病毒名称(中文):
病毒别名:
威胁级别:
★★☆☆☆
病毒类型:
蠕虫病毒
病毒长度:
53248
影响系统:
Win9xWinNT
病毒行为:
这是一个蠕虫病毒,通过MSN通讯工具进行传播。并且会从网上下载一个后门病毒(Win32.Hack.RBot.78848),从而病毒散播者达到控制感染机器的目的。
1、将自身复制系统目录:
%SystemRoot%\hosts.exe
2、在注册表中
HKEY_CURRENT_USER\Software\Microsoft\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CurrentVersion\Run
添加如下键值:
"WindowsHost"="%SystemRoot%\hosts.exe"
保证每次开机时,病毒自动运行。
3、尝试从以下网站,下载一个后门(Win32.Hack.RBot.78848)
http://65.75.134.170/~wxwarez/
保存到本地
c:\Service.exe
并且运行该文件,通过该文件,病毒撒播者可以控制感染机器
4、搜索所有MSN的好友,并向他们发送以下信息之一:
Whataloser,whodoessomethinglikethis
Gettingfuckedisneverthesame,seethis!
Thisface,itlookslikeaalien
Peoplesaythisisreal,umightwannacheckthisout
Whodoessomethinglikethis..
Bleh:|Whatafilthysh*tisthis,dudecheckitout.
5、消息中会包含以下网页链接之一:
http://checkthis.ubb.cc/
http://c*******s.dd.vg/
http://c*******s.100mbitde.info/
http://c****k.100mbitde.info/
http://***.100mbitde.info/
点击该网页链接后会下载该蠕虫
6、病毒会尝试中止以下服务:
AhnlabTaskScheduler
altirisclientservice
ANTIVIR
ATRACK
avast!antivirus
avast!iavs4controlservice
AVCONSOL
AVG6Service
AVG7AlertManagerServer
AVG7UpdateService
AVPcontrolcenterservice
AVP.EXE
AVP32
AVSyncManager
AVSYNMGR
BackgroundIntelligentTransferService
BlackICE
carboncopyaccessedition
CFINET
CFINET32
configloader
DetectordeOfficeScanNT
directupdateengine
dllhost
dns
eTrustAntivirusJobServer
etrustantivirusjobserver
eTrustAntivirusRealtimeServer
etrustantivirusrealtimeserver
eTrustAntivirusRPCServer
etrustantivirusrpcserver
Eventask
FireBall
FireBaum
fix-ittaskmanager
F-PROT95
FP-WIN
fxsvc
gearsecurity
IAMAPP
ICMON
intelfiletransfer
intelpds
InternetConnectionFirewall(ICF)/InternetConnectionSharing(ICS)
internetpr0tocol
InternetFirewallProc
IOMON98
iroff
Kaspersky
KasperskyAntivirus
KasperskyAnti-Virus
kasperskyautoprotectservice
KasperskyClient
kav
KAVMoniterService
keriopersonalfirewall
KingsoftAntiVirusService
LOCKDOWN2000
LUALL
LUCOMSERVER
MastDLL
MCAFEE
McAfeeAgent
mcafeeframeworkservice
McAfee.comMcShield
McAfee.comVirusScanOnlineRealtimeEngine
mcshield
MonSvcNT
msclol2
msclol8
msinit
MsInt
MsIntScan
NAVAlert
NAVAuto-Protect
NAVAPW32
NAVW32
NISSERV
NISUM
NMAIN
noipducservice
NORTON
NortonInternetSecurityProxySrvice
NortonInternetSecurityservice
NortonUneraseProtection
ntiVirusCorporateEdition
NVC95
nvscv
officescanntlistener
OfficeScanNTMonitor
officescanntrealtimescan
outpostfirewallservice
P2PNetworking
PandaAntivirus
pcanywherehostservice
PC-cillinPersonalFirewall
PCCIOMON
PCCMAIN
PCCWIN98
POP3TRAP
psexesvc
QuickHealOnlineProtection
RemoteAgent
remotelypossible/32
risingprocesscommunicationcenter
RisingProcessCommunicationCenter
risingrealtimemonitorservice
RisingRealtimeMonitorService
rundll
SAFEWEB
savroam
ScriptBlockingService
scvhost
secur2
SecurityCenter
services32service:msinit
servu
Serv-U
serv-u-ftp
smss
snakesockproxyservice
SophosAnti-Virus
SophosAnti-VirusNetwork
SygatePersonalFirewall
SygatePersonalFirewallPro
SyGateService
symantecantivirus
symanteccentralquarantine
symantecquarantineagent
symantecquarantinescanner
syslock
SystemEventNotification
systemsecuritydll
taskmanager
TrendMicroProxyService
TrendNTRealtimeService
V3MonNT
V3MonSvc
ViRobotExpertMonitoring
ViRobotLiteMonitoring
ViRobotProfessionalMonitoring
vncserver
VNCserver
VSHWIN32
VSSTAT
WEBSCANX
WEBTRAP
win32sl
WindowsFirewall
WindowsInternetConnectionSharing(ICS)
ZoneAlarm