病毒名称(中文):
病毒别名:
威胁级别:
★★☆☆☆
病毒类型:
蠕虫病毒
病毒长度:
49152
影响系统:
Win9xWinNT
病毒行为:
该蠕虫通过KaZaA网络及MSN即时聊天工具进行传播。
1.感染此蠕虫后,它首先会将自身以如下名字之一拷贝至Windows文件夹下:
Alles-ist-vorbei.exe
Desktop-shooting.exe
Hello-Kitty.exe
BigMac.exe
Cheese-Burger.exe
Blaargh.exe
2.在注册表的主键:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
中添加如下键值:
"Supernova"="%system%\<随机字符>.exe"
使得自己随Windows的启动而启动。
3.若病毒第一次运行,它会弹出假的报错对话框:
"Applicationattemptedtoreadmemoryat0xFFFFFFFFhTerminatingapplication"
4.病毒通过设置如下注册表键使得病毒能借助KaZaA网络上的共享文件夹传播:
HKEY_LOCAL_MACHINE\Software\KaZaA\LocalContent
假如该键值未找到,病毒就会在C:\Windows\Media文件夹下创建如下名称的共七十个病毒副本:
WindowsXPkeygenerator.exe
WindowsXPserialgenerator.exe
KeygeneratorforallwindowsXPversions.exe
Warcraft3ONLINEkeygenerator.exe
Half-lifeONLINEkeygenerator.exe
Quake4BETA.exe
Grandtheftauto3CD1crack.exe
GTA3crack.exe
Battle.netkeygenerator(WORKS!!).exe
Warcraft3battle.netserialgenerator.exe
Half-lifeWONkeygenerator.exe
Starwarsepisode2downloader.exe
Winzip8.0+serial.exe
Winrar+crack.exe
Britneyspearsnude.exe
MacromediaMXkeygenerator(allproducts).exe
KaZaAmediadesktopv2.0UNOFFICIAL.exe
Microsoftkeygenerator,worksforALLmicrosoftproducts!!.exe
MicrosoftWindowsXPcrackpack.exe
Hackintoanycomputer!!.exe
DivXcodecv6.0.exe
DivXnewestversion.exe
DivX.exe
DivXprokeygenerator.exe
Keygeneratorforover1,000applications(really!).exe
DivXpatch-Increasesquality.exe
KaZaAspywareremover.exe
Ageofempires2crack.exe
Nortonantivirus2002.exe
MacromediaDreamweaverMXKeyGenerator.exe
MacromediaFlashMXKeyGenerator.exe
Neverwinternightscrack.exe
MicrosoftOfficeXP(english)keygenerator.exe
MicrosoftOfficeXP.iso.exe
CloneCD+crack.exe
CloneCDall-versionskeygenerator.exe
XBOXemulator(WORKS!!).exeGamecubeEmulator(WORKS!!).exeXbox.info.exeGrandPrix4crack.exe
Nokiasimlockremover(includesnewmodels).exe
Nortonantivirus2002.exe
MacromediaDreamweaverMXKeyGenerator.exe
MacromediaFlashMXKeyGenerator.exe
Neverwinternightscrack.exe
MicrosoftOfficeXP(english)keygenerator.exe
MicrosoftOfficeXP.iso.exe
CloneCD+crack.exe
CloneCDall-versionskeygenerator.exe
XBOXemulator(WORKS!!).exe
GamecubeEmulator(WORKS!!).exe
Xbox.info.exe
GrandPrix4crack.exe
Nokiasimlockremover(includesnewmodels).exe
Britneyspearshardporn(REAL!).exe
ChristinaAguilerafuck(REAL!).exe
Kiddychildincestporn.exe
Doom3preview!!.exe
Crazytaxicrack.exe
Copyprotectionremover.exe
Sex.exe
JediKnight2crack.exe
Warcraft3trainer.exe
Cablemodemuncapper.exe
Grandtheftauto3trainer.exe
KaZaAhack.exe
KaZaAlite.exe
DragonballZ.exe
DragonballZCOMPLETEepisodeguide.exe
DragonballZshootout.exe
DragonballZepisode1.exe
J-LONude(REAL!!).exe
Doom3screenshots.exe
ResidentEvil[DivX].exe
Shrek.exe
Starcraft2preview!.exe
Starcraftbattle.netkeygenerator.exe
StarcraftONLINEcrack.exe
5.病毒同时还会尝试将自身发送给受感染用户的MSN好友,可能以如下形式出现:
Hehe,checkthisout:-)
Funny,checkitout(h)
LOL!!Seethis:D
LOL!!Checkthisout:)
Hehe,thisisfun:-)
6.病毒还会在Windows文件夹中新建一个文本文件,文件名是由随机生成的数字组成,内容如下:
W32.Supernova-Banreligion
-------------------------------------------------------
Religion=War
Religion=Basedonfairytales
Warsbasedonfairytales?
Banreligion,welcometothetruth
-------------------------------------------------------
