Worm.P2P.Surnova.d

王朝other·作者佚名  2008-08-14
窄屏简体版  字體: |||超大  

病毒名称(中文):

病毒别名:

威胁级别:

★★☆☆☆

病毒类型:

蠕虫病毒

病毒长度:

49152

影响系统:

Win9xWinNT

病毒行为:

该蠕虫通过KaZaA网络及MSN即时聊天工具进行传播。

1.感染此蠕虫后,它首先会将自身以如下名字之一拷贝至Windows文件夹下:

Alles-ist-vorbei.exe

Desktop-shooting.exe

Hello-Kitty.exe

BigMac.exe

Cheese-Burger.exe

Blaargh.exe

2.在注册表的主键:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

中添加如下键值:

"Supernova"="%system%\<随机字符>.exe"

使得自己随Windows的启动而启动。

3.若病毒第一次运行,它会弹出假的报错对话框:

"Applicationattemptedtoreadmemoryat0xFFFFFFFFhTerminatingapplication"

4.病毒通过设置如下注册表键使得病毒能借助KaZaA网络上的共享文件夹传播:

HKEY_LOCAL_MACHINE\Software\KaZaA\LocalContent

假如该键值未找到,病毒就会在C:\Windows\Media文件夹下创建如下名称的共七十个病毒副本:

WindowsXPkeygenerator.exe

WindowsXPserialgenerator.exe

KeygeneratorforallwindowsXPversions.exe

Warcraft3ONLINEkeygenerator.exe

Half-lifeONLINEkeygenerator.exe

Quake4BETA.exe

Grandtheftauto3CD1crack.exe

GTA3crack.exe

Battle.netkeygenerator(WORKS!!).exe

Warcraft3battle.netserialgenerator.exe

Half-lifeWONkeygenerator.exe

Starwarsepisode2downloader.exe

Winzip8.0+serial.exe

Winrar+crack.exe

Britneyspearsnude.exe

MacromediaMXkeygenerator(allproducts).exe

KaZaAmediadesktopv2.0UNOFFICIAL.exe

Microsoftkeygenerator,worksforALLmicrosoftproducts!!.exe

MicrosoftWindowsXPcrackpack.exe

Hackintoanycomputer!!.exe

DivXcodecv6.0.exe

DivXnewestversion.exe

DivX.exe

DivXprokeygenerator.exe

Keygeneratorforover1,000applications(really!).exe

DivXpatch-Increasesquality.exe

KaZaAspywareremover.exe

Ageofempires2crack.exe

Nortonantivirus2002.exe

MacromediaDreamweaverMXKeyGenerator.exe

MacromediaFlashMXKeyGenerator.exe

Neverwinternightscrack.exe

MicrosoftOfficeXP(english)keygenerator.exe

MicrosoftOfficeXP.iso.exe

CloneCD+crack.exe

CloneCDall-versionskeygenerator.exe

XBOXemulator(WORKS!!).exeGamecubeEmulator(WORKS!!).exeXbox.info.exeGrandPrix4crack.exe

Nokiasimlockremover(includesnewmodels).exe

Nortonantivirus2002.exe

MacromediaDreamweaverMXKeyGenerator.exe

MacromediaFlashMXKeyGenerator.exe

Neverwinternightscrack.exe

MicrosoftOfficeXP(english)keygenerator.exe

MicrosoftOfficeXP.iso.exe

CloneCD+crack.exe

CloneCDall-versionskeygenerator.exe

XBOXemulator(WORKS!!).exe

GamecubeEmulator(WORKS!!).exe

Xbox.info.exe

GrandPrix4crack.exe

Nokiasimlockremover(includesnewmodels).exe

Britneyspearshardporn(REAL!).exe

ChristinaAguilerafuck(REAL!).exe

Kiddychildincestporn.exe

Doom3preview!!.exe

Crazytaxicrack.exe

Copyprotectionremover.exe

Sex.exe

JediKnight2crack.exe

Warcraft3trainer.exe

Cablemodemuncapper.exe

Grandtheftauto3trainer.exe

KaZaAhack.exe

KaZaAlite.exe

DragonballZ.exe

DragonballZCOMPLETEepisodeguide.exe

DragonballZshootout.exe

DragonballZepisode1.exe

J-LONude(REAL!!).exe

Doom3screenshots.exe

ResidentEvil[DivX].exe

Shrek.exe

Starcraft2preview!.exe

Starcraftbattle.netkeygenerator.exe

StarcraftONLINEcrack.exe

5.病毒同时还会尝试将自身发送给受感染用户的MSN好友,可能以如下形式出现:

Hehe,checkthisout:-)

Funny,checkitout(h)

LOL!!Seethis:D

LOL!!Checkthisout:)

Hehe,thisisfun:-)

6.病毒还会在Windows文件夹中新建一个文本文件,文件名是由随机生成的数字组成,内容如下:

W32.Supernova-Banreligion

-------------------------------------------------------

Religion=War

Religion=Basedonfairytales

Warsbasedonfairytales?

Banreligion,welcometothetruth

-------------------------------------------------------

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
 
 
© 2005- 王朝網路 版權所有 導航