| 導購 | 订阅 | 在线投稿
分享
 
 
 

Worm.Sixem.a

2008-08-14 22:50:14  編輯來源:互聯網  简体版  手機版  移動版  評論  字體: ||

病毒名稱(中文):

病毒別名:

威脅級別:

★☆☆☆☆

病毒類型:

蠕蟲病毒

病毒長度:

39904

影響系統:

Win9xWinMeWinNTWin2000WinXPWin2003

病毒行爲:

這是一個通過郵件傳播的蠕蟲病毒,該病毒會搜索被感染機器上的郵件地址並且把自己發送出去,會嘗試下載該蠕蟲的其他變種。

1.生成互斥變量:

「dezas」

2.生成文件:

%System%\msctools.exe

%System%\cats2.jpg

3.添加注冊表起始項,使病毒開機運行:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

nsdevice

msctools.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

nsdevice

msctools.exe

4.添加服務:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

nsdevice

msctools.exe

5.添加注冊表項:

HKCU\Software\Microsoft\Windows\CurrentVersion\Url

mls

6.修改以下注冊表項:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System

DisableTaskMgr

"0"

HKLM\SOFTWARE\Microsoft\SecurityCenter

FirewallOverride

dword:00000001

HKLM\SOFTWARE\Microsoft\SecurityCenter

FirewallDisableNotify

dword:00000001

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL

dnk

HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile

EnableFirewall

dword:00000000

HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile

EnableFirewall

dword:00000000

7.從下面的網站下載病毒:

http://couplesexxx.com/XXX/dianaimg.exe

8.結束以下進程:

_AVP32.EXE

_AVPCC.EXE

_AVPM.EXE

AVP32.EXE

AVPCC.EXE

AVPM.EXE

AVP.EXE

iamapp.exe

iamserv.exe

FRW.EXE

blackice.exe

blackd.exe

zonealarm.exe

vsmon.exe

VSHWIN32.EXE

VSECOMR.EXE

WEBSCANX.EXE

AVCONSOL.EXE

VSSTAT.EXE

OUTPOST.EXE

REGEDIT.EXE

NETSTAT.EXE

TASKMGR.EXE

MSCONFIG.EXE

NAVAPW32.EXE

NAVW32.EXE

UPDATE.EXE

9.搜索以下文件後綴的文件,來獲取郵件地址:

.wab

.adb

.msg

.dbx

.mbx

.mdx

.eml

.nch

.txt

.tbb

.html

.htm

.xml

.doc

.rtf

.xls

.sht

.oft

.not

10.發送郵件:

發件人爲以下任意一個:

hotnews@cnn.com

kellyjast@hotmail.com

lindasal@gmail.com

mr.robs@yahoo.com

newsreader@hotmail.com

todaynews@cnn.com

主題爲以下任意一個:

Soccerfanskilledfiveteens

Crazysoccerfans

PleasereplymeTomas

Mytricksforyou

NakedWorldCupgameset

Mysisterwhores,shitidontknow

郵件內容爲以下任意一個:

Soccerfanskilledfiveteens,watchwhattheymakeonphotos.Pleasereportonthisallwhoknow.

Crazysoccerfanskilledtwoteens,watchwhattheymakeonphotos.Pleasereportonthisallwhoknow.

HaloMarkus,isentmynudepics.Pleasereplymewithyounudephotos;).BestregardYouSweetKitty

IwaityouphotosfromNewYork.Isentmypicswhereinakedforyou.Pleasereplyme.LindaSalivan

Nudistsareorganisingtheirowntributetotheworldcup,bystagingtheirownnudesoccergame,thoughitisnotclearhowtheteamswilltelleachotherapart.Goodphotos;)

EmilyCarrwasanartistknownforherprudery,butnowthePortraitGalleryofCanadahasacquiredanudeself-portrait.Viewphotos.

附件名爲以下任意一個:

soccer_fans.jpg.exe

soccer_pics.jpg.exe

kelly_nude_imgs.jpg.exe

linda_bigtit.gif.exe

soccer_nudist.bmp.exe

emily_selfphoto.jpg.exe

病毒名稱(中文): 病毒別名: 威脅級別: ★☆☆☆☆ 病毒類型: 蠕蟲病毒 病毒長度: 39904 影響系統: Win9xWinMeWinNTWin2000WinXPWin2003 病毒行爲: 這是一個通過郵件傳播的蠕蟲病毒,該病毒會搜索被感染機器上的郵件地址並且把自己發送出去,會嘗試下載該蠕蟲的其他變種。 1.生成互斥變量: 「dezas」 2.生成文件: %System%\msctools.exe %System%\cats2.jpg 3.添加注冊表起始項,使病毒開機運行: HKCU\Software\Microsoft\Windows\CurrentVersion\Run nsdevice msctools.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Run nsdevice msctools.exe 4.添加服務: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices nsdevice msctools.exe 5.添加注冊表項: HKCU\Software\Microsoft\Windows\CurrentVersion\Url mls 6.修改以下注冊表項: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System DisableTaskMgr "0" HKLM\SOFTWARE\Microsoft\SecurityCenter FirewallOverride dword:00000001 HKLM\SOFTWARE\Microsoft\SecurityCenter FirewallDisableNotify dword:00000001 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL dnk HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile EnableFirewall dword:00000000 HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile EnableFirewall dword:00000000 7.從下面的網站下載病毒: http://couplesexxx.com/XXX/dianaimg.exe 8.結束以下進程: _AVP32.EXE _AVPCC.EXE _AVPM.EXE AVP32.EXE AVPCC.EXE AVPM.EXE AVP.EXE iamapp.exe iamserv.exe FRW.EXE blackice.exe blackd.exe zonealarm.exe vsmon.exe VSHWIN32.EXE VSECOMR.EXE WEBSCANX.EXE AVCONSOL.EXE VSSTAT.EXE OUTPOST.EXE REGEDIT.EXE NETSTAT.EXE TASKMGR.EXE MSCONFIG.EXE NAVAPW32.EXE NAVW32.EXE UPDATE.EXE 9.搜索以下文件後綴的文件,來獲取郵件地址: .wab .adb .msg .dbx .mbx .mdx .eml .nch .txt .tbb .html .htm .xml .doc .rtf .xls .sht .oft .not 10.發送郵件: 發件人爲以下任意一個: hotnews@cnn.com kellyjast@hotmail.com lindasal@gmail.com mr.robs@yahoo.com newsreader@hotmail.com todaynews@cnn.com 主題爲以下任意一個: Soccerfanskilledfiveteens Crazysoccerfans PleasereplymeTomas Mytricksforyou NakedWorldCupgameset Mysisterwhores,shitidontknow 郵件內容爲以下任意一個: Soccerfanskilledfiveteens,watchwhattheymakeonphotos.Pleasereportonthisallwhoknow. Crazysoccerfanskilledtwoteens,watchwhattheymakeonphotos.Pleasereportonthisallwhoknow. HaloMarkus,isentmynudepics.Pleasereplymewithyounudephotos;).BestregardYouSweetKitty IwaityouphotosfromNewYork.Isentmypicswhereinakedforyou.Pleasereplyme.LindaSalivan Nudistsareorganisingtheirowntributetotheworldcup,bystagingtheirownnudesoccergame,thoughitisnotclearhowtheteamswilltelleachotherapart.Goodphotos;) EmilyCarrwasanartistknownforherprudery,butnowthePortraitGalleryofCanadahasacquiredanudeself-portrait.Viewphotos. 附件名爲以下任意一個: soccer_fans.jpg.exe soccer_pics.jpg.exe kelly_nude_imgs.jpg.exe linda_bigtit.gif.exe soccer_nudist.bmp.exe emily_selfphoto.jpg.exe
󰈣󰈤
王朝萬家燈火計劃
期待原創作者加盟
 
 
 
>>返回首頁<<
 
 
 
 
 熱帖排行
 
王朝網路微信公眾號
微信掃碼關註本站公眾號 wangchaonetcn
 
 
靜靜地坐在廢墟上,四周的荒凉一望無際,忽然覺得,淒涼也很美
© 2005- 王朝網路 版權所有