病毒名称(中文):
狂妄猎手
病毒别名:
威胁级别:
★★☆☆☆
病毒类型:
蠕虫病毒
病毒长度:
79360
影响系统:
Win9xWinNT
病毒行为:
这是一个通过邮件和mIRC传播的蠕虫,他会破坏用户计算机的保护措施,关闭防火墙,常见杀毒软件等,禁用注册表编辑器,禁用开始菜单中的运行,隐藏硬盘分区,禁止用户进入Windows2000的MS-DOS方式,禁止显示"远程治理",通过mIRC病毒达到控制用户机器和传播的目的。
1.生成文件:
C:\LARISSA.html
C:\WINDOWS\WSocket32.vbs
C:\WINDOWS\SPOOL_SV32.vbs
C:\ProgramFiles\MIRC\script.ini
C:\WINDOWS\LARISSA.exe
C:\WINDOWS\SMSS_32.exe
2.会通过通过Outlook发送邮件。
3.邮件的
Subject:Re:LOVELETTER
Body:vbcrlf&"ILOVEYOUTOO!"
附件名LOVELETTER.exe
4.结束以下进程:
"ATUPDATER.EXE"
"AUPDATE.EXE"
"AUTODOWN.EXE"
"AUTOUPDATE.EXE"
"Avconsol.exe"
"AVENGINE.EXE"
"AVXQUAR.EXE"
"bawindo.exe"
"ccEvtMgr.exe"
"ccProxy.exe"
"ccPxySvc.exe"
"DefWatch.exe"
"DRWEBUPW.EXE"
"ESCANHNT.EXE"
"LUCOMS~1.EXE"
"VsTskMgr.exe"
"UpdaterUI.exe"
"NPROTECT.EXE"
"mcvsshld.exe"
"mcvsrte.exe"
"mcvsescn.exe"
"mcagent.exe"
"mcshield.exe"
"MCUPDATE.EXE"
"FrameworkService.exe"
"PINGSCAN.EXE"
"RTVSCN95.EXE"
"W9X.EXE"
"ZAUINST.EXE"
"XPF202EN.EXE"
"SPF.EXE"
"CV.EXE"
"FSAV530STBYB.EXE"
"FSAV530WTBYB.EXE"
"IAMSERV.EXE"
"KILLPROCESSSETUP161.EXE"
"NETMON.EXE"
"PF2.EXE"
"ANTI-TROJAN.EXE"
"taskmgr.exe"
"SpySweeper.exe"
"BGTray.exe"
"ccApp.exe"
"APVXDWIN.EXE"
"ATUPDATER.EXE"
"AUPDATE.EXE"
"AUTODOWN.EXE"
"AUTOUPDATE.EXE"
"Avconsol.exe"
"AVENGINE.EXE"
"AVXQUAR.EXE"
"bawindo.exe"
"ccEvtMgr.exe"
"ccProxy.exe"
"ccPxySvc.exe"
"DefWatch.exe"
"DRWEBUPW.EXE"
"ESCANHNT.EXE"
"LUCOMS~1.EXE"
"VsTskMgr.exe"
"UpdaterUI.exe"
"NPROTECT.EXE"
"mcvsshld.exe"
"mcvsrte.exe"
"mcvsescn.exe"
"mcagent.exe"
"mcshield.exe"
"MCUPDATE.EXE"
"FrameworkService.exe"
"PINGSCAN.EXE"
"RTVSCN95.EXE"
"W9X.EXE"
"ZAUINST.EXE"
"XPF202EN.EXE"
"SPF.EXE"
"CV.EXE"
"FSAV530STBYB.EXE"
"FSAV530WTBYB.EXE"
"IAMSERV.EXE"
"KILLPROCESSSETUP161.EXE"
NETMON.EXE"
"PF2.EXE"
"ANTI-TROJAN.EXE"
"taskmgr.exe"
"SpySweeper.exe"
"BGTray.exe"
