| 導購 | 订阅 | 在线投稿
分享
 
 
 

Worm.MSNLoveme.i

來源:互聯網  2008-08-14 22:23:30  評論

病毒名稱(中文):

性感雞變種i

病毒別名:

威脅級別:

★★☆☆☆

病毒類型:

蠕蟲病毒

病毒長度:

23476

影響系統:

Win9xWinNT

病毒行爲:

該病毒爲性感雞變種i,它通過MSN傳播,當用戶感染該病毒後,該病毒會修改hosts文件,使衆多安全及反病毒公司網站地址重定位到BBC網站,有可能導致對BBC網站的DDos攻擊,且無法正常這些安全公司的網站;禁止運行一些系統程序(如:任務治理器,msconfig.exe等);禁止系統還原;禁止Windows資源治理器的"文件夾選項"等;關閉MSN接收文件查毒選項,嚴重影響用戶的正常工作.

調用IE打開的html如下:

1.複制自身到系統目錄%System32%下:

csnss.exe

mcsv.com

2.複制自身到%SystemRoot%下:

svhost.exe

LARISSAyoumuppet.txt

3.在系統盤根目錄下創建以下文件:

D:\l0ser.Html

D:\Deathofcrazyfrog!.pif

D:\Hotbabe!.pif

D:\ReallyCute.pif

D:\Mypiccy.pif24KB

D:\Bungee-Fuck.pif

D:\I_love_you.123greetings.com.com

D:\ParisHiltonSexTape.pif

D:\ShootBillGates!.exe

D:\Best_Friend.scr

D:\lolBustedAreGay!.pif

D:\SaddamSong!.pif

D:\MeattheBeach!.pif

4.修改注冊表使自身隨計算機啓而自動運行

NDAv="%System32%\csnss.exe"

SDAv="%System32%\mcsv.com.exe"

HKEY_CURRENT_USER\Microsoft\Windows\CurrentVersion\Run

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon

Userinit="%System32%\userinit.exe,D:\WINNT\system32\mcsv.com"

5.在系統注冊表中添加(禁止系統還原):

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsNT\SystemRestore

DisableConfig=00000001

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsNT\SystemRestore

DisableSR=00000001

6.修改MSN接收文件查毒選項

HKEY_CURRENT_USER\Software\Microsoft\MSNMessenger

AVEnbl=00000000

7.修改hosts文件,使衆多安全及反病毒公司網站重定向到BBC網站,導致無法正常下列公司的網站:

212.58.240.33www.symantec.com

212.58.240.33www.sophos.com

212.58.240.33www.mcafee.com

212.58.240.33www.viruslist.com

212.58.240.33www.f-secure.com

212.58.240.33www.avp.com

212.58.240.33www.kaspersky.com

212.58.240.33www.networkassociates.com

212.58.240.33www.ca.com

212.58.240.33www.my-etrust.com

212.58.240.33www.nai.com

212.58.240.33www.trendmicro.com

212.58.240.33www.grisoft.com

212.58.240.33securityresponse.symantec.com

212.58.240.33symantec.com

212.58.240.33sophos.com

212.58.240.33mcafee.com

212.58.240.33liveupdate.symantecliveupdate.com

212.58.240.33viruslist.com

212.58.240.33f-secure.com

212.58.240.33kaspersky.com

212.58.240.33kaspersky-labs.com

212.58.240.33avp.com

212.58.240.33networkassociates.com

212.58.240.33ca.com

212.58.240.33mast.mcafee.com

212.58.240.33my-etrust.com

212.58.240.33download.mcafee.com

212.58.240.33dispatch.mcafee.com

212.58.240.33secure.nai.com

212.58.240.33nai.com

212.58.240.33update.symantec.com

212.58.240.33updates.symantec.com

212.58.240.33us.mcafee.com

212.58.240.33liveupdate.symantec.com

212.58.240.33customer.symantec.com

212.58.240.33rads.mcafee.com

212.58.240.33trendmicro.com

212.58.240.33grisoft.com

212.58.240.33sandbox.norman.no

212.58.240.33www.pandasoftware.com

212.58.240.33uk.trendmicro-europe.com

8.結束安全軟件和禁止運行一些系統程序(如:任務治理器,msconfig.exe等):

9.向MSN好友發送病毒文件

10.通網絡共享目錄(如eMule)傳播自身,可能的文件名如下:

MSNMessenger7patch!.exe

CE/DPStealer2.exe

MSNAvatarDisplayPack1.0.exe

病毒名稱(中文): 性感雞變種i 病毒別名: 威脅級別: ★★☆☆☆ 病毒類型: 蠕蟲病毒 病毒長度: 23476 影響系統: Win9xWinNT 病毒行爲: 該病毒爲性感雞變種i,它通過MSN傳播,當用戶感染該病毒後,該病毒會修改hosts文件,使衆多安全及反病毒公司網站地址重定位到BBC網站,有可能導致對BBC網站的DDos攻擊,且無法正常這些安全公司的網站;禁止運行一些系統程序(如:任務治理器,msconfig.exe等);禁止系統還原;禁止Windows資源治理器的"文件夾選項"等;關閉MSN接收文件查毒選項,嚴重影響用戶的正常工作. 調用IE打開的html如下: 1.複制自身到系統目錄%System32%下: csnss.exe mcsv.com 2.複制自身到%SystemRoot%下: svhost.exe LARISSAyoumuppet.txt 3.在系統盤根目錄下創建以下文件: D:\l0ser.Html D:\Deathofcrazyfrog!.pif D:\Hotbabe!.pif D:\ReallyCute.pif D:\Mypiccy.pif 24KB D:\Bungee-Fuck.pif D:\I_love_you.123greetings.com.com D:\ParisHiltonSexTape.pif D:\ShootBillGates!.exe D:\Best_Friend.scr D:\lolBustedAreGay!.pif D:\SaddamSong!.pif D:\MeattheBeach!.pif 4.修改注冊表使自身隨計算機啓而自動運行 NDAv= "%System32%\csnss.exe" SDAv="%System32%\mcsv.com.exe" HKEY_CURRENT_USER\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon Userinit= "%System32%\userinit.exe,D:\WINNT\system32\mcsv.com" 5.在系統注冊表中添加(禁止系統還原): HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsNT\SystemRestore DisableConfig= 00000001 HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsNT\SystemRestore DisableSR= 00000001 6.修改MSN接收文件查毒選項 HKEY_CURRENT_USER\Software\Microsoft\MSNMessenger AVEnbl =00000000 7.修改hosts文件,使衆多安全及反病毒公司網站重定向到BBC網站,導致無法正常下列公司的網站: 212.58.240.33www.symantec.com 212.58.240.33www.sophos.com 212.58.240.33www.mcafee.com 212.58.240.33www.viruslist.com 212.58.240.33www.f-secure.com 212.58.240.33www.avp.com 212.58.240.33www.kaspersky.com 212.58.240.33www.networkassociates.com 212.58.240.33www.ca.com 212.58.240.33www.my-etrust.com 212.58.240.33www.nai.com 212.58.240.33www.trendmicro.com 212.58.240.33www.grisoft.com 212.58.240.33securityresponse.symantec.com 212.58.240.33symantec.com 212.58.240.33sophos.com 212.58.240.33mcafee.com 212.58.240.33liveupdate.symantecliveupdate.com 212.58.240.33viruslist.com 212.58.240.33f-secure.com 212.58.240.33kaspersky.com 212.58.240.33kaspersky-labs.com 212.58.240.33avp.com 212.58.240.33networkassociates.com 212.58.240.33ca.com 212.58.240.33mast.mcafee.com 212.58.240.33my-etrust.com 212.58.240.33download.mcafee.com 212.58.240.33dispatch.mcafee.com 212.58.240.33secure.nai.com 212.58.240.33nai.com 212.58.240.33update.symantec.com 212.58.240.33updates.symantec.com 212.58.240.33us.mcafee.com 212.58.240.33liveupdate.symantec.com 212.58.240.33customer.symantec.com 212.58.240.33rads.mcafee.com 212.58.240.33trendmicro.com 212.58.240.33grisoft.com 212.58.240.33sandbox.norman.no 212.58.240.33www.pandasoftware.com 212.58.240.33uk.trendmicro-europe.com 8.結束安全軟件和禁止運行一些系統程序(如:任務治理器,msconfig.exe等): 9.向MSN好友發送病毒文件 10.通網絡共享目錄(如eMule)傳播自身,可能的文件名如下: MSNMessenger7patch!.exe CE/DPStealer2.exe MSNAvatarDisplayPack1.0.exe
󰈣󰈤
王朝萬家燈火計劃
期待原創作者加盟
 
 
 
>>返回首頁<<
 
 
 
 
 熱帖排行
 
 
 
靜靜地坐在廢墟上,四周的荒凉一望無際,忽然覺得,淒涼也很美
© 2005- 王朝網路 版權所有