词条 | Worm.MSNLoveme.g |
释义 | 该病毒为性感鸡变种G,它通过MSN和共享目录传播,当用户感染该病毒后,该病毒会修改hosts文件,使众多安全及反病毒公司网站地址重定位到MSN网站,有可能导致DDos攻击,且无法正常这此安全公司的网站;禁止运行一些系统程序(如:任务管理器,msconfig.exe等),严重影响用户的正常工作. 简介处理时间:2005-03-08 威胁级别:★★★ 中文名称:性感鸡变种G 病毒类型:蠕虫 影响系统:Win9x / WinNT 病毒行为:复制自身到系统目录System32下svosm.exe sysup.exe 复制自身到SystemRoot下msmpatch.exe 在系统盘根目录下创建以下文件Crazy.Html dsm.exe One Eye Granny pic!.pif Me drunk at The Sea!.pif Punk Lives! lol.pif Me Love You Long Time.pif Me pic.pif HillBilly Chick lol.pif Dumb Looking Goth Chick.pif Hot Blonde!.pif Modelling Her New Bikini.pif Crazy Japanese man kicks crazy frog!.pif Funny Hitler parody!.pif My birthday pic!.pif 4.调用IE打开Crazy.Html文件,该病毒有个计数器来统计有多少用户感染了该病毒 5.修改注册表使自身随计算机启而自动运行 DsmSer = "%System32%\\svosm.exe" AvSer = "%System32%\\sysup.exe" rollbk = "%SystemRoot%\\msmpatch.exe" HKEY_CURRENT_USER\\Microsoft\\Windows\\CurrentVersion\\Run HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServices HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer\\Run HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run 6.修改hosts文件,使众多安全及反病毒公司网站重定向到MSN网站,有可能导致DDos攻击,且无法正常登录下列公司的网站: 213.199.154.54 www.symantec.com 213.199.154.54 www.sophos.com 213.199.154.54 www.mcafee.com 213.199.154.54 www.viruslist.com 213.199.154.54 www.f-secure.com 213.199.154.54 www.avp.com 213.199.154.54 www.kaspersky.com 213.199.154.54 www.networkassociates.com 213.199.154.54 www.ca.com 213.199.154.54 www.my-etrust.com 213.199.154.54 www.nai.com 213.199.154.54 www.trendmicro.com 213.199.154.54 www.grisoft.com 213.199.154.54 securityresponse.symantec.com 213.199.154.54 symantec.com 213.199.154.54 sophos.com 213.199.154.54 mcafee.com 213.199.154.54 liveupdate.symantecliveupdate.com 213.199.154.54 viruslist.com 213.199.154.54 f-secure.com 213.199.154.54 kaspersky.com 213.199.154.54 kaspersky-labs.com 213.199.154.54 avp.com 213.199.154.54 networkassociates.com 213.199.154.54 ca.com 213.199.154.54 mast.mcafee.com 213.199.154.54 my-etrust.com 213.199.154.54 download.mcafee.com 213.199.154.54 dispatch.mcafee.com 213.199.154.54 secure.nai.com 213.199.154.54 nai.com 213.199.154.54 update.symantec.com 213.199.154.54 updates.symantec.com 213.199.154.54 us.mcafee.com 213.199.154.54 liveupdate.symantec.com 213.199.154.54 customer.symantec.com 213.199.154.54 rads.mcafee.com 213.199.154.54 trendmicro.com 213.199.154.54 grisoft.com 213.199.154.54 sandbox.norman.no 213.199.154.54 www.pandasoftware.com 213.199.154.54 uk.trendmicro-europe.com 7.结束安全软件和禁止运行一些系统程序(如:任务管理器,msconfig.exe等): 8.向MSN在线好友发送病毒文件 9.通网络共享目录(如eMule)传播自身,可能的文件名如下: MSN Display picture stealer.exe MSN Messenger 7.exe MSN Avatar Creator.exe 10.关闭包含以下字符串的窗口,从而达到保护病毒自身的目的: ADWARE ALERTS ANTI AUTOSTARTED Avg BENIGN BLOCKER BUG BULLGUARD BUSTER CENTER CILLIN CLEANER CMD Command DESTROY DETECTION DOCTOR EARTHLINK EDITOR ELIMINATE EYE FIGHT Filter FIREWALL FIX FIXING HEAL HELP HUNTER KERIO Kill LABS LIVEUPDATE MALWARE MALWHERE MCAFEE NETCOP NOD32 NORTON PANDA PROMPT PROTECTOR REGISTRY REMOVAL RESTORE SANDBOX SCAN SECURE SECURITY SOPHOS SPY SPYBOT SPYWARE STOPPER SWEEPER TASK TOOL TREND Update VCATCH VIRUS WATCH WORM PROCESS |
随便看 |
百科全书收录4421916条中文百科知识,基本涵盖了大多数领域的百科知识,是一部内容开放、自由的电子版百科全书。