“Worm.Aimes.a”的意思、由来-中文百科全书

病毒别名：IM-Worm.Win32.Aimes.a[AVP],IM-Worm.Win32.Aimes.a[RS]

处理时间：

威胁级别：★★

中文名称：

病毒类型：蠕虫

影响系统：Win9x / WinNT

病毒行为:

这是一个通过AOL Instant Messenger和电子邮件传播的蠕虫病毒。该病毒会禁止用户使用任务管理器和注册表编辑器，关闭Windows的自动更新功能，强行终止某些进程，从网络上下载病毒到本地机器，试图将自己拷贝到软盘驱动器A中，向AOL Instant Messenger联系人发送一条消息诱骗该联系人打开附件，从Outlook地址薄里面收集邮件地址并将病毒做为附件发送给这些邮件接收者，最后将机器设置成休眠状态。

1)病毒运行时释放下列文件：

%SystemRoot%\\Msvbdll.pif

%SystemRoot%\\msVBdll.exe

%ProgramFiles%\\Sony\\VAIO Action Setup\\MsVBdll32.exe

%UserProfile%\\Start Menu\\Programs\\Startup\\msVBdll.exe

2)添加启动项：

HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run

HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run

"MsVBdll" = "%SystemRoot%\\MsVBdll.pif"

3)禁止通过Windows安全中心的防火墙、反病毒、更新通知

HKEY_CURRENT_USER\\Software\\Microsoft\\security center

HKEY_LOCAL_MACHINE\\Software\\Microsoft\\security center

"FirewallDisableNotify" = "1"

"UpdatesDisableNotify" = "1"

"AntiVirusDisableNotify" = "1"

4)禁止使用任务管理器和注册表编辑器

HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System

"DisableTaskMgr" = "1"

"DisableRegistryTools" = "1"

5)禁止Windows自动更新

HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU

"NoAutoUpdate" = "1"

6)删除以下键值

HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Run

"Windows" = "Auto Update.exe"

7)显示下面的某一个对话框

标题: "Blow Me"

内容: "Hello Windows has suffered from a serious error, it may never recover unless you perform oral sec on the cd drive"

标题: "Disgusting"

内容: "You are viewing this message because someone in the house is homosexual"

8)打开AOL Instant Messenger并向联系人发送消息"Hey whats up!! look what I did to my hair...lol!!"和附件%SystemRoot%\\picture.pif

9)从网上下载文件到C:\\Fix_SP2.zip

10)从Outlook地址薄里面收集邮件地址并将病毒做为附件发送给这些邮件接收者

邮件主题：Service Pack 2 BUG!!

邮件正文：

Dear user I have been informed that there was a BUG in Windows Service Pack 2 which was fixed I recommend you to download this Patch version which will fix the bug and keep your system safe.

You will find the Patch file in the attachment, feal free to send it to anyone.

I'll be in touch with you as soon as another bug is found.

Regards,

A.H

附件：C:\\Fix_SP2.zip

11)强行终止以下2个进程：

svchost.exe

lsass.exe

12)将机器设置为休眠状态，并试图将自己拷贝到A:\\homework.exe，如果驱动器A不可用，就显示"Run-time error '71': Disk not ready"。

词条	Worm.Aimes.a
释义	病毒别名：IM-Worm.Win32.Aimes.a[AVP],IM-Worm.Win32.Aimes.a[RS] 处理时间：威胁级别：★★ 中文名称：病毒类型：蠕虫影响系统：Win9x / WinNT 病毒行为: 这是一个通过AOL Instant Messenger和电子邮件传播的蠕虫病毒。该病毒会禁止用户使用任务管理器和注册表编辑器，关闭Windows的自动更新功能，强行终止某些进程，从网络上下载病毒到本地机器，试图将自己拷贝到软盘驱动器A中，向AOL Instant Messenger联系人发送一条消息诱骗该联系人打开附件，从Outlook地址薄里面收集邮件地址并将病毒做为附件发送给这些邮件接收者，最后将机器设置成休眠状态。 1)病毒运行时释放下列文件： %SystemRoot%\\Msvbdll.pif %SystemRoot%\\msVBdll.exe %ProgramFiles%\\Sony\\VAIO Action Setup\\MsVBdll32.exe %UserProfile%\\Start Menu\\Programs\\Startup\\msVBdll.exe 2)添加启动项： HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run "MsVBdll" = "%SystemRoot%\\MsVBdll.pif" 3)禁止通过Windows安全中心的防火墙、反病毒、更新通知 HKEY_CURRENT_USER\\Software\\Microsoft\\security center HKEY_LOCAL_MACHINE\\Software\\Microsoft\\security center "FirewallDisableNotify" = "1" "UpdatesDisableNotify" = "1" "AntiVirusDisableNotify" = "1" 4)禁止使用任务管理器和注册表编辑器 HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System "DisableTaskMgr" = "1" "DisableRegistryTools" = "1" 5)禁止Windows自动更新 HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU "NoAutoUpdate" = "1" 6)删除以下键值 HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Run "Windows" = "Auto Update.exe" 7)显示下面的某一个对话框标题: "Blow Me" 内容: "Hello Windows has suffered from a serious error, it may never recover unless you perform oral sec on the cd drive" 标题: "Disgusting" 内容: "You are viewing this message because someone in the house is homosexual" 8)打开AOL Instant Messenger并向联系人发送消息"Hey whats up!! look what I did to my hair...lol!!"和附件%SystemRoot%\\picture.pif 9)从网上下载文件到C:\\Fix_SP2.zip 10)从Outlook地址薄里面收集邮件地址并将病毒做为附件发送给这些邮件接收者邮件主题：Service Pack 2 BUG!! 邮件正文： Dear user I have been informed that there was a BUG in Windows Service Pack 2 which was fixed I recommend you to download this Patch version which will fix the bug and keep your system safe. You will find the Patch file in the attachment, feal free to send it to anyone. I'll be in touch with you as soon as another bug is found. Regards, A.H 附件：C:\\Fix_SP2.zip 11)强行终止以下2个进程： svchost.exe lsass.exe 12)将机器设置为休眠状态，并试图将自己拷贝到A:\\homework.exe，如果驱动器A不可用，就显示"Run-time error '71': Disk not ready"。
随便看	猫的礼物猫的冒险猫的梦想猫的森林猫的上帝猫的生活猫的摇篮猫的哲学：我们这个时代的寓言猫帝国猫典猫蝶富贵猫蝶图猫冬猫冬游猫洞苗族仡佬族乡猫洞乡猫豆猫哆哩猫哆哩酸角果派猫躲躲猫儿猫儿堡村猫儿刺猫儿盖屎猫儿菊