请输入您要查询的百科知识:

 

词条 Worm.MSNLoveme.e
释义

该病毒为性感鸡变种E,它通过MSN和网络共享目录传播自身。当用户感染该病毒后,该病毒会修改hosts文件,使众多安全及反病毒公司网站重定向一个固定的IP,导致无法正常这此公司的网站;结束常用的反病毒软件进程;禁止运行一些系统程序(如:任务管理器,msconfig.exe等),严重影响用户的正常工作.

基本信息

病毒别名:

处理时间:2005-03-07

威胁级别:★★★

中文名称:性感鸡变种E

病毒类型:蠕虫

影响系统:Win9x / WinNT

行为分析

1.复制自身到系统目录%System32%下:

serbw.exe

formatsys.exe

2.复制自身到%SystemRoot%下:

msmbw.exe

3.在系统盘根目录下创建以下文件:

Crazy-Frog.Html

lspt.exe

Crazy frog gets killed by train!.pif

Annoying crazy frog getting killed.pif

See my lesbian friends.pif

LOL that ur pic!.pif

My new photo!.pif

Me on holiday!.pif

The Cat And The Fan piccy.pif

How a Blonde Eats a Banana...pif

Mona Lisa Wants Her Smile Back.pif

Topless in Mini Skirt! lol.pif

Fat Elvis! lol.pif

Jennifer Lopez.scr

Message to n00b LARISSA.txt

4.修改注册表使自身随计算机启而自动运行

 在以下注册表项:

HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run

HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServices

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer\\Run

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run

添加(随机):

serpe = "%System32%\\serbw.exe"

ltwob = "%System32%\\formatsys.exe"

avnort = "%SystemRoot%\\msmbw.exe"

5.修改hosts文件,使众多安全及反病毒公司网站重定向一个固定的IP,导致无法正常下列公司的网站:

 64.233.167.104 www.symantec.com

64.233.167.104 www.sophos.com

64.233.167.104 www.mcafee.com

64.233.167.104 www.viruslist.com

64.233.167.104 www.f-secure.com

64.233.167.104 www.avp.com

64.233.167.104 www.kaspersky.com

64.233.167.104 www.networkassociates.com

64.233.167.104 www.ca.com

64.233.167.104 www.my-etrust.com

64.233.167.104 www.nai.com

64.233.167.104 www.trendmicro.com

64.233.167.104 www.grisoft.com

64.233.167.104 securityresponse.symantec.com

64.233.167.104 symantec.com

64.233.167.104 sophos.com

64.233.167.104 mcafee.com

64.233.167.104 liveupdate.symantecliveupdate.com

64.233.167.104 viruslist.com

64.233.167.104 f-secure.com

64.233.167.104 kaspersky.com

64.233.167.104 kaspersky-labs.com

64.233.167.104 avp.com

64.233.167.104 networkassociates.com

64.233.167.104 ca.com

64.233.167.104 mast.mcafee.com

64.233.167.104 my-etrust.com

64.233.167.104 download.mcafee.com

64.233.167.104 dispatch.mcafee.com

64.233.167.104 secure.nai.com

64.233.167.104 nai.com

64.233.167.104 update.symantec.com

64.233.167.104 updates.symantec.com

64.233.167.104 us.mcafee.com

64.233.167.104 liveupdate.symantec.com

64.233.167.104 customer.symantec.com

64.233.167.104 rads.mcafee.com

64.233.167.104 trendmicro.com

64.233.167.104 grisoft.com

64.233.167.104 sandbox.norman.no

64.233.167.104 www.pandasoftware.com

64.233.167.104 uk.trendmicro-europe.com

6.结束安全软件和禁止运行一些系统程序(如:任务管理器,msconfig.exe等):

7.向MSN好友发送病毒文件

8. 弹出一个记事本窗口

9.通网络共享目录(如eMule)传播自身,可能的文件名如下:

 Messenger Plus! 3.50.exe

MSN all version polygamy.exe

MSN nudge bomb.exe

10.关闭包含以下字符串的窗口,从而达到保护病毒自身的目的:

 ADWARE

ALERTS

ANTI

AUTOSTARTED

Avg

BENIGN

BLOCKER

BUG

BULLGUARD

BUSTER

CENTER

CILLIN

CLEANER

CMD

Command

DESTROY

DETECTION

DOCTOR

EARTHLINK

EDITOR

ELIMINATE

EYE

FIGHT

Filter

FIREWALL

FIX

FIXING

HEAL

HELP

HUNTER

KERIO

Kill

LABS

LIVEUPDATE

MALWARE

MALWHERE

MCAFEE

NETCOP

NOD32

NORTON

PANDA

PROMPT

PROTECTOR

REGISTRY

REMOVAL

RESTORE

SANDBOX

SCAN

SECURE

SECURITY

SOPHOS

SPY

SPYBOT

SPYWARE

STOPPER

SWEEPER

TASK

TOOL

TREND

Update

VCATCH

VIRUS

WATCH

WORM

PROCESS

随便看

 

百科全书收录4421916条中文百科知识,基本涵盖了大多数领域的百科知识,是一部内容开放、自由的电子版百科全书。

 

Copyright © 2004-2023 Cnenc.net All Rights Reserved
更新时间:2024/12/23 18:37:21