Worm.Dark.e

病毒名称(中文):

病毒别名:

黑镖

威胁级别:

★☆☆☆☆

病毒类型:

蠕虫病毒

病毒长度:

102400

影响系统:

Win9xWinMeWinNTWin2000WinXPWin2003

病毒行为:

这是一个通过P2P软件传播的蠕虫病毒，改病毒会修改host，添加起始项，延长病毒寿命，并且在感染的机器上把自己拷贝到常见的P2P软件的共享目录中，达到传播的目的。

1.生成文件:

C:\sys_recover.pif

C:\sex.scr

C:\autoexec.cam

%systemroot%\Jwintask.com

%systemroot%\ouch55.txt

%systemroot%\services.exe

%systemroot%\TEMPER\services.ex

2.添加注册表:

HKCU\Software\Microsoft\InternetExplorer\Main

StartPage

"http://www.thinkgeek.com/fortune.shtml"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

winsrv3

"C:\WINNT\services.exe"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

upDpacketo

"C:\WINNT\TEMPER\services.exe"

HKCU\Software\Microsoft\WindowsNT\CurrentVersion

RegisteredOwner

"KyleDunwin"

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

wintask32

"C:\WINNT\Jwintask.com"

3.修改host:

127.0.0.1customer.symantec.com

127.0.0.1dispatch.mcafee.com

127.0.0.1download.mcafee.com

127.0.0.1f-secure.com

127.0.0.1liveupdate.symantec.com

127.0.0.1liveupdate.symantecliveupdate.com

127.0.0.1localsystem

127.0.0.1mast.mcafee.com

127.0.0.1mcafee.com

127.0.0.1microsoft.com

127.0.0.1my-etrust.com

127.0.0.1nai.com

127.0.0.1rads.mcafee.com

127.0.0.1secure.nai.com

127.0.0.1securityresponse.symantec.com

127.0.0.1sophos.com

127.0.0.1symantec.com

127.0.0.1update.symantec.com

127.0.0.1updates.symantec.com

127.0.0.1us.mcafee.com

127.0.0.1v4.windowsupdate.microsoft.com

127.0.0.1windowsupdate.microsoft.com

127.0.0.1www.f-secure.com

127.0.0.1www.mcafee.com

127.0.0.1www.microsoft.com

127.0.0.1www.my-etrust.com

127.0.0.1www.nai.com

127.0.0.1www.sophos.com

127.0.0.1www.symantec.com

4.修改注册表;

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System

DisableTaskMgr

0

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System

DisableChangePassword

0

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System

DisableRegistryTools

0

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System

DisableLockWorkstation

0

5.尝试把自己拷贝到以下的目录里面并且重新命名:

\Metaa\16YearOldFuck-YoungGirlTakesHugeDickSecretFilm.mov.jpg.exe

\Metaa\ActiveSync3.7FullVersion.exe

\Metaa\ActiveSync4.1Installer.exe

\Metaa\Adobekeygen.exe

\Metaa\AdobePhotoshop9Full.exe

\Metaa\AheadNeroBuningRom7.exe

\Metaa\AviPreviewSetup.exe

\Metaa\BikiniBabes2004Screensaver.scr

\Metaa\BrinteySpearsNaked-NOJOKE.jpg.mov.mp3.exe

\Metaa\Britneysexxxx.jpg.mov.exe

\Metaa\BritneySpearsandEminemporn.jpg.exe

\Metaa\BritneySpearsblowjob.jpg.exe

\Metaa\BritneySpearscumshot.jpg.exe

\Metaa\BritneySpearsfuck.jpg.exe

\Metaa\BritneySpearsfullalbum.mp3.exe

\Metaa\BritneySpearsporn.jpg.exe

\Metaa\BritneySpearsSexyarchive.doc.exe

\Metaa\BritneySpearsSongtextarchive.doc.exe

\Metaa\CloneCDandDVD6.exe

\Metaa\CloneCDSetup+crack.exe

\Metaa\DivX6.0Bundlefinal.exe

\Metaa\DivxBundle5.exe

\Metaa\DivxProBundle7.exe

\Metaa\DressUpBritneySpearsGame.jpg.exe

\Metaa\E-BookArchive2.rtf.exe

\Metaa\EminemandBritneySpearsporn.jpg.exe

\Metaa\Eminemblowjob.jpg.exe

\Metaa\Eminemfullalbum.mp3.exe

\Metaa\EminemPoster.jpg.exe

\Metaa\EminemSexyarchive.doc.exe

\Metaa\EminemSongLyricsarchive.txt.exe

\Metaa\Fifa2004Crack.exe

\Metaa\FootballGame.exe

\Metaa\Fullalbumall.mp3.pif

\Metaa\Future_Dream.mpg.exe

\Metaa\GamesSerials2004.exe

\Metaa\GenericCrack.exe

\Metaa\Gimp1.8FullwithKey.exe

\Metaa\GTA4downloader.exe

\Metaa\GTA3FullSetup+Crack.pif

\Metaa\GTA3NoCD.exe

\Metaa\HarryPotterFullMovie.mpg.exe

\Metaa\HarryPottergame.exe

\Metaa\HotBabes2004.scr

\Metaa\HotmailHackerGold.exe

\Metaa\Howtohacknew.doc.exe

\Metaa\InternetDownloadAcceleratorFullSetup.exe

\Metaa\InternetExplorer9setup.exe

\Metaa\KazaaBooster.exe

\Metaa\KazaaLite3.0new.exe

\Metaa\KazoomFullSetup.exe

\Metaa\KazoomSetupFull.exe

\Metaa\LearnProgramming2004.doc.exe

\Metaa\MacromediaKeygen.exe

\Metaa\Massivexxxpornpicsarchive,lesbianblowjobhardcoresex.exe

\Metaa\MicrosoftOffice2003Crack-ITWORKS.exe

\Metaa\MicrosoftOffice2003Crack,Working.exe

\Metaa\MicrosoftOfficeXPworkingCrack,Keygen.exe

\Metaa\MicrosoftWindowsXP,WinXPCrack,works.exe

\Metaa\MicrosoftWinXPCrackfull.exe

\Metaa\MicrSoftServicePack4.exe

\Metaa\msblastsourcecode.scr

\Metaa\MSNPasswordHackerandStealer.exe

\Metaa\MyEx-GirlfreindStripsthensucks-blowjobmovie.mpg.exe

\Metaa\netskysourcecode.scr

\Metaa\Opera8New.exe

\Metaa\Over20000ProductsKeygen.exe

\Metaa\PCGamerfullcheatbook2004edition.exe

\Metaa\Photoshopcrack.exe

\Metaa\Pornopicsarhivexxx.exe

\Metaa\SabrinaShowerScene03/12/99.mov.exe

\Metaa\Setup.exe

\Metaa\Sex+BlowJobIncar.mov.exe

\Metaa\sexybabes.scr

\Metaa\SexyStripShow.scr

\Metaa\SongLyrcisUpdate2004.exe

\Metaa\SuperDVDRipper7.exe

\Metaa\WindowsXpCrack.pif

\Metaa\Winzip9FullVersion.exe

\Metaa\Winzipcrack,allversionstestedonwinzip9.exe

\Metaa\Worms5Setup.exe

\Metaa\XXXArchiveUpdated2004.exe

\Metaa\xxxharcorebabesscreensaver.mpg.scr

\Metaa\XXXhardcoresexpics.jpg.exe

• ·Win32.Troj.QQMsgBook.g
• ·Win32.Troj.PSWQq.jm
• ·Win32.Brof.a
• ·Win32.Hack.PCYing
• ·Worm.Mytob.p
• ·Win32.Troj.Downloader.a
• ·Win32.Troj.Fantast.b
• ·Win32.Troj.IEInjDowner.
• ·Win32.Troj.IEInjector.b
• ·Worm.Locksky.ao