病毒名称(中文):
病毒别名:
威胁级别:
★☆☆☆☆
病毒类型:
蠕虫病毒
病毒长度:
15947
影响系统:
Win9xWinMeWinNTWin2000WinXPWin2003
病毒行为:
该病毒是一个邮件蠕虫病毒。该病毒会向一些知名网站群发带病毒的邮件。建议电脑用户不要随便打开来历不名的邮件,以免中毒受害。
1、生成的文件
%SystemRoot%\system32\wservice.exe(原病毒文件)
%原病毒所以在目录%\SPQ2x10.exe(Worm.Glowa.b.5707)
2、添加启动项
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
"UpdateService"="%SystemRoot%\system32\wservice.exe..."
3、该病毒运行后会将自身向系统盘的所有名录拷贝,拷贝的名称(*.t)和拷贝的数目随机,并将其设置为隐藏属性。
4、发送邮件的标题
ATTNTOEVERYBODY!
Whitehousenews!
READANDRESENDASAP!
Incrediblenews!
NEWS!
URGENTNEWS!
5、邮件内容
3rdGlogalWarJustStarted!!!Readmoreinfile!
PutinandBushstartsNUCLEARWAR!Checkthefile!
GLOBALNUCLEARWARJUSTSTARTED!Newsinfile.
NuclearWarinRussia!Readnewsinfile!
NuclearWARinUSA!Readattachedfile!
PresidentPutindead!Readmoreinattachedfile!
PresidentBushDEAD!Readattachedfile!
6、附件名
open.exe
truth.exe
war.exe
last.exe
aboutme.exe
a.exe
never.exe
latestnews.exe
readme.exe
7、结束下列名称程序
anti
viru
troja
avp
nav
rav
reged
nod32
spybot
zonea
vsmon
avg
blackice
firewall
msconfig
lockdown
f-pro
hijack
taskmgr
mcafee
8、收信人名单
Zenia
Zoe
Zilya
Xenia
Xylia
Xandra
Willa
Wendy
Vicky
Vivian
Violet
Valora
Vanessa
Valda
Ula
Uma
Sharon
Silver
Rosa
Ruby
Rita
RaeRachel
Queen
Peggy
Pamela
Olivia
Olga
Nicole
Naomi
NatalieNora
Nina
Nova
Nadia
Maia
Mary
Melody
Mimi
Myra
Linda
Lisa
Lolita
Lynn
Laura
Lara
Kara
Kassia
Kyle
Kali
Kacey
Katrina
Janet
Jewel
Joanna
Juliet
Julie
Ida
Idona
Isabel
Iris
Ivana
Ivory
Helga
Holly
Haley
Gloria
Gilda
Gale
Faith
Emily
Evelyn
EveErika
Eliza
Eden
Ebony
Donna
Dora
Doris
Diana
Danielle
Daria
Damita
Camille
Cara
Carla
Carmen
Clarissa
Chelsea
Caitlin
Bettina
Blenda
Bridget
Briana
Bella
Becky
Barbra
Aldora
Alysia
Amorita
Aretina
Ara
April
Anita