病毒名称(中文):
病毒别名:
威胁级别:
★☆☆☆☆
病毒类型:
蠕虫病毒
病毒长度:
61140
影响系统:
Win9xWinMeWinNTWin2000WinXPWin2003
病毒行为:
它是一个蠕虫病毒,可以通过电子传播,也可以通过MS03-026漏洞来创办
1。将自身拷贝到
%Win%\Systra.exe
%Sys32%\Hxdef.exe
%Sys32%\iexplore.exe
%Sys32%\RAVMOND.exe
%Sys32%\Kernel66.dll
%Sys32%\WinHelp.exe
2。创建以下后门文件
%Sys32%\ODBC16.dll
%Sys32%\Msjdbc11.dll
%Sys32%\MSSIGN30.DLL
%Sys32%\LMMIB20.DLL
3。在
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
中,添加
"HardwareProfile"="%System%\hxdef.exe
"MicrosoftNetMeetingAssociates,Inc."="NetMeeting.exe"
"PrograminWindows"="%System%\IEXPLORE.EXE"
"ProtectedStorage"="RUNDLL32.EXEMSSIGN30.DLLondll_reg"
"VFWEncoder/DecoderSettings"="RUNDLL32.exeMSSIGN30.DLLondll_reg"
"WinHelp"="%System%\WinHelp.exe"
4。在
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
中,添加
"SystemTra"="%Windir%\Systra.exe"
5。在
HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\CurrentVersion\Windows
中,添加
"run"="RAVMOND.exe"
6。停止下列服务
RisingRealtimeMonitorService
SymantecAntivirusServer
SymantecClient
7。结束下列进程
KV
KAV
Duba
NAV
kill
RavMon.exe
Rfw.exe
Gate
McAfee
Symantec
SkyNet
rising
8。用下列密码猜治理员密码
Guest
Administrator
zxcv
yxcv
xxx
win
test123
test
temp123
temp
sybase
super
sex
secret
pwd
pw123
Password
owner
oracle
mypc123
mypc
mypass123
mypass
love
login
Login
Internet
home
godblessyou
god
enable
database
computer
alpha
admin123
Admin
abcd
aaa
88888888
2600
2004
2003
123asd
123abc
123456789
1234567
123123
121212
11111111
110
007
00000000
000000
pass
54321
12345
password
passwd
server
sql
!@#$%^&*
!@#$%^&
!@#$%^
!@#$%
asdfgh
asdf
!@#$
1234
111
root
abc123
12345678
abcdefg
abcdef
abc
888888
666666
111111
admin
administrator
guest
654321
123456
321
123