简介

感染后果(本地计算机 网络)

简介

病毒别名：诺顿W32.Beagle.AZ@mm

处理时间：

威胁级别：★★★

中文名称：

病毒类型：蠕虫

影响系统：Win9x / WinNT

病毒行为:

该病毒为Beagle系列的一个新变种,它会疯狂的在用户系统中找邮件地址并发送带毒邮件到找到的邮件地址中.并该带毒邮件极具欺骗性,可能导致更多的用户感染该病毒.建议用户开启病毒防火墙来防止该病毒的感染.

感染后果

当用户感染该病毒时,它会在用户机器下作以下操作:

本地计算机

1. 删除注册表

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run

和

HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run

下的"My AV" "ICQ Net" 键值

2. 在系统目录下创建以下文件:

%System%\\sysformat.exe

%System%\\sysformat.exeopen

%System%\\sysformat.exeopenopen

3. 尝试查找并结束用户系统中的以下进程:

APVXDWIN.EXE

ATUPDATER.EXE

AUPDATE.EXE

AUTODOWN.EXE

AUTOTRACE.EXE

AUTOUPDATE.EXE

Avconsol.exe

AVENGINE.EXE

AVPUPD.EXE

Avsynmgr.exe

AVWUPD32.EXE

AVXQUAR.EXE

bawindo.exe

blackd.exe

ccApp.exe

ccEvtMgr.exe

ccProxy.exe

ccPxySvc.exe

CFIAUDIT.EXE

DefWatch.exe

DRWEBUPW.EXE

ESCANH95.EXE

ESCANHNT.EXE

FIREWALL.EXE

FrameworkService.exe

ICSSUPPNT.EXE

ICSUPP95.EXE

LUALL.EXE

LUCOMS~1.EXE

mcagent.exe

mcshield.exe

MCUPDATE.EXE

mcvsescn.exe

mcvsrte.exe

mcvsshld.exe

navapsvc.exe

navapw32.exe

NISUM.EXE

nopdb.exe

NPROTECT.EXE

NUPGRADE.EXE

OUTPOST.EXE

PavFires.exe

pavProxy.exe

pavsrv50.exe

Rtvscan.exe

RuLaunch.exe

SAVScan.exe

SHSTAT.EXE

SNDSrvc.exe

symlcsvc.exe

UPDATE.EXE

UpdaterUI.exe

Vshwin32.exe

VsStat.exe

VsTskMgr.exe

4. 查找系统中文件夹名中包含"shar"字符串的文件夹并自身复制到找到的目录下,文件名可能为以下字符串:

1.exe

2.exe

3.exe

4.exe

5.scr

6.exe

7.exe

8.exe

9.exe

10.exe

Ahead Nero 7.exe

Windown Longhorn Beta Leak.exe

Opera 8 New!.exe

XXX hardcore images.exe

WinAmp 6 New!.exe

WinAmp 5 Pro Keygen Crack Update.exe

Adobe Photoshop 9 full.exe

Matrix 3 Revolution English Subtitles.exe

ACDSee 9.exe

网络

1. 从以下扩展名的文件中搜索Email地址:

.adb

.asp

.cfg

.cgi

.dbx

.dhtm

.eml

.htm

.jsp

.mbx

.mdx

.mht

.mmf

.msg

.nch

.ods

.oft

.php

.pl

.sht

.shtm

.stm

.tbb

.txt

.uin

.wab

.wsh

.xls

.xml

2. 用自的SMTP引擎发送带毒邮件到上面找到的邮箱地址

该带毒邮件具有如下特征:

主题:(以下之一)

Delivery by mail

Delivery service mail

Is delivered mail

Registration is accepted

You are made active

正文:(以下之一)

Before use read the help

Thanks for use of our software.

附件文件名:(以下之一)

Jol03

guupd02

siupd02

upd02

viupd02

wsd01

zupd02

附件扩展名:(以下之一)

.com

.cpl

.exe

.scr

3. 该病毒不会将带毒邮件发送到包含以下字符串的邮箱中:

@avp.

@foo

@iana

@messagelab

@microsoft

abuse

admin

anyone@

bsd

bugs@

cafee

certific

contract@

f-secur

feste

free-av

gold-certs@

google

help@

icrosoft

info@

kasp

linux

listserv

local

news

nobody@

noone@

noreply

ntivi

panda

pgp

postmaster@

rating@

root@

samples

sopho

spam

support

unix

update

winrar

winzip

4. 尝试从以下网站上下载re_file.exe文件

www.24-7-transportation.com

www.DarrkSydebaby.com

www.FritoPie.NET

www.adhdtests.com

www.aegee.org

www.aimcenter.net

www.alupass.lu

www.amanit.ru

www.andara.com

www.angelartsanctuary.com

www.anthonyflanagan.com

www.approved1stmortgage.com

www.argontech.net

www.asianfestival.nl

www.atlantisteste.hpg.com.br

www.aviation-center.de

www.bbsh.org

www.bga-gsm.ru

www.boneheadmusic.com

www.bottombouncer.com

www.bradster.com

www.buddyboymusic.com

www.bueroservice-it.de

www.calderwoodinn.com

www.capri-frames.de

www.celula.com.mx

www.ceskyhosting.cz

www.chinasenfa.com

www.cntv.info

www.compsolutionstore.com

www.coolfreepages.com

www.corpsite.com

www.couponcapital.net

www.cpc.adv.br

www.crystalrose.ca

www.cscliberec.cz

www.curtmarsh.com

www.customloyal.com

www.deadrobot.com

www.dontbeaweekendparent.com

www.dragcar.com

www.ecofotos.com.br

www.elenalazar.com

www.ellarouge.com.au

www.esperanzaparalafamilia.com

www.eurostavba.sk

www.everett.wednet.edu

www.fcpages.com

www.featech.com

www.fepese.ufsc.br

www.firstnightoceancounty.org

www.flashcorp.com

www.fleigutaetscher.ch

www.fludir.is

www.freeservers.com

www.gamp.pl

www.gci-bln.de

www.gcnet.ru

www.generationnow.net

www.gfn.org

www.giantrevenue.com

www.glass.la

www.handsforhealth.com

www.hartacorporation.com

www.himpsi.org

www.idb-group.net

www.immonaut.sk

www.ims-i.com

www.innnewport.com

www.irakli.org

www.irinaswelt.de

www.jansenboiler.com

www.jasnet.pl

www.jhaforpresident.7p.com

www.jimvann.com

www.jldr.ca

www.justrepublicans.com

www.kencorbett.com

www.knicks.nl

www.kps4parents.com

www.kradtraining.de

www.kranenberg.de

www.lasermach.com

www.leonhendrix.com

www.magicbottle.com.tw

www.mass-i.kiev.ua

www.mepbisu.de

www.mepmh.de

www.metal.pl

www.mexis.com

www.mongolische-renner.de

www.mtfdesign.com

www.oboe-online.com

www.ohiolimo.com

www.onepositiveplace.org

www.oohlala-kirkland.com

www.orari.net

www.pankration.com

www.pe-sh.com

www.pfadfinder-leobersdorf.com

www.pipni.cz

www.polizeimotorrad.de

www.programmierung2000.de

www.pyrlandia-boogie.pl

www.raecoinc.com

www.realgps.com

www.redlightpictures.com

www.reliance-yachts.com

www.relocationflorida.com

www.rentalstation.com

www.rieraquadros.com.br

www.scanex-medical.fi

www.sea.bz.it

www.selu.edu

www.sigi.lu

www.sljinc.com

www.smacgreetings.com

www.soloconsulting.com

www.spadochron.pl

www.srg-neuburg.de

www.ssmifc.ca

www.sugardas.lt

www.sunassetholdings.com

www.szantomierz.art.pl

www.the-fabulous-lions.de

www.tivogoddess.com

www.tkd2xcell.com

www.topko.sk

www.transportation.gov.bh

www.travelchronic.de

www.traverse.com

www.uhcc.com

www.ulpiano.org

www.uslungiarue.it

www.vandermost.de

www.vbw.info

www.velezcourtesymanagement.com

www.velocityprint.com

www.vikingpc.pl

www.vinirforge.com

www.wecompete.com

www.worest.com.ar

www.woundedshepherds.com

www.wwwebad.com

www.wwwebmaster.com