病毒名称(中文):
恶鹰r
病毒别名:
威胁级别:
★☆☆☆☆
病毒类型:
木马程序
病毒长度:
10183
影响系统:
Win9xWinMeWinNTWin2000WinXPWin2003
病毒行为:
这是一个通过电子邮件传播的恶鹰变种.
首先查找用户机器上的电子邮件地址,然后把自身作为邮件附件,发送到指定邮箱.邮件内容通常会伪装成安全软件公司的邮件,欺骗用户来点击.,从网络上下载病毒,并运行.会给用户带来很大危害.
1.生成文件:
%system%\anti_troj.exe
2.添加起始项:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
anti_troj
%system%\anti_troj.exe
3.添加注册表:
HKCU\Software\FirstRRRun做标记
4.从以下的地址下载文件;
http://www.bakelit.hu/b..php
http://www.nuclear.com.pl/b..php
http://www.batlground.com/b..php
http://www.bbrealservis.sk/b..php
http://www.befag.ru/b..php
http://www.benininfo.com/b..php
http://www.bennylife.com/b..php
http://www.bestcheapdomainregistration.info/b..php
http://www.bidsforbaby.com/b..php
http://www.binhaigolf.com/b..php
http://www.biotenk.com/b..php
http://www.bitsolution.ro/b..php
http://www.nmtltd.com/b..php
http://www.vnettools.com/b..php
http://www.boldrussell.com/b..php
http://www.bronko-m.ru/b..php
http://www.bulkemailservicenow.com/b..php
http://www.bulkemaildirectmarketing.com/b..php
http://www.calidad.biz/b..php
http://www.cansew.ca/b..php
http://www.cansultdubai.ae/b..php
http://www.casaquecanta.com/b..php
http://www.chilotitomarino.cl/b..php
http://www.chinaculturedpearl.com/b..php
http://www.casino-malibu.ru/b..php
http://www.colin18.com/b..php
http://www.khonkaenpoc.com/b..php
http://www.connectesl.com/b..php
http://ala-bg.net/b..php
http://allinfo.com.au/b..php
http://eleceltek.com/b..php
http://alevibirligi.ch/b..php
http://alfaclassic.sk/b..php
http://allanconi.it/b..php
http://www.americarising.com/b..php
http://americasenergyco.com/b..php
http://amerykaameryka.com/b..php
http://amistra.com/b..php
http://analisisyconsultoria.com/b..php
http://calamarco.com/b..php