病毒名称(中文):
病毒别名:
威胁级别:
★★☆☆☆
病毒类型:
木马程序
病毒长度:
48640
影响系统:
Win9xWinNT
病毒行为:
该病毒通过KaZaAP2P网络传播,用BorlandC++编写且使用UPX压缩。它复制自身到Windows目录,同时修改注册表,使得其在Windows启动时自动运行。
1.病毒将自己复制到Windows目录下以Svchost.exe名字存在。
2.假如注册表键:HKEY_CURRENT_USER\Software\Kazaa\LocalContent存在,病毒会复制自身到KaZaA下载文件夹下,文件名如下:
Unreal3Patch.exe
UnrealTournament2003Demo.exe
UnrealTournament2003Patch.exe
UnrealTournament2003Bugfix.exe
UnrealTournament2003Crack.exe
UnrealTournament2003Cheat.exe
Unreal3Crack.exe
Unreal3Bugfix.exe
Unreal3Cheat.exe
UT2003Demo.exe
UT2003Patch.exe
UT2003Bugfix.exe
UTPatch.exe
FreeSex.exe
SexPoker.exe
Wc3Keygen.exe
FreePorn.exe
WetTeen.exe
PamelaAnderssonSex.exe
X-Files.exe
Serials.exe
Teens.exe
NaughtyPictures.exe
WinZip.exe
AOLHacker.exe
AOLCracker.exe
HotmailHacker.exe
HotmailCracker.exe
Hacker.exe
Spiderman.exe
Lolitas.exe
DCHacker.exe
DCCracker.exe
DCCheater.exe
DC++Cracker.exe
DC++Cheater.exe
DC++Hacker.exe
DC++Faker.exe
DC++Fakeshare.exe
ICQHacker.exe
ICQCracker.exe
ICQNuker.exe
Nuker.exe
WinNuke.exe
Backdoor.exe
Trojan.exe
ADRemover.exe
JetLi.avi.exe
DivX5Codecs.exe
SVCDCodecs.exe
DivxPlayer.exe
ICMPNuke.exe
WinZipcrack.exe
NakedGirls.exe
KaZaA.exe
Optimizeyourbandwidth.exe
Getright.exe
Serialz.exe
ScreenSaver.exe
Crack.exe
JenniferLopezSex.exe
Warcraft3Patch.exe
Warcraft3Bugfix.exe
Warcraft3Cheat.exe
Warcraft3Serial.exe
Counter-StrikeKeygen.exe
Counter-StrikePatch.exe
Counter-StrikeCheats.exe
GetrightKeygen.exe
Warcraft3Keygen.exe
然后,病毒将注册表键值:
HKEY_CURRENT_USER\Software\Kazaa\LocalContent\DisableSharing
设置为0,使得下载目录被共享。
3.在12月1日,病毒更改title栏前台窗口显示的信息为:
"LuckyYou[Mooze]IsNotInBadMoodTodayCozIt"sSoonChristmas".
(原本为:"[Mooze]By[Mooze/SpawnedVikings]")