基本信息

病毒简介

病毒描述

基本信息

病毒名称： Worm.Ariss.c

类别： 蠕虫病毒

威胁级别：★★

中文名称：狂妄猎手

病毒类型：蠕虫

影响系统：Win9x / WinNT

清除方法：使用光华反病毒软件，彻底删除。

病毒简介

Worm.Ariss.c是一个通过邮件传播的蠕虫，病毒会破坏用户计算机的保护措施，如：关闭防火墙及常见的杀毒软件等，病毒禁用注册表编辑器，还有一些恶意行为，如：禁用开始菜单中的运行、隐藏硬盘分区、禁止用户进入windows 2000的MS－DOS方式、禁止显示“远程管理”等，为其他的病毒入侵做好了铺垫。对系统中一些不需要的服务进行关闭或删除。许多操作系统会安装一些辅助服务，这些服务为攻击者提供了方便，而对用户来说没有太多的用处，如果删除它们，就能大大减少被攻击的可能性。

病毒描述

1.生成文件：

IExplore.exe

MSLARISSA.pif

CmdPrompt32.pif

SP00Lsv32.pif

C:\\WINDOWS\\WinVBS.vbs

C:\\MESSAGE_TO_USER.txt

C:\\MESSAGE_TO_AVs.txt

C:\\MESSAGE_TO_BROPIA.txt

2.注册表：

增加键值:

HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run

MSLARISSA:MSLARISSA.pif

HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run

Command Prompt32：CmdPrompt32.pif

增加启动项，使病毒开机运行。

修改键值：

Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Sheelfol

设置病毒本身和IE的关联，做到一打开IE的同时病毒就被打开。

3.下载文件：mslarissac/WindowsSecurityUpdate.zip

4.生成文件C:\\MESSAGE_TO_USER.txt的内容

Greetz to infected user!I will survive,In this moment in time.'Your computer will crash,So, you will be mine.I will not crash,I will not f—a—i—l.S—o, i—n this moment in time,I will survive...

- LARISSA AUTHOR : 2-24-05

C:\\MESSAGE_TO_AVs.txt的内容

Greetz to AVs!

I wanna be in AV industry when I grow up :-)

LARISSA AUTHOR : 2-24-05

C:\\MESSAGE_TO_BROPIA.txt

Hey Bropia.. stop making MSN worms it',27h's stupid...... lol -- Larissa Anti Bropia... -- Saving the world from BROPIA!!!

- LARISSA AUTHOR : 2-24-05

5.邮件的内容为下面的随机一洌?

The message is located in the attachments.

The letter you requested is in the attachments.

Information attached.

Kindly read and reply to my LOVE LETTER in the attachments :-)

The documents you requested are in the attachments.

Info reguarding your Email account is in the attachments.

Dear Windows User Please download the windows update included in the attachmen

My letter is in the attachments.

Your email account is about to expire, please check the attachments for details.

6.邮件的随机主题

Re: Message

Re: Letter

Re: Information

I LOVE YOU

Re: Your Documents

Re: Account Info

Windows Update

Re: My Letter

Re: Docs

Re: Your Email Info

7.邮件附件的随机名称：

Message.exe

Letter.exe

Information.exe

LOVE_LETTER_FOR_YOU.exe

Documents.exe

Attached_Message.exe

Microsoft_Update.exe

Private_Letter.exe

Private_Document.exe

Important_Message.exe

8.把病毒自己复制到下面目录里面：

"b:"

"c:"

"d:"

"e:"

"f:"

"g:"

"h:"

"i:"

"j:"

"k:"

"l:"

"m:"

"n:"

"o:"

"q:"

"r:"

"s:"

"t:"

"u:"

"v:"

"w:"

"x:"

"y:"

"z:"

9.病毒会关闭一些保护软件，也会关闭一些病毒

"AGENTSVR.EXE"

"ANTI-TROJAN.EXE"

"ANTIVIRUS.EXE"

"ANTS.EXE"

"APIMONITOR.EXE"

"APLICA32.EXE"

"APVXDWIN.EXE"

"ATCON.EXE"

"ATGUARD.EXE"

"ATRO55EN.EXE"

"ATUPDATER.EXE"

"ATWATCH.EXE"

"ZAPRO.EXE"

"ZAPSETUP3001.EXE"

"ZATUTOR.EXE"

"ZAUINST.EXE"

"ZONALM2601.EXE"

"ZONEALARM.EXE"

"AUPDATE.EXE"

"AUTODOWN.EXE"

"AUTOTRACE.EXE"

"AUTOUPDATE.EXE"

"AVCONSOL.EXE"

"AVGSERV9.EXE"

"AVLTMAIN.EXE"

"AVPUPD.EXE"

"AVSYNMGR.EXE"

"AVWUPD32.EXE"

"AVXQUAR.EXE"

"AVprotect9x.exe"

"Au.exe"

"BD_PROFESSIONAL.EXE"....