| 導購 | 订阅 | 在线投稿
分享
 
 
 

Worm.Sixem.a

2008-08-14 22:50:14  編輯來源:互聯網  简体版  手機版  評論  字體: ||
 
  病毒名稱(中文):
  
  病毒別名:
  
  
  威脅級別:
  ★☆☆☆☆
  病毒類型:
  蠕蟲病毒
  病毒長度:
  39904
  影響系統:
  Win9xWinMeWinNTWin2000WinXPWin2003
  
  病毒行爲:
  這是一個通過郵件傳播的蠕蟲病毒,該病毒會搜索被感染機器上的郵件地址並且把自己發送出去,會嘗試下載該蠕蟲的其他變種。
  1.生成互斥變量:
  「dezas」
  2.生成文件:
  %System%\msctools.exe
  %System%\cats2.jpg
  3.添加注冊表起始項,使病毒開機運行:
  HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  nsdevice
  msctools.exe
  HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  nsdevice
  msctools.exe
  4.添加服務:
  HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
  nsdevice
  msctools.exe
  5.添加注冊表項:
  HKCU\Software\Microsoft\Windows\CurrentVersion\Url
  mls
  6.修改以下注冊表項:
  HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
  DisableTaskMgr
  "0"
  HKLM\SOFTWARE\Microsoft\SecurityCenter
  FirewallOverride
  dword:00000001
  HKLM\SOFTWARE\Microsoft\SecurityCenter
  FirewallDisableNotify
  dword:00000001
  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL
  dnk
  HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
  EnableFirewall
  dword:00000000
  HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile
  EnableFirewall
  dword:00000000
  7.從下面的網站下載病毒:
  http://couplesexxx.com/XXX/dianaimg.exe
  8.結束以下進程:
  _AVP32.EXE
  _AVPCC.EXE
  _AVPM.EXE
  AVP32.EXE
  AVPCC.EXE
  AVPM.EXE
  AVP.EXE
  iamapp.exe
  iamserv.exe
  FRW.EXE
  blackice.exe
  blackd.exe
  zonealarm.exe
  vsmon.exe
  VSHWIN32.EXE
  VSECOMR.EXE
  WEBSCANX.EXE
  AVCONSOL.EXE
  VSSTAT.EXE
  OUTPOST.EXE
  REGEDIT.EXE
  NETSTAT.EXE
  TASKMGR.EXE
  MSCONFIG.EXE
  NAVAPW32.EXE
  NAVW32.EXE
  UPDATE.EXE
  9.搜索以下文件後綴的文件,來獲取郵件地址:
  .wab
  .adb
  .msg
  .dbx
  .mbx
  .mdx
  .eml
  .nch
  .txt
  .tbb
  .html
  .htm
  .xml
  .doc
  .rtf
  .xls
  .sht
  .oft
  .not
  10.發送郵件:
  發件人爲以下任意一個:
  hotnews@cnn.com
  kellyjast@hotmail.com
  lindasal@gmail.com
  mr.robs@yahoo.com
  newsreader@hotmail.com
  todaynews@cnn.com
  主題爲以下任意一個:
  Soccerfanskilledfiveteens
  Crazysoccerfans
  PleasereplymeTomas
  Mytricksforyou
  NakedWorldCupgameset
  Mysisterwhores,shitidontknow
  郵件內容爲以下任意一個:
  Soccerfanskilledfiveteens,watchwhattheymakeonphotos.Pleasereportonthisallwhoknow.
  Crazysoccerfanskilledtwoteens,watchwhattheymakeonphotos.Pleasereportonthisallwhoknow.
  HaloMarkus,isentmynudepics.Pleasereplymewithyounudephotos;).BestregardYouSweetKitty
  IwaityouphotosfromNewYork.Isentmypicswhereinakedforyou.Pleasereplyme.LindaSalivan
  Nudistsareorganisingtheirowntributetotheworldcup,bystagingtheirownnudesoccergame,thoughitisnotclearhowtheteamswilltelleachotherapart.Goodphotos;)
  EmilyCarrwasanartistknownforherprudery,butnowthePortraitGalleryofCanadahasacquiredanudeself-portrait.Viewphotos.
  附件名爲以下任意一個:
  soccer_fans.jpg.exe
  soccer_pics.jpg.exe
  kelly_nude_imgs.jpg.exe
  linda_bigtit.gif.exe
  soccer_nudist.bmp.exe
  emily_selfphoto.jpg.exe
 
病毒名稱(中文): 病毒別名: 威脅級別: ★☆☆☆☆ 病毒類型: 蠕蟲病毒 病毒長度: 39904 影響系統: Win9xWinMeWinNTWin2000WinXPWin2003 病毒行爲: 這是一個通過郵件傳播的蠕蟲病毒,該病毒會搜索被感染機器上的郵件地址並且把自己發送出去,會嘗試下載該蠕蟲的其他變種。 1.生成互斥變量: 「dezas」 2.生成文件: %System%\msctools.exe %System%\cats2.jpg 3.添加注冊表起始項,使病毒開機運行: HKCU\Software\Microsoft\Windows\CurrentVersion\Run nsdevice msctools.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Run nsdevice msctools.exe 4.添加服務: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices nsdevice msctools.exe 5.添加注冊表項: HKCU\Software\Microsoft\Windows\CurrentVersion\Url mls 6.修改以下注冊表項: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System DisableTaskMgr "0" HKLM\SOFTWARE\Microsoft\SecurityCenter FirewallOverride dword:00000001 HKLM\SOFTWARE\Microsoft\SecurityCenter FirewallDisableNotify dword:00000001 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL dnk HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile EnableFirewall dword:00000000 HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile EnableFirewall dword:00000000 7.從下面的網站下載病毒: http://couplesexxx.com/XXX/dianaimg.exe 8.結束以下進程: _AVP32.EXE _AVPCC.EXE _AVPM.EXE AVP32.EXE AVPCC.EXE AVPM.EXE AVP.EXE iamapp.exe iamserv.exe FRW.EXE blackice.exe blackd.exe zonealarm.exe vsmon.exe VSHWIN32.EXE VSECOMR.EXE WEBSCANX.EXE AVCONSOL.EXE VSSTAT.EXE OUTPOST.EXE REGEDIT.EXE NETSTAT.EXE TASKMGR.EXE MSCONFIG.EXE NAVAPW32.EXE NAVW32.EXE UPDATE.EXE 9.搜索以下文件後綴的文件,來獲取郵件地址: .wab .adb .msg .dbx .mbx .mdx .eml .nch .txt .tbb .html .htm .xml .doc .rtf .xls .sht .oft .not 10.發送郵件: 發件人爲以下任意一個: hotnews@cnn.com kellyjast@hotmail.com lindasal@gmail.com mr.robs@yahoo.com newsreader@hotmail.com todaynews@cnn.com 主題爲以下任意一個: Soccerfanskilledfiveteens Crazysoccerfans PleasereplymeTomas Mytricksforyou NakedWorldCupgameset Mysisterwhores,shitidontknow 郵件內容爲以下任意一個: Soccerfanskilledfiveteens,watchwhattheymakeonphotos.Pleasereportonthisallwhoknow. Crazysoccerfanskilledtwoteens,watchwhattheymakeonphotos.Pleasereportonthisallwhoknow. HaloMarkus,isentmynudepics.Pleasereplymewithyounudephotos;).BestregardYouSweetKitty IwaityouphotosfromNewYork.Isentmypicswhereinakedforyou.Pleasereplyme.LindaSalivan Nudistsareorganisingtheirowntributetotheworldcup,bystagingtheirownnudesoccergame,thoughitisnotclearhowtheteamswilltelleachotherapart.Goodphotos;) EmilyCarrwasanartistknownforherprudery,butnowthePortraitGalleryofCanadahasacquiredanudeself-portrait.Viewphotos. 附件名爲以下任意一個: soccer_fans.jpg.exe soccer_pics.jpg.exe kelly_nude_imgs.jpg.exe linda_bigtit.gif.exe soccer_nudist.bmp.exe emily_selfphoto.jpg.exe
󰈣󰈤
 
 
 
>>返回首頁<<
 
 
 
 
 熱帖排行
 
王朝網路微信公眾號
微信掃碼關註本站公眾號 wangchaonetcn
 
  免責聲明:本文僅代表作者個人觀點,與王朝網絡無關。王朝網絡登載此文出於傳遞更多信息之目的,並不意味著贊同其觀點或證實其描述,其原創性以及文中陳述文字和內容未經本站證實,對本文以及其中全部或者部分內容、文字的真實性、完整性、及時性本站不作任何保證或承諾,請讀者僅作參考,並請自行核實相關內容。
 
© 2005- 王朝網路 版權所有