病毒名稱(中文):
惡鷹fl
病毒別名:
威脅級別:
★★☆☆☆
病毒類型:
蠕蟲病毒
病毒長度:
41001
影響系統:
Win9xWinMeWinNTWin2000WinXPWin2003
病毒行為:
這是一個通過郵件傳播的蠕蟲病毒,該病毒首先會刪除用戶機器上的安全軟件的起始項,然後在把自己加載到起始項中,使病毒可以開機啟動。該病毒運行時會搜索用戶機器上的郵件地址,向搜索到的郵件地
址發送病毒本身,對用戶帶來很多不便。
1。建立互斥變量名為:
"MuXxXxTENYKSDesignedAsTheFollowerOfSkynet-D"
""D"r"o"p"p"e"d"S"k"y"N"e"t""
"_-oOaxX|-+S+-+k+-+y+-+N+-+e+-+t+-|XxKOo-_"
"[SkyNet.cz]SystemsMutex"
"AdmSkynetJklS003"
"____--->>>>U<<<<--____"
"_-oO]xX|-S-k-y-N-e-t-|Xx[Oo-_"
2。刪除一下的起始項:
"HLCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"MyAV"
"ZoneLabsClientEx"
"9XHtProtect"
"Antivirus"
"SpecialFirewallService"
"service"
"TinyAV"
"ICQNet"
"HtProtect"
"NetDy"
"Jammer2nd"
"FirewallSvr"
"MsInfo"
"SysMonXP"
"EasyAV"
"PandaAVEngine"
"NortonAntivirusAV"
"KasperskyAVEng"
"SkynetsRevenge"
"ICQNet"
3.在%system%中生成:
windspl.exe
4.添加起始項,使病毒開機啟動
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"DsplObjects"
windspl.exe
5.發送郵件的附件為一下文件名:
MicrosoftOffice2003Crack,Working!.exe
MicrosoftWindowsXP,WinXPCrack,workingKeygen.exe
MicrosoftOfficeXPworkingCrack,Keygen.exe
Porno,sex,oral,analcool,awesome!!.exe
PornoScreensaver.scr
Serials.txt.exe
KAV5.0KasperskyAntivirus5.0Pornopicsarhive,xxx.exe
WindowsSourcecodeupdate.doc.exe
AheadNero7.exe
WindownLonghornBetaLeak.exe
Opera8New!.exe
XXXhardcoreimages.exe
WinAmp6New!.exe
WinAmp5ProKeygenCrackUpdate.exe
AdobePhotoshop9full.exe
Matrix3RevolutionEnglishSubtitles.exe
ACDSee9.exe
標題:
Gwd:MsgreplyGwd:Hello:-)
Gwd:Yahoo!!!Gwd:Thankyou!Gwd:Thanks:)
Gwd:TextmessageGwd:Document
Gwd:Incomingmessage
Gwd:IncomingMessage
Gwd:IncomingMsg
Gwd:MessageNotify
Gwd:Notification
Gwd:Changes..
Gwd:Update
Gwd:FaxMessage
Gwd:ProtectedmessageGwd:Protectedmessage
Gwd:Forumnotify
Gwd:Sitechanges
Gwd:Hi
Gwd:crypteddocument
內容:
Ok.Readtheattach.
Ok.Yourfileisattached.
Ok.Moreinfoisinattach
Ok.Seeattach.
Ok.Please,havealookattheattachedfile.
Ok.Yourdocumentisattached.
Ok.Please,readthedocument.
Ok.Attachtellseverything.
Ok.Attachedfiletellseverything.
Ok.Checkattachedfilefordetails.
Ok.Checkattachedfile.
Ok.Payattentionattheattach.
Ok.Seetheattachedfilefordetails.
Ok.Messageisinattach
Ok.Hereisthefile.
6。在文件中隱藏著作者的一段話:
Inadifficultworld
Inanamelesstime
Iwanttosurvive
So,youwillbemine!!
--BagleAuthor,29.04.04,Germany.