| 導購 | 订阅 | 在线投稿
分享
 
 
 

Worm.Beagle.fi

2008-08-14 22:50:10  編輯來源:互聯網  简体版  手機版  移動版  評論  字體: ||
 

病毒名稱(中文):

病毒別名:

威脅級別:

★☆☆☆☆

病毒類型:

蠕蟲病毒

病毒長度:

69842

影響系統:

Win9xWinMeWinNTWin2000WinXPWin2003

病毒行爲:

這是一種通過郵件傳播的蠕蟲病毒,該病毒搜索被感染機器上的郵件地址把自己的拷貝發送出去,並且會嘗試下載新病毒變種。該病毒並且會生成驅動保護病毒,刪除大量的注冊表項,使被感染的機器無法進入安全模式。

1。生成文件:

%ApplicationData%\hidn\hidn.exe

%ApplicationData%\hidn\m_hook.sys

C:\error.gif

2.當病毒第一次運行的時候會生成一下鍵值:

HKCU\Software\FirstRuxzx

FirstRun

3.起始項裏面添加以下內容:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

drv_st_key

4.嘗試連接smtp.google.com判定網絡是否連通。

5.嘗試下載以下文件:

http://www.titanmotors.com/images/1/eml.php

http://veranmaisala.com/1/eml.php

http://wklight.nazwa.pl/1/eml.php

http://yongsan24.co.kr/1/eml.php

http://accesible.cl/1/eml.php

http://hotelesalba.com/1/eml.php

http://amdlady.com/1/eml.php

http://inca.dnetsolution.net/1/eml.php

http://www.auraura.com/1/eml.php

http://avataresgratis.com/1/eml.php

http://beyoglu.com.tr/1/eml.php

http://brandshock.com/1/eml.php

http://www.buydigital.co.kr/1/eml.php

http://camaramafra.sc.gov.br/1/eml.php

http://camposequipamentos.com.br/1/eml.php

http://cbradio.sos.pl/1/eml.php

http://c-d-c.com.au/1/eml.php

http://www.klanpl.com/1/eml.php

http://coparefrescos.stantonstreetgroup.com/1/eml.php

http://creainspire.com/1/eml.php

http://desenjoi.com.br/1/eml.php

http://www.inprofile.gr/1/eml.php

http://www.diem.cl/1/eml.php

http://www.discotecapuzzle.com/1/eml.php

http://ujscie.one.pl/777.gif

http://1point2.iae.nl/777.gif

http://appaloosa.no/777.gif

http://apromed.com/777.gif

http://arborfolia.com/777.gif

http://pawlacz.com/777.gif

http://areal-realt.ru/777.gif

http://bitel.ru/777.gif

http://yetii.no-ip.com/777.gif

http://art4u1.superhost.pl/777.gif

http://www.artbed.pl/777.gif

http://art-bizar.foxnet.pl/777.gif

http://www.jonogueira.com/777.gif

http://asdesign.cz/777.gif

http://ftp-dom.earthlink.net/777.gif

http://www.aureaorodeley.com/777.gif

http://www.autoekb.ru/777.gif

http://www.autovorota.ru/777.gif

http://avenue.ee/777.gif

http://www.avinpharma.ru/777.gif

http://ouarzazateservices.com/777.gif

http://stats-adf.altadis.com/777.gif

http://bartex-cit.com.pl/777.gif

http://bazarbekr.sk/777.gif

http://gnu.univ.gda.pl/777.gif

http://bid-usa.com/777.gif

http://biliskov.com/777.gif

http://biomedpel.cz/777.gif

http://blackbull.cz/777.gif

http://bohuminsko.cz/777.gif

http://bonsai-world.com.au/777.gif

http://bpsbillboards.com/777.gif

http://cadinformatics.com/777.gif

http://canecaecia.com/777.gif

http://www.castnetnultimedia.com/777.gif

http://compucel.com/777.gif

http://continentalcarbonindia.com/777.gif

http://ceramax.co.kr/777.gif

http://prime.gushi.org/777.gif

http://www.chapisteriadaniel.com/777.gif

http://charlesspaans.com/777.gif

http://chatsk.wz.cz/777.gif

http://www.chittychat.com/777.gif

http://checkalertusa.com/777.gif

http://cibernegocios.com.ar/777.gif

http://5050clothing.com/777.gif

http://cof666.shockonline.net/777.gif

http://comaxtechnologies.net/777.gif

http://concellodesandias.com/777.gif

http://www.cort.ru/777.gif

http://donchef.com/777.gif

http://www.crfj.com/777.gif

http://kremz.ru/777.gif

http://dev.jintek.com/777.gif

http://foxvcoin.com/777.gif

http://uwua132.org/777.gif

http://v-v-kopretiny.ic.cz/777.gif

http://erich-kaestner-schule-donaueschingen.de/777.gif

http://vanvakfi.com/777.gif

http://axelero.hu/777.gif

http://kisalfold.com/777.gif

http://vega-sps.com/777.gif

http://vidus.ru/777.gif

http://viralstrategies.com/777.gif

http://svatba.viskot.cz/777.gif

http://Vivamodelhobby.com/777.gif

http://vkinfotech.com/777.gif

http://vytukas.com/777.gif

http://waisenhaus-kenya.ch/777.gif

http://watsrisuphan.org/777.gif

http://www.ag.ohio-state.edu/777.gif

http://wbecanada.com/777.gif

http://calamarco.com/777.gif

http://vproinc.com/777.gif

http://grupdogus.de/777.gif

http://knickimbit.de/777.gif

http://dogoodesign.ch/777.gif

http://systemforex.de/777.gif

http://zebrachina.net/777.gif

http://www.walsch.de/777.gif

http://hotchillishop.de/777.gif

http://innovation.ojom.net/777.gif

http://massgroup.de/777.gif

http://web-comp.hu/777.gif

http://webfull.com/777.gif

http://welvo.com/777.gif

http://www.ag.ohio-state.edu/777.gif

http://poliklinika-vajnorska.sk/777.gif

http://wvpilots.org/777.gif

http://www.kersten.de/777.gif

http://www.kljbwadersloh.de/777.gif

http://www.voov.de/777.gif

http://www.wchat.cz/777.gif

http://www.wg-aufbau-bautzen.de/777.gif

http://www.wzhuate.com/777.gif

http://zsnabreznaknm.sk/777.gif

http://xotravel.ru/777.gif

http://ilikesimple.com/777.gif

http://yeniguntugla.com/777.gif

6.結束以下進程:

"ashAvast.exe"

"ashDisp.exe"

"ashEnhcd.exe"

"ashPopWz.exe"

"ashSimpl.exe"

"ashSkPck.exe"

"ashWebSv.exe"

"AUPDATE.EXE"

"Avconsol.exe"

"avgcc.exe"

"avgemc.exe"

"AVGNT.EXE"

"AVSCHED32.EXE"

"Avsynmgr.exe"

"AVWUPD32.EXE"

"bdmcon.exe"

"bdnews.exe"

"bdsubmit.exe"

"bdswitch.exe"

"cafix.exe"

"ccApp.exe"

"CCEVTMGR.EXE"

"CCSETMGR.EXE"

"ClamTray.exe"

"ClamWin.exe"

"CMGrdian.exe"

"drwadins.exe"

"drweb32w.exe"

"drwebscd.exe"

"drwebupw.exe"

"freshclam.exe"

"GUARDGUI.EXE"

"GuardNT.exe"

"INETUPD.EXE"

"InocIT.exe"

"InoUpTNG.exe"

"isafe.exe"

"KAV.exe"

"kavmm.exe"

"KAVPF.exe"

"LUALL.EXE"

"Luupdate.exe"

"Mcshield.exe"

"NAVAPSVC.EXE"

"nod32.exe"

"nod32kui.exe"

"NPFMNTOR.EXE"

"npfmsg.exe"

"Nvcod.exe"

"Nvcte.exe"

"Nvcut.exe"

"outpost.exe"

"pccguide.exe"

"PcCtlCom.exe"

"QHPF.EXE"

"Realmon.exe"

"regedit.exe"

"regedt32.exe"

"RuLaunch.exe"

"SNDSrvc.exe"

"SPBBCSvc.exe"

"spiderml.exe"

"symlcsvc.exe"

"Tmntsrv.exe"

"TmPfw.exe"

"tmproxy.exe"

"Up2Date.exe"

"upgrepl.exe"

"Vba32ECM.exe"

"Vba32ifs.exe"

"vba32ldr.exe"

"Vba32PP3.exe"

"Vshwin32.exe"

"VsStat.exe"

"zatutor.exe"

"zlclient.exe"

"zonealarm.exe"

"guardnt.sys"

"filtnt.sys"

avsvc.exe

bdmcon.exe

vsserv.exe

bdnews.exe

livesrv.exe

mcupdate.exe

frameworkservice.exe

upgrader.exe

apvxdwin.exe

LuComServer_2_5.EXE

lucomserver_2_6.exe

drwebupw.exe

nod32krn.exe

7.在被感染的機器上搜索以下的文件格式,查找郵件地址:

.wab

.txt

.msg

.htm

.shtm

.stm

.xml

.dbx

.mbx

.mdx

.eml

.nch

.mmf

.ods

.cfg

.asp

.php

.pl

.wsh

.adb

.tbb

.sht

.xls

.oft

.uin

.cgi

.mht

.dhtm

.jsp

8.不向含有以下字符的郵件地址發送郵件:

@hotmail

@msn

@microsoft

rating@

f-secur

news

update

anyone@

bugs@

contract@

feste

gold-certs@

help@

info@

nobody@

noone@

kasp

admin

icrosoft

support

ntivi

unix

bsd

linux

listserv

certific

sopho

@foo

@iana

free-av

@messagelab

winzip

google

winrar

samples

abuse

panda

cafee

spam

pgp

@avp.

noreply

local

root@

postmaster@

 
病毒名稱(中文): 病毒別名: 威脅級別: ★☆☆☆☆ 病毒類型: 蠕蟲病毒 病毒長度: 69842 影響系統: Win9xWinMeWinNTWin2000WinXPWin2003 病毒行爲: 這是一種通過郵件傳播的蠕蟲病毒,該病毒搜索被感染機器上的郵件地址把自己的拷貝發送出去,並且會嘗試下載新病毒變種。該病毒並且會生成驅動保護病毒,刪除大量的注冊表項,使被感染的機器無法進入安全模式。 1。生成文件: %ApplicationData%\hidn\hidn.exe %ApplicationData%\hidn\m_hook.sys C:\error.gif 2.當病毒第一次運行的時候會生成一下鍵值: HKCU\Software\FirstRuxzx FirstRun 3.起始項裏面添加以下內容: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run drv_st_key 4.嘗試連接smtp.google.com判定網絡是否連通。 5.嘗試下載以下文件: http://www.titanmotors.com/images/1/eml.php http://veranmaisala.com/1/eml.php http://wklight.nazwa.pl/1/eml.php http://yongsan24.co.kr/1/eml.php http://accesible.cl/1/eml.php http://hotelesalba.com/1/eml.php http://amdlady.com/1/eml.php http://inca.dnetsolution.net/1/eml.php http://www.auraura.com/1/eml.php http://avataresgratis.com/1/eml.php http://beyoglu.com.tr/1/eml.php http://brandshock.com/1/eml.php http://www.buydigital.co.kr/1/eml.php http://camaramafra.sc.gov.br/1/eml.php http://camposequipamentos.com.br/1/eml.php http://cbradio.sos.pl/1/eml.php http://c-d-c.com.au/1/eml.php http://www.klanpl.com/1/eml.php http://coparefrescos.stantonstreetgroup.com/1/eml.php http://creainspire.com/1/eml.php http://desenjoi.com.br/1/eml.php http://www.inprofile.gr/1/eml.php http://www.diem.cl/1/eml.php http://www.discotecapuzzle.com/1/eml.php http://ujscie.one.pl/777.gif http://1point2.iae.nl/777.gif http://appaloosa.no/777.gif http://apromed.com/777.gif http://arborfolia.com/777.gif http://pawlacz.com/777.gif http://areal-realt.ru/777.gif http://bitel.ru/777.gif http://yetii.no-ip.com/777.gif http://art4u1.superhost.pl/777.gif http://www.artbed.pl/777.gif http://art-bizar.foxnet.pl/777.gif http://www.jonogueira.com/777.gif http://asdesign.cz/777.gif http://ftp-dom.earthlink.net/777.gif http://www.aureaorodeley.com/777.gif http://www.autoekb.ru/777.gif http://www.autovorota.ru/777.gif http://avenue.ee/777.gif http://www.avinpharma.ru/777.gif http://ouarzazateservices.com/777.gif http://stats-adf.altadis.com/777.gif http://bartex-cit.com.pl/777.gif http://bazarbekr.sk/777.gif http://gnu.univ.gda.pl/777.gif http://bid-usa.com/777.gif http://biliskov.com/777.gif http://biomedpel.cz/777.gif http://blackbull.cz/777.gif http://bohuminsko.cz/777.gif http://bonsai-world.com.au/777.gif http://bpsbillboards.com/777.gif http://cadinformatics.com/777.gif http://canecaecia.com/777.gif http://www.castnetnultimedia.com/777.gif http://compucel.com/777.gif http://continentalcarbonindia.com/777.gif http://ceramax.co.kr/777.gif http://prime.gushi.org/777.gif http://www.chapisteriadaniel.com/777.gif http://charlesspaans.com/777.gif http://chatsk.wz.cz/777.gif http://www.chittychat.com/777.gif http://checkalertusa.com/777.gif http://cibernegocios.com.ar/777.gif http://5050clothing.com/777.gif http://cof666.shockonline.net/777.gif http://comaxtechnologies.net/777.gif http://concellodesandias.com/777.gif http://www.cort.ru/777.gif http://donchef.com/777.gif http://www.crfj.com/777.gif http://kremz.ru/777.gif http://dev.jintek.com/777.gif http://foxvcoin.com/777.gif http://uwua132.org/777.gif http://v-v-kopretiny.ic.cz/777.gif http://erich-kaestner-schule-donaueschingen.de/777.gif http://vanvakfi.com/777.gif http://axelero.hu/777.gif http://kisalfold.com/777.gif http://vega-sps.com/777.gif http://vidus.ru/777.gif http://viralstrategies.com/777.gif http://svatba.viskot.cz/777.gif http://Vivamodelhobby.com/777.gif http://vkinfotech.com/777.gif http://vytukas.com/777.gif http://waisenhaus-kenya.ch/777.gif http://watsrisuphan.org/777.gif http://www.ag.ohio-state.edu/777.gif http://wbecanada.com/777.gif http://calamarco.com/777.gif http://vproinc.com/777.gif http://grupdogus.de/777.gif http://knickimbit.de/777.gif http://dogoodesign.ch/777.gif http://systemforex.de/777.gif http://zebrachina.net/777.gif http://www.walsch.de/777.gif http://hotchillishop.de/777.gif http://innovation.ojom.net/777.gif http://massgroup.de/777.gif http://web-comp.hu/777.gif http://webfull.com/777.gif http://welvo.com/777.gif http://www.ag.ohio-state.edu/777.gif http://poliklinika-vajnorska.sk/777.gif http://wvpilots.org/777.gif http://www.kersten.de/777.gif http://www.kljbwadersloh.de/777.gif http://www.voov.de/777.gif http://www.wchat.cz/777.gif http://www.wg-aufbau-bautzen.de/777.gif http://www.wzhuate.com/777.gif http://zsnabreznaknm.sk/777.gif http://xotravel.ru/777.gif http://ilikesimple.com/777.gif http://yeniguntugla.com/777.gif 6.結束以下進程: "ashAvast.exe" "ashDisp.exe" "ashEnhcd.exe" "ashPopWz.exe" "ashSimpl.exe" "ashSkPck.exe" "ashWebSv.exe" "AUPDATE.EXE" "Avconsol.exe" "avgcc.exe" "avgemc.exe" "AVGNT.EXE" "AVSCHED32.EXE" "Avsynmgr.exe" "AVWUPD32.EXE" "bdmcon.exe" "bdnews.exe" "bdsubmit.exe" "bdswitch.exe" "cafix.exe" "ccApp.exe" "CCEVTMGR.EXE" "CCSETMGR.EXE" "ClamTray.exe" "ClamWin.exe" "CMGrdian.exe" "drwadins.exe" "drweb32w.exe" "drwebscd.exe" "drwebupw.exe" "freshclam.exe" "GUARDGUI.EXE" "GuardNT.exe" "INETUPD.EXE" "InocIT.exe" "InoUpTNG.exe" "isafe.exe" "KAV.exe" "kavmm.exe" "KAVPF.exe" "LUALL.EXE" "Luupdate.exe" "Mcshield.exe" "NAVAPSVC.EXE" "nod32.exe" "nod32kui.exe" "NPFMNTOR.EXE" "npfmsg.exe" "Nvcod.exe" "Nvcte.exe" "Nvcut.exe" "outpost.exe" "pccguide.exe" "PcCtlCom.exe" "QHPF.EXE" "Realmon.exe" "regedit.exe" "regedt32.exe" "RuLaunch.exe" "SNDSrvc.exe" "SPBBCSvc.exe" "spiderml.exe" "symlcsvc.exe" "Tmntsrv.exe" "TmPfw.exe" "tmproxy.exe" "Up2Date.exe" "upgrepl.exe" "Vba32ECM.exe" "Vba32ifs.exe" "vba32ldr.exe" "Vba32PP3.exe" "Vshwin32.exe" "VsStat.exe" "zatutor.exe" "zlclient.exe" "zonealarm.exe" "guardnt.sys" "filtnt.sys" avsvc.exe bdmcon.exe vsserv.exe bdnews.exe livesrv.exe mcupdate.exe frameworkservice.exe upgrader.exe apvxdwin.exe LuComServer_2_5.EXE lucomserver_2_6.exe drwebupw.exe nod32krn.exe 7.在被感染的機器上搜索以下的文件格式,查找郵件地址: .wab .txt .msg .htm .shtm .stm .xml .dbx .mbx .mdx .eml .nch .mmf .ods .cfg .asp .php .pl .wsh .adb .tbb .sht .xls .oft .uin .cgi .mht .dhtm .jsp 8.不向含有以下字符的郵件地址發送郵件: @hotmail @msn @microsoft rating@ f-secur news update anyone@ bugs@ contract@ feste gold-certs@ help@ info@ nobody@ noone@ kasp admin icrosoft support ntivi unix bsd linux listserv certific sopho @foo @iana free-av @messagelab winzip google winrar samples abuse panda cafee spam pgp @avp. noreply local root@ postmaster@
󰈣󰈤
王朝萬家燈火計劃
期待原創作者加盟
 
 
 
>>返回首頁<<
 
 
 
 
 熱帖排行
 
王朝網路微信公眾號
微信掃碼關註本站公眾號 wangchaonetcn
 
 
靜靜地坐在廢墟上,四周的荒凉一望無際,忽然覺得,淒涼也很美
© 2005- 王朝網路 版權所有