请输入您要查询的百科知识:

 

词条 Worm.Beagle.cs
释义

Worm.Beagle.c

病毒别名:

处理时间:2005-09-13

威胁级别:★

中文名称:恶鹰

病毒类型:蠕虫

影响系统:Win 9x/ME,Win 2000/NT,Win XP,Win 2003

病毒行为

该病毒是恶鹰病毒的一个加载器。该病毒运行时,会释放随机生成病毒名的恶鹰病毒,然后执行恶鹰,释放文件%system%\\winshost.exe和%system%\\wiwshost,并执行。添加注册表启动项,使能开机运行。该病毒会关闭大量杀毒软件及升级程序,更改大量安全软件的名字,删除大量安全软件的启动项,达到使安全软件崩溃的目的。然后下载另一个病毒文件,使能够通过邮件传播。

1,生成文件

%windows%\\随机文件名.exe

%system%\\winshost.exe

%system%\\wiwshost.exe

2,添加注册表

HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run

"winshost.exe" = "%system%\\winshost.exe"

HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run

"winshost.exe" = "%system%\\winshost.exe"

3,删除注册表

HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run

"Symantec NetDriver Monitor"

HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run

"ccApp"

HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run

"NAV CfgWiz"

HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run

"SSC_UserPrompt"

HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run

"McAfee Guardian"

HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run

"McAfee.InstantUpdate.Monitor"

HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run

"APVXDWIN"

HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run

"KAV50"

HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run

"avg7_cc"

HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run

"avg7_emc"

HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run

"Zone Labs Client"

HKLM\\SOFTWARE\\Symantec

HKLM\\SOFTWARE\\McAfee

HKLM\\SOFTWARE\\KasperskyLab

HKLM\\SOFTWARE\\Agnitum

HKLM\\SOFTWARE\\Panda Software

HKLM\\SOFTWARE\\Zone Labs

4,阻止服务

wuauserv

PAVSRV

PAVFNSVR

PSIMSVC

Pavkre

PavProt

PREVSRV

PavPrSrv

SharedAccess

navapsvc

NPFMntor

Outpost Firewall

SAVScan

SBService

Symantec Core LC

ccEvtMgr

SNDSrvc

ccPwdSvc

ccSetMgr.exe

SPBBCSvc

KLBLMain

avg7alrt

avg7updsvc

vsmon

CAISafe

avpcc

fsbwsys

backweb client - 4476822

backweb client-4476822

fsdfwd

F-Secure Gatekeeper Handler Starter

FSMA

KAVMonitorService

navapsvc

NProtectService

Norton Antivirus Server

VexiraAntivirus

dvpinit

dvpapi

schscnt

BackWeb Client - 7681197

F-Secure Gatekeeper Handler Starter

FSMA

AVPCC

KAVMonitorService

Norman NJeeves

NVCScheduler

nvcoas

Norman ZANDA

PASSRV

SweepNet

SWEEPSRV.SYS

NOD32ControlCenter

NOD32Service

PCCPFW

Tmntsrv

AvxIni

XCOMM

ravmon8

SmcService

BlackICE

PersFW

McAfee Firewall

OutpostFirewall

NWService

alerter

sharedaccess

NISUM

NISSERV

vsmon

nwclnth

nwclntg

nwclnte

nwclntf

nwclntd

nwclntc

wuauserv

navapsvc

Symantec Core LC

SAVScan

kavsvc

DefWatch

Symantec AntiVirus Client

NSCTOP

Symantec Core LC

SAVScan

SAVFMSE

ccEvtMgr

navapsvc

ccSetMgr

VisNetic AntiVirus Plug-in

McShield

AlertManger

McAfeeFramework

AVExch32Service

AVUPDService

McTaskManager

Network Associates Log Service

Outbreak Manager

MCVSRte

mcupdmgr.exe

AvgServ

AvgCore

AvgFsh

awhost32

Ahnlab task Scheduler

MonSvcNT

V3MonNT

V3MonSvc

FSDFWD

5,改名文件

CCSETMGR.EXE

CCEVTMGR.EXE

NAVAPSVC.EXE

NPFMNTOR.EXE

symlcsvc.exe

SPBBCSvc.exe

SNDSrvc.exe

ccApp.exe

ccl30.dll

ccvrtrst.dll

LUALL.EXE

AUPDATE.EXE

Luupdate.exe

LUINSDLL.DLL

RuLaunch.exe

CMGrdian.exe

Mcshield.exe

outpost.exe

Avconsol.exe

Vshwin32.exe

VsStat.exe

Avsynmgr.exe

kavmm.exe

Up2Date.exe

KAV.exe

avgcc.exe

avgemc.exe

zonealarm.exe

zatutor.exe

zlavscan.dll

zlclient.exe

isafe.exe

cafix.exe

vsvault.dll

av.dll

vetredir.dll

分别改名为

C1CSETMGR.EXE

CC1EVTMGR.EXE

NAV1APSVC.EXE

NPFM1NTOR.EXE

s1ymlcsvc.exe

SP1BBCSvc.exe

SND1Srvc.exe

ccA1pp.exe

cc1l30.dll

ccv1rtrst.dll

LUAL1L.EXE

AUPD1ATE.EXE

Luup1date.exe

LUI1NSDLL.DLL

RuLa1unch.exe

CM1Grdian.exe

Mcsh1ield.exe

outp1ost.exe

Avc1onsol.exe

Vshw1in32.exe

Vs1Stat.exe

Av1synmgr.exe

kav12mm.exe

Up222Date.exe

K2A2V.exe

avgc3c.exe

avg23emc.exe

zonealarm.exe

zatutor.exe

zlavscan.dll

zo3nealarm.exe

zatu6tor.exe

zl5avscan.dll

zlcli6ent.exe

is5a6fe.exe

c6a5fix.exe

vs6va5ult.dll

a5v.dll

ve6tre5dir.dll

6,结束进程

NUPGRADE.EXE

MCUPDATE.EXE

ATUPDATER.EXE

AUPDATE.EXE

AUTOTRACE.EXE

AUTOUPDATE.EXE

FIREWALL.EXE

ATUPDATER.EXE

LUALL.EXE

DRWEBUPW.EXE

AUTODOWN.EXE

NUPGRADE.EXE

OUTPOST.EXE

ICSSUPPNT.EXE

ICSUPP95.EXE

ESCANH95.EXE

AVXQUAR.EXE

ESCANHNT.EXE

UPGRADER.EXE

AVXQUAR.EXE

AVWUPD32.EXE

AVPUPD.EXE

CFIAUDIT.EXE

UPDATE.EXE

7,从大量网址下载名为osa5.gif的病毒,保存到本地_re_file.exe执行,用来传播病毒
随便看

 

百科全书收录4421916条中文百科知识,基本涵盖了大多数领域的百科知识,是一部内容开放、自由的电子版百科全书。

 

Copyright © 2004-2023 Cnenc.net All Rights Reserved
更新时间:2025/2/26 7:14:39