词条 | Worm.Myst.10 |
释义 | Worm.Myst.10病毒别名:Email-Worm.Win32.generic[AVP],I-Worm/Myst.10[KV],Worm.Myst[RS] 处理时间: 威胁级别:★★ 中文名称:我的最爱 病毒类型:蠕虫 影响系统:Win9x / WinNT 病毒行为:这是一个用VB编写的蠕虫病毒,该病毒通过电子邮件和mIRC聊天系统进行传播。该病毒会修改.exe的文件关联到病毒,使得每次运行exe文件的时候该病毒都会被执行;该病毒会删除三款杀毒软件的某些数据使得这些杀毒软件无法正常运行。该病毒除了通过在Outlook地址薄里面收集邮件地址,将病毒做为附件发送出去之外,它还会通过向mIRC的脚本配置文件中写入一些脚本,使得该病毒能够通过mIRC聊天系统传播。 1)病毒将自己拷贝到: C:\\windows\\system\\systray_.exe C:\\windows\\system\\runtray_.dll 2)释放临时文件C:\\ModReg.reg,并通过regedit /s C:\\ModReg.reg命令写入注册表 修改exe的文件关联到病毒,使得每次运行exe文件的时候该病毒都会被执行 HKEY_CLASSES_ROOT\\exefile\\shell\\open\\command (Default)=""C:\\windows\\system\\systray_.exe" %1 %*" HKEY_LOCAL_MACHINE\\Software\\McAfee\\Scan95 "SerialNum"="MYST v1.0 by MYSTiQUE" "CurrentVersionNumber"="666" "DAT"="NONE" "DATFile"="-2000" "VirusInfoURL"="http://ma***.sexchat.***" "bVShieldEnabled"=0x0 为病毒添加启动项: HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run "SystemTray"="C:\\Windows\\system\\systray_.exe" 3)向mIRC的脚本配置文件C:\\mirc\\script.ini中写入以下内容,使得该病毒能够通过mIRC聊天系统传播 [script] n0= on 1:TEXT:*sex*:#:{ n1= .msg $nick Hello, sorry to disturb you, but I just got a very kinky adult slideshow and was wondering if you would like a copy.So I'm going to send you one. n2= .copy C:\\windows\\system\\runtray_.dll C:\\windows\\system\\install_show.exe n3= .dcc send $nick C:\\windows\\system\\install_show.exe n4= } 4)删除三款杀毒软件的以下文件: C:\\Program Files\orton AntiVirus\\*.dat C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus Personal Pro\\*.* C:\\Program Files\\Common Files\\KAV Shared Files\\*.* 5)在Outlook里面收集邮件地址,并将病毒做为附件发送给这些邮件接收者 取下面的某一行做为邮件主题: Here is the e-mail attachment I told you about earlier, It's an installation program for an adult screensaver slideshow program Here is the e-mail attachment I told you about earlier, It's an installation program for an Outlook Service Release upgrade Here is the e-mail attachment I told you about earlier, It's an installation program for a Microsoft Explorer Patch Here is the e-mail attachment I told you about earlier, It's an installation program for a Desktop Game I got off the internet Here is the e-mail attachment I told you about earlier, It's an installation program for a brand-new MP3 player and plug-ins Here is the e-mail attachment I told you about earlier, It's an installation program for an Microsoft Internet Explorer Service Pack (Q401243) Here is the e-mail attachment I told you about earlier, It's an installation program for an Kaspersky Anti-Virus 4.0 bugfix 邮件正文: Hey, sorry I haven't written to you in a while. Well you could call it a while. I'm writing this E-mail to let you know of an attachment im sending with the next mail. Here it is 邮件附件:C:\\windows\\install_.exe |
随便看 |
百科全书收录4421916条中文百科知识,基本涵盖了大多数领域的百科知识,是一部内容开放、自由的电子版百科全书。