病毒别名：

处理时间：

威胁级别：★★

中文名称：

病毒类型：木马

影响系统：Win9x/Win2000/WinXP/Win2003病毒行为:

编写工具： VB6

传染条件:

发作条件:

系统修改:

释放文件到 %System%author.exe 和 c:explorer.exe

添加注册表：

HKEY_CLASSES_ROOTdocfileshellopencommand

"C:WINDOWSSYSTEM32AUTHOR.exe %1"

HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun

author "C:WINDOWSSYSTEM32AUTHOR.exe"

HKEY_LOCAL_MACHINESoftwareCLASSESdocfileshellopencommand

"C:WINDOWSSYSTEM32AUTHOR.exe %1"

修改文件关联：

HKEY_CLASSES_ROOTdocfile

HKEY_CLASSES_ROOTdocfileshell

HKEY_CLASSES_ROOTdocfileshellopen

HKEY_LOCAL_MACHINESoftwareCLASSESdocfile

HKEY_LOCAL_MACHINESoftwareCLASSESdocfileshell

HKEY_LOCAL_MACHINESoftwareCLASSESdocfileshellopen

HKEY_CLASSES_ROOT xtfileshellopencommand

"C:WINDOWSNOTEPAD.EXE %1" "C:WINDOWSSYSTEM32AUTHOR.exe %1"

HKEY_CLASSES_ROOTexefileshellopencommand

""%1" %*" "C:WINDOWSSYSTEM32AUTHOR.exe %1"

HKEY_CLASSES_ROOT

egfileshellopencommand

"regedit.exe "%1"" "C:WINDOWSSYSTEM32AUTHOR.exe %1"

HKEY_CLASSES_ROOTcomfileshellopencommand

""%1" %*" "C:WINDOWSSYSTEM32AUTHOR.exe %1"

HKEY_LOCAL_MACHINESoftwareCLASSES xtfileshellopencommand

"C:WINDOWSNOTEPAD.EXE %1" "C:WINDOWSSYSTEM32AUTHOR.exe %1"

HKEY_LOCAL_MACHINESoftwareCLASSESexefileshellopencommand

""%1" %*" "C:WINDOWSSYSTEM32AUTHOR.exe %1"

HKEY_LOCAL_MACHINESoftwareCLASSES

egfileshellopencommand

"regedit.exe "%1"" "C:WINDOWSSYSTEM32AUTHOR.exe %1"

HKEY_LOCAL_MACHINESoftwareCLASSEScomfileshellopencommand

""%1" %*" "C:WINDOWSSYSTEM32AUTHOR.exe %1"

发作现象:

弹出对话框“您好：感谢您下载软件并运行了他，我们会常常见面的，不信？？后会有期！”，当结束时打开资源管理器，多个进程运行。

特别说明: