| 導購 | 订阅 | 在线投稿
分享
 
 
 

Worm.MSNLoveme.e

來源:互聯網  2008-08-14 22:24:01  評論

病毒名稱(中文):

性感雞變種E

病毒別名:

威脅級別:

★★★☆☆

病毒類型:

蠕蟲病毒

病毒長度:

17429

影響系統:

Win9xWinNT

病毒行爲:

該病毒爲性感雞變種E,它通過MSN和網絡共享目錄傳播自身.當用戶感染該病毒後,該病毒會修改hosts文件,使衆多安全及反病毒公司網站重定向一個固定的IP,導致無法正常這此公司的網站;結束常用的反病毒軟件進程;禁止運行一些系統程序(如:任務治理器,msconfig.exe等),嚴重影響用戶的正常工作.

1.複制自身到系統目錄%System32%下:

serbw.exe

formatsys.exe

2.複制自身到%SystemRoot%下:

msmbw.exe

3.在系統盤根目錄下創建以下文件:

Crazy-Frog.Html

lspt.exe

Crazyfroggetskilledbytrain!.pif

Annoyingcrazyfroggettingkilled.pif

Seemylesbianfriends.pif

LOLthaturpic!.pif

Mynewphoto!.pif

Meonholiday!.pif

TheCatAndTheFanpiccy.pif

HowaBlondeEatsaBanana...pif

MonaLisaWantsHerSmileBack.pif

ToplessinMiniSkirt!lol.pif

FatElvis!lol.pif

JenniferLopez.scr

Messageton00bLARISSA.txt

4.修改注冊表使自身隨計算機啓而自動運行

在以下注冊表項:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

添加(隨機):

serpe="%System32%\serbw.exe"

ltwob="%System32%\formatsys.exe"

avnort="%SystemRoot%\msmbw.exe"

5.修改hosts文件,使衆多安全及反病毒公司網站重定向一個固定的IP,導致無法正常下列公司的網站:

64.233.167.104www.symantec.com

64.233.167.104www.sophos.com

64.233.167.104www.mcafee.com

64.233.167.104www.viruslist.com

64.233.167.104www.f-secure.com

64.233.167.104www.avp.com

64.233.167.104www.kaspersky.com

64.233.167.104www.networkassociates.com

64.233.167.104www.ca.com

64.233.167.104www.my-etrust.com

64.233.167.104www.nai.com

64.233.167.104www.trendmicro.com

64.233.167.104www.grisoft.com

64.233.167.104securityresponse.symantec.com

64.233.167.104symantec.com

64.233.167.104sophos.com

64.233.167.104mcafee.com

64.233.167.104liveupdate.symantecliveupdate.com

64.233.167.104viruslist.com

64.233.167.104f-secure.com

64.233.167.104kaspersky.com

64.233.167.104kaspersky-labs.com

64.233.167.104avp.com

64.233.167.104networkassociates.com

64.233.167.104ca.com

64.233.167.104mast.mcafee.com

64.233.167.104my-etrust.com

64.233.167.104download.mcafee.com

64.233.167.104dispatch.mcafee.com

64.233.167.104secure.nai.com

64.233.167.104nai.com

64.233.167.104update.symantec.com

64.233.167.104updates.symantec.com

64.233.167.104us.mcafee.com

64.233.167.104liveupdate.symantec.com

64.233.167.104customer.symantec.com

64.233.167.104rads.mcafee.com

64.233.167.104trendmicro.com

64.233.167.104grisoft.com

64.233.167.104sandbox.norman.no

64.233.167.104www.pandasoftware.com

64.233.167.104uk.trendmicro-europe.com

6.結束安全軟件和禁止運行一些系統程序(如:任務治理器,msconfig.exe等):

7.向MSN好友發送病毒文件,如下圖:

8.彈出一個記事本窗口,如下圖:

9.通網絡共享目錄(如eMule)傳播自身,可能的文件名如下:

MessengerPlus!3.50.exe

MSNallversionpolygamy.exe

MSNnudgebomb.exe

10.關閉包含以下字符串的窗口,從而達到保護病毒自身的目的:

ADWARE

ALERTS

ANTI

AUTOSTARTED

Avg

BENIGN

BLOCKER

BUG

BULLGUARD

BUSTER

CENTER

CILLIN

CLEANER

CMD

Command

DESTROY

DETECTION

DOCTOR

EARTHLINK

EDITOR

ELIMINATE

EYE

FIGHT

Filter

FIREWALL

FIX

FIXING

HEAL

HELP

HUNTER

KERIO

Kill

LABS

LIVEUPDATE

MALWARE

MALWHERE

MCAFEE

NETCOP

NOD32

NORTON

PANDA

PROMPT

PROTECTOR

REGISTRY

REMOVAL

RESTORE

SANDBOX

SCAN

SECURE

SECURITY

SOPHOS

SPY

SPYBOT

SPYWARE

STOPPER

SWEEPER

TASK

TOOL

TREND

Update

VCATCH

VIRUS

WATCH

WORM

PROCESS

病毒名稱(中文): 性感雞變種E 病毒別名: 威脅級別: ★★★☆☆ 病毒類型: 蠕蟲病毒 病毒長度: 17429 影響系統: Win9xWinNT 病毒行爲: 該病毒爲性感雞變種E,它通過MSN和網絡共享目錄傳播自身.當用戶感染該病毒後,該病毒會修改hosts文件,使衆多安全及反病毒公司網站重定向一個固定的IP,導致無法正常這此公司的網站;結束常用的反病毒軟件進程;禁止運行一些系統程序(如:任務治理器,msconfig.exe等),嚴重影響用戶的正常工作. 1.複制自身到系統目錄%System32%下: serbw.exe formatsys.exe 2.複制自身到%SystemRoot%下: msmbw.exe 3.在系統盤根目錄下創建以下文件: Crazy-Frog.Html lspt.exe Crazyfroggetskilledbytrain!.pif Annoyingcrazyfroggettingkilled.pif Seemylesbianfriends.pif LOLthaturpic!.pif Mynewphoto!.pif Meonholiday!.pif TheCatAndTheFanpiccy.pif HowaBlondeEatsaBanana...pif MonaLisaWantsHerSmileBack.pif ToplessinMiniSkirt!lol.pif FatElvis!lol.pif JenniferLopez.scr Messageton00bLARISSA.txt 4.修改注冊表使自身隨計算機啓而自動運行 在以下注冊表項: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 添加(隨機): serpe="%System32%\serbw.exe" ltwob="%System32%\formatsys.exe" avnort="%SystemRoot%\msmbw.exe" 5.修改hosts文件,使衆多安全及反病毒公司網站重定向一個固定的IP,導致無法正常下列公司的網站: 64.233.167.104www.symantec.com 64.233.167.104www.sophos.com 64.233.167.104www.mcafee.com 64.233.167.104www.viruslist.com 64.233.167.104www.f-secure.com 64.233.167.104www.avp.com 64.233.167.104www.kaspersky.com 64.233.167.104www.networkassociates.com 64.233.167.104www.ca.com 64.233.167.104www.my-etrust.com 64.233.167.104www.nai.com 64.233.167.104www.trendmicro.com 64.233.167.104www.grisoft.com 64.233.167.104securityresponse.symantec.com 64.233.167.104symantec.com 64.233.167.104sophos.com 64.233.167.104mcafee.com 64.233.167.104liveupdate.symantecliveupdate.com 64.233.167.104viruslist.com 64.233.167.104f-secure.com 64.233.167.104kaspersky.com 64.233.167.104kaspersky-labs.com 64.233.167.104avp.com 64.233.167.104networkassociates.com 64.233.167.104ca.com 64.233.167.104mast.mcafee.com 64.233.167.104my-etrust.com 64.233.167.104download.mcafee.com 64.233.167.104dispatch.mcafee.com 64.233.167.104secure.nai.com 64.233.167.104nai.com 64.233.167.104update.symantec.com 64.233.167.104updates.symantec.com 64.233.167.104us.mcafee.com 64.233.167.104liveupdate.symantec.com 64.233.167.104customer.symantec.com 64.233.167.104rads.mcafee.com 64.233.167.104trendmicro.com 64.233.167.104grisoft.com 64.233.167.104sandbox.norman.no 64.233.167.104www.pandasoftware.com 64.233.167.104uk.trendmicro-europe.com 6.結束安全軟件和禁止運行一些系統程序(如:任務治理器,msconfig.exe等): 7.向MSN好友發送病毒文件,如下圖: 8.彈出一個記事本窗口,如下圖: 9.通網絡共享目錄(如eMule)傳播自身,可能的文件名如下: MessengerPlus!3.50.exe MSNallversionpolygamy.exe MSNnudgebomb.exe 10.關閉包含以下字符串的窗口,從而達到保護病毒自身的目的: ADWARE ALERTS ANTI AUTOSTARTED Avg BENIGN BLOCKER BUG BULLGUARD BUSTER CENTER CILLIN CLEANER CMD Command DESTROY DETECTION DOCTOR EARTHLINK EDITOR ELIMINATE EYE FIGHT Filter FIREWALL FIX FIXING HEAL HELP HUNTER KERIO Kill LABS LIVEUPDATE MALWARE MALWHERE MCAFEE NETCOP NOD32 NORTON PANDA PROMPT PROTECTOR REGISTRY REMOVAL RESTORE SANDBOX SCAN SECURE SECURITY SOPHOS SPY SPYBOT SPYWARE STOPPER SWEEPER TASK TOOL TREND Update VCATCH VIRUS WATCH WORM PROCESS
󰈣󰈤
王朝萬家燈火計劃
期待原創作者加盟
 
 
 
>>返回首頁<<
 
 
 
 
 熱帖排行
 
 
 
靜靜地坐在廢墟上,四周的荒凉一望無際,忽然覺得,淒涼也很美
© 2005- 王朝網路 版權所有