词条 | Worm.MSNLoveme.e |
释义 | 该病毒为性感鸡变种E,它通过MSN和网络共享目录传播自身。当用户感染该病毒后,该病毒会修改hosts文件,使众多安全及反病毒公司网站重定向一个固定的IP,导致无法正常这此公司的网站;结束常用的反病毒软件进程;禁止运行一些系统程序(如:任务管理器,msconfig.exe等),严重影响用户的正常工作. 基本信息病毒别名: 处理时间:2005-03-07 威胁级别:★★★ 中文名称:性感鸡变种E 病毒类型:蠕虫 影响系统:Win9x / WinNT 行为分析1.复制自身到系统目录%System32%下: serbw.exe formatsys.exe 2.复制自身到%SystemRoot%下: msmbw.exe 3.在系统盘根目录下创建以下文件: Crazy-Frog.Html lspt.exe Crazy frog gets killed by train!.pif Annoying crazy frog getting killed.pif See my lesbian friends.pif LOL that ur pic!.pif My new photo!.pif Me on holiday!.pif The Cat And The Fan piccy.pif How a Blonde Eats a Banana...pif Mona Lisa Wants Her Smile Back.pif Topless in Mini Skirt! lol.pif Fat Elvis! lol.pif Jennifer Lopez.scr Message to n00b LARISSA.txt 4.修改注册表使自身随计算机启而自动运行 在以下注册表项: HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServices HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer\\Run HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run 添加(随机): serpe = "%System32%\\serbw.exe" ltwob = "%System32%\\formatsys.exe" avnort = "%SystemRoot%\\msmbw.exe" 5.修改hosts文件,使众多安全及反病毒公司网站重定向一个固定的IP,导致无法正常下列公司的网站: 64.233.167.104 www.symantec.com 64.233.167.104 www.sophos.com 64.233.167.104 www.mcafee.com 64.233.167.104 www.viruslist.com 64.233.167.104 www.f-secure.com 64.233.167.104 www.avp.com 64.233.167.104 www.kaspersky.com 64.233.167.104 www.networkassociates.com 64.233.167.104 www.ca.com 64.233.167.104 www.my-etrust.com 64.233.167.104 www.nai.com 64.233.167.104 www.trendmicro.com 64.233.167.104 www.grisoft.com 64.233.167.104 securityresponse.symantec.com 64.233.167.104 symantec.com 64.233.167.104 sophos.com 64.233.167.104 mcafee.com 64.233.167.104 liveupdate.symantecliveupdate.com 64.233.167.104 viruslist.com 64.233.167.104 f-secure.com 64.233.167.104 kaspersky.com 64.233.167.104 kaspersky-labs.com 64.233.167.104 avp.com 64.233.167.104 networkassociates.com 64.233.167.104 ca.com 64.233.167.104 mast.mcafee.com 64.233.167.104 my-etrust.com 64.233.167.104 download.mcafee.com 64.233.167.104 dispatch.mcafee.com 64.233.167.104 secure.nai.com 64.233.167.104 nai.com 64.233.167.104 update.symantec.com 64.233.167.104 updates.symantec.com 64.233.167.104 us.mcafee.com 64.233.167.104 liveupdate.symantec.com 64.233.167.104 customer.symantec.com 64.233.167.104 rads.mcafee.com 64.233.167.104 trendmicro.com 64.233.167.104 grisoft.com 64.233.167.104 sandbox.norman.no 64.233.167.104 www.pandasoftware.com 64.233.167.104 uk.trendmicro-europe.com 6.结束安全软件和禁止运行一些系统程序(如:任务管理器,msconfig.exe等): 7.向MSN好友发送病毒文件 8. 弹出一个记事本窗口 9.通网络共享目录(如eMule)传播自身,可能的文件名如下: Messenger Plus! 3.50.exe MSN all version polygamy.exe MSN nudge bomb.exe 10.关闭包含以下字符串的窗口,从而达到保护病毒自身的目的: ADWARE ALERTS ANTI AUTOSTARTED Avg BENIGN BLOCKER BUG BULLGUARD BUSTER CENTER CILLIN CLEANER CMD Command DESTROY DETECTION DOCTOR EARTHLINK EDITOR ELIMINATE EYE FIGHT Filter FIREWALL FIX FIXING HEAL HELP HUNTER KERIO Kill LABS LIVEUPDATE MALWARE MALWHERE MCAFEE NETCOP NOD32 NORTON PANDA PROMPT PROTECTOR REGISTRY REMOVAL RESTORE SANDBOX SCAN SECURE SECURITY SOPHOS SPY SPYBOT SPYWARE STOPPER SWEEPER TASK TOOL TREND Update VCATCH VIRUS WATCH WORM PROCESS |
随便看 |
百科全书收录4421916条中文百科知识,基本涵盖了大多数领域的百科知识,是一部内容开放、自由的电子版百科全书。