| 導購 | 订阅 | 在线投稿
分享
 
 
 

Worm.Beagle.fl

來源:互聯網  2008-08-14 22:40:55  評論

病毒名稱(中文):

惡鷹fl

病毒別名:

威脅級別:

★★☆☆☆

病毒類型:

蠕蟲病毒

病毒長度:

41001

影響系統:

Win9xWinMeWinNTWin2000WinXPWin2003

病毒行爲:

這是一個通過郵件傳播的蠕蟲病毒,該病毒首先會刪除用戶機器上的安全軟件的起始項,然後在把自己加載到起始項中,使病毒可以開機啓動。該病毒運行時會搜索用戶機器上的郵件地址,向搜索到的郵件地

址發送病毒本身,對用戶帶來很多不便。

1。建立互斥變量名爲:

"MuXxXxTENYKSDesignedAsTheFollowerOfSkynet-D"

""D"r"o"p"p"e"d"S"k"y"N"e"t""

"_-oOaxX|-+S+-+k+-+y+-+N+-+e+-+t+-|XxKOo-_"

"[SkyNet.cz]SystemsMutex"

"AdmSkynetJklS003"

"____--->>>>U<<<<--____"

"_-oO]xX|-S-k-y-N-e-t-|Xx[Oo-_"

2。刪除一下的起始項:

"HLCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"

"MyAV"

"ZoneLabsClientEx"

"9XHtProtect"

"Antivirus"

"SpecialFirewallService"

"service"

"TinyAV"

"ICQNet"

"HtProtect"

"NetDy"

"Jammer2nd"

"FirewallSvr"

"MsInfo"

"SysMonXP"

"EasyAV"

"PandaAVEngine"

"NortonAntivirusAV"

"KasperskyAVEng"

"SkynetsRevenge"

"ICQNet"

3.在%system%中生成:

windspl.exe

4.添加起始項,使病毒開機啓動

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

"DsplObjects"

windspl.exe

5.發送郵件的附件爲一下文件名:

MicrosoftOffice2003Crack,Working!.exe

MicrosoftWindowsXP,WinXPCrack,workingKeygen.exe

MicrosoftOfficeXPworkingCrack,Keygen.exe

Porno,sex,oral,analcool,awesome!!.exe

PornoScreensaver.scr

Serials.txt.exe

KAV5.0KasperskyAntivirus5.0Pornopicsarhive,xxx.exe

WindowsSourcecodeupdate.doc.exe

AheadNero7.exe

WindownLonghornBetaLeak.exe

Opera8New!.exe

XXXhardcoreimages.exe

WinAmp6New!.exe

WinAmp5ProKeygenCrackUpdate.exe

AdobePhotoshop9full.exe

Matrix3RevolutionEnglishSubtitles.exe

ACDSee9.exe

標題:

Gwd:MsgreplyGwd:Hello:-)

Gwd:Yahoo!!!Gwd:Thankyou!Gwd:Thanks:)

Gwd:TextmessageGwd:Document

Gwd:Incomingmessage

Gwd:IncomingMessage

Gwd:IncomingMsg

Gwd:MessageNotify

Gwd:Notification

Gwd:Changes..

Gwd:Update

Gwd:FaxMessage

Gwd:ProtectedmessageGwd:Protectedmessage

Gwd:Forumnotify

Gwd:Sitechanges

Gwd:Hi

Gwd:crypteddocument

內容:

Ok.Readtheattach.

Ok.Yourfileisattached.

Ok.Moreinfoisinattach

Ok.Seeattach.

Ok.Please,havealookattheattachedfile.

Ok.Yourdocumentisattached.

Ok.Please,readthedocument.

Ok.Attachtellseverything.

Ok.Attachedfiletellseverything.

Ok.Checkattachedfilefordetails.

Ok.Checkattachedfile.

Ok.Payattentionattheattach.

Ok.Seetheattachedfilefordetails.

Ok.Messageisinattach

Ok.Hereisthefile.

6。在文件中隱藏著作者的一段話:

Inadifficultworld

Inanamelesstime

Iwanttosurvive

So,youwillbemine!!

--BagleAuthor,29.04.04,Germany.

病毒名稱(中文): 惡鷹fl 病毒別名: 威脅級別: ★★☆☆☆ 病毒類型: 蠕蟲病毒 病毒長度: 41001 影響系統: Win9xWinMeWinNTWin2000WinXPWin2003 病毒行爲: 這是一個通過郵件傳播的蠕蟲病毒,該病毒首先會刪除用戶機器上的安全軟件的起始項,然後在把自己加載到起始項中,使病毒可以開機啓動。該病毒運行時會搜索用戶機器上的郵件地址,向搜索到的郵件地 址發送病毒本身,對用戶帶來很多不便。 1。建立互斥變量名爲: "MuXxXxTENYKSDesignedAsTheFollowerOfSkynet-D" ""D"r"o"p"p"e"d"S"k"y"N"e"t"" "_-oOaxX|-+S+-+k+-+y+-+N+-+e+-+t+-|XxKOo-_" "[SkyNet.cz]SystemsMutex" "AdmSkynetJklS003" "____--->>>>U<<<<--____" "_-oO]xX|-S-k-y-N-e-t-|Xx[Oo-_" 2。刪除一下的起始項: "HLCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "MyAV" "ZoneLabsClientEx" "9XHtProtect" "Antivirus" "SpecialFirewallService" "service" "TinyAV" "ICQNet" "HtProtect" "NetDy" "Jammer2nd" "FirewallSvr" "MsInfo" "SysMonXP" "EasyAV" "PandaAVEngine" "NortonAntivirusAV" "KasperskyAVEng" "SkynetsRevenge" "ICQNet" 3.在%system%中生成: windspl.exe 4.添加起始項,使病毒開機啓動 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "DsplObjects" windspl.exe 5.發送郵件的附件爲一下文件名: MicrosoftOffice2003Crack,Working!.exe MicrosoftWindowsXP,WinXPCrack,workingKeygen.exe MicrosoftOfficeXPworkingCrack,Keygen.exe Porno,sex,oral,analcool,awesome!!.exe PornoScreensaver.scr Serials.txt.exe KAV5.0KasperskyAntivirus5.0Pornopicsarhive,xxx.exe WindowsSourcecodeupdate.doc.exe AheadNero7.exe WindownLonghornBetaLeak.exe Opera8New!.exe XXXhardcoreimages.exe WinAmp6New!.exe WinAmp5ProKeygenCrackUpdate.exe AdobePhotoshop9full.exe Matrix3RevolutionEnglishSubtitles.exe ACDSee9.exe 標題: Gwd:MsgreplyGwd:Hello:-) Gwd:Yahoo!!!Gwd:Thankyou!Gwd:Thanks:) Gwd:TextmessageGwd:Document Gwd:Incomingmessage Gwd:IncomingMessage Gwd:IncomingMsg Gwd:MessageNotify Gwd:Notification Gwd:Changes.. Gwd:Update Gwd:FaxMessage Gwd:ProtectedmessageGwd:Protectedmessage Gwd:Forumnotify Gwd:Sitechanges Gwd:Hi Gwd:crypteddocument 內容: Ok.Readtheattach. Ok.Yourfileisattached. Ok.Moreinfoisinattach Ok.Seeattach. Ok.Please,havealookattheattachedfile. Ok.Yourdocumentisattached. Ok.Please,readthedocument. Ok.Attachtellseverything. Ok.Attachedfiletellseverything. Ok.Checkattachedfilefordetails. Ok.Checkattachedfile. Ok.Payattentionattheattach. Ok.Seetheattachedfilefordetails. Ok.Messageisinattach Ok.Hereisthefile. 6。在文件中隱藏著作者的一段話: Inadifficultworld Inanamelesstime Iwanttosurvive So,youwillbemine!! --BagleAuthor,29.04.04,Germany.
󰈣󰈤
 
 
 
>>返回首頁<<
 
 
 
 
 熱帖排行
 
王朝網路微信公眾號
微信掃碼關註本站公眾號 wangchaonetcn
 
 
靜靜地坐在廢墟上,四周的荒凉一望無際,忽然覺得,淒涼也很美
© 2005- 王朝網路 版權所有