progra~1eDonkey2000IncomingHaiducii-DragosteaDinTei.mp3.exe

progra~1eDonkey2000IncomingBlackEyedPeas-HeyMama.mp3.exe

progra~1eDonkey2000IncomingRaf-Intuttiimieigiorni.mp3.exe

progra~1eDonkey2000IncomingVascoRossi-Buoniecattivi.mp3.exe

progra~1eDonkey2000IncomingLionelRichie-JustForYou.mp3.exe

progra~1eMuleIncomingRosy.exe

progra~1eMuleIncomingPipponoto.exe

progra~1eMuleIncomingAnastacia-LeftOutsideAlone.mp3.exe

progra~1eMuleIncomingTheRasmus-InTheShadows.mp3.exe

progra~1eMuleIncoming50Cent-IndaClub.mp3.exe

progra~1eMuleIncomingVanessaCarltron-OrdinaryDay.mp3.exe

progra~1eMuleIncomingHaiducii-DragosteaDinTei.mp3.exe

progra~1eMuleIncomingBlackEyedPeas-HeyMama.mp3.exe

progra~1eMuleIncomingRaf-Intuttiimieigiorni.mp3.exe

progra~1eMuleIncomingVascoRossi-Buoniecattivi.mp3.exe

progra~1eMuleIncomingLionelRichie-JustForYou.mp3.exe

progra~1MorpheusMySharedFolderRosy.exe

progra~1MorpheusMySharedFolderPipponoto.exe

progra~1MorpheusMySharedFolderAnastacia-LeftOutsideAlone.mp3.exe

progra~1MorpheusMySharedFolderTheRasmus-InTheShadows.mp3.exe

progra~1MorpheusMySharedFolder50Cent-IndaClub.mp3.exe

progra~1MorpheusMySharedFolderVanessaCarltron-OrdinaryDay.mp3.exe

progra~1MorpheusMySharedFolderHaiducii-DragosteaDinTei.mp3.exe

progra~1MorpheusMySharedFolderBlackEyedPeas-HeyMama.mp3.exe

progra~1MorpheusMySharedFolderRaf-Intuttiimieigiorni.mp3.exe

progra~1MorpheusMySharedFolderVascoRossi-Buoniecattivi.mp3.exe

progra~1MorpheusMySharedFolderLionelRichie-JustForYou.mp3.exe

progra~1LimeWireSharedRosy.exe

progra~1LimeWireSharedPipponoto.exe

progra~1LimeWireSharedAnastacia-LeftOutsideAlone.mp3.exe

progra~1LimeWireSharedTheRasmus-InTheShadows.mp3.exe

progra~1LimeWireShared50Cent-IndaClub.mp3.exe

progra~1LimeWireSharedVanessaCarltron-OrdinaryDay.mp3.exe

progra~1LimeWireSharedHaiducii-DragosteaDinTei.mp3.exe

progra~1LimeWireSharedBlackEyedPeas-HeyMama.mp3.exe

progra~1LimeWireSharedRaf-Intuttiimieigiorni.mp3.exe

progra~1LimeWireSharedVascoRossi-Buoniecattivi.mp3.exe

progra~1LimeWireSharedLionelRichie-JustForYou.mp3.exe

progra~1TeslaFilesRosy.exe

progra~1TeslaFilesPipponoto.exe

progra~1TeslaFilesAnastacia-LeftOutsideAlone.mp3.exe

progra~1TeslaFilesTheRasmus-InTheShadows.mp3.exe

progra~1TeslaFiles50Cent-IndaClub.mp3.exe

progra~1TeslaFilesVanessaCarltron-OrdinaryDay.mp3.exe

progra~1TeslaFilesHaiducii-DragosteaDinTei.mp3.exe

progra~1TeslaFilesBlackEyedPeas-HeyMama.mp3.exe

progra~1TeslaFilesRaf-Intuttiimieigiorni.mp3.exe

progra~1TeslaFilesVascoRossi-Buoniecattivi.mp3.exe

progra~1TeslaFilesLionelRichie-JustForYou.mp3.exe

progra~1WinMXSharedRosy.exe

progra~1WinMXSharedPipponoto.exe

progra~1WinMXSharedAnastacia-LeftOutsideAlone.mp3.exe

progra~1WinMXSharedTheRasmus-InTheShadows.mp3.exe

progra~1WinMXShared50Cent-IndaClub.mp3.exe

progra~1WinMXSharedVanessaCarltron-OrdinaryDay.mp3.exe

progra~1WinMXSharedHaiducii-DragosteaDinTei.mp3.exe

progra~1WinMXSharedBlackEyedPeas-HeyMama.mp3.exe

progra~1WinMXSharedRaf-Intuttiimieigiorni.mp3.exe

progra~1WinMXSharedVascoRossi-Buoniecattivi.mp3.exe

progra~1WinMXSharedLionelRichie-JustForYou.mp3.exe

2..建立WINDOWSsystem32About.hta文件

3..显示消息

标题:MicrosoftWindowsUpdate

内容:ClickYesForUpdateMicrosoftOutlookviaE-mail

4.建立WINDOWSsystem32

stdnrdll32.vbs文件

该VBS文件作如下工作:

a.在注册表主键"HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun

ldr32"下,

添加如下键值:"default"="WINDOWSsystem32NonYou.exe"

b.在注册表主键"HKEY_CURRENT_USERSoftwareMicrosoftOffice8.0OutlookSecurity"下,

添加如下键值:"Level1Remove"="exe"

c.在注册表主键"HKEY_CURRENT_USERSoftwareMicrosoftOffice9.0OutlookSecurity"下,

添加如下键值:"Level1Remove"="exe"

d.在注册表主键"HKEY_CURRENT_USERSoftwareMicrosoftOffice10.0OutlookSecurity"下,

添加如下键值:"Level1Remove"="exe"

e.在注册表主键"HKLMSOFTWAREMicrosoftWindowsCurrentVersionRunoncewincomp32"下,

添加如下键值:"default"="WINDOWSsystem32

stdnrdll32.vbs"

f.建立文件WINDOWSsystem32Love-ScreenSaver.cab,它包含蠕虫本身

g.假如当前日期是11号或23号,则把IE的默认页改为:www.gedzac.tk

并用浏览器打开WINDOWSsystem32About.hta

h.根据outlook地址簿Email地址发送带毒邮件

该邮件主题为:MicrosoftOutlookNews

内容:MicrosoftOutlookUpdate/BugFixed-Contact:support@microsoft.com

附件:MSOutlookInternetUpdate.exe(该附件为病毒本身)

i.打开www.windowsupdate.com

5.在ProgramFilesmIRCmirc.ini文件中的rfiles节中增加

n2=tdll32.dll

6.通过mIrc发送Love-ScreenSaver.cab(病毒)给其它mIrc用户

发作现象:

检查当前日期是否为11号或23号

假如是则显示如下两条消息:

标题:NonYou

内容:RosyTiAmo-Saro&RosyForever

标题:GedzacGroup2004

内容:

NonYou.aGedzacLabsProductions

CodedbySarosoft-DedicatedtomyLoveRos

GedzacGroup2004-http://www.gedzac.tk

Gedzac

TheVirusCrew

非凡说明:

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
2023年上半年GDP全球前十五强
 百态   2023-10-24
美众议院议长启动对拜登的弹劾调查
 百态   2023-09-13
上海、济南、武汉等多地出现不明坠落物
 探索   2023-09-06
印度或要将国名改为“巴拉特”
 百态   2023-09-06
男子为女友送行,买票不登机被捕
 百态   2023-08-20
手机地震预警功能怎么开?
 干货   2023-08-06
女子4年卖2套房花700多万做美容:不但没变美脸,面部还出现变形
 百态   2023-08-04
住户一楼被水淹 还冲来8头猪
 百态   2023-07-31
女子体内爬出大量瓜子状活虫
 百态   2023-07-25
地球连续35年收到神秘规律性信号,网友:不要回答!
 探索   2023-07-21
全球镓价格本周大涨27%
 探索   2023-07-09
钱都流向了那些不缺钱的人,苦都留给了能吃苦的人
 探索   2023-07-02
倩女手游刀客魅者强控制(强混乱强眩晕强睡眠)和对应控制抗性的关系
 百态   2020-08-20
美国5月9日最新疫情:美国确诊人数突破131万
 百态   2020-05-09
荷兰政府宣布将集体辞职
 干货   2020-04-30
倩女幽魂手游师徒任务情义春秋猜成语答案逍遥观:鹏程万里
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案神机营:射石饮羽
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案昆仑山:拔刀相助
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案天工阁:鬼斧神工
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案丝路古道:单枪匹马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:与虎谋皮
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:李代桃僵
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:指鹿为马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:小鸟依人
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:千金买邻
 干货   2019-11-12
 
推荐阅读
 
 
 
>>返回首頁<<
 
靜靜地坐在廢墟上,四周的荒凉一望無際,忽然覺得,淒涼也很美
© 2005- 王朝網路 版權所有