| 词条 | Worm.Tanatos.e |
| 释义 | 病毒概述病毒别名:I-Worm.Tanatos.e [AVP] WORM_BUGBEAR.D [Trend] Worm.Bugbear.g.enc [瑞星] 处理时间: 威胁级别:★★ 中文名称: 病毒类型:蠕虫 影响系统:Win9x/WinMe/WinNT/Win2000/WinXP/Win2003 编写工具编写工具:VC6.0, UPX压缩 病毒行为传染条件:通过网络发送邮件高速传播 发作条件: 系统修改: A、在系统目录下释放如下文件: %System%OYCACV.EXE %System%gomamjo.dll %System%mcyays.dll %System%kguaupg.dll B、在注册表主键: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun 下添加以下键值: "oycacv" = "%System%oycacv.exe" 发作现象: A、该病毒运行时会弹出以下欺骗性的对话框: B、该病毒感染后会结束以下进程: ZONEALARM.EXE WFINDV32.EXE WEBSCANX.EXE VSSTAT.EXE VSHWIN32.EXE VSECOMR.EXE VSCAN40.EXE VETTRAY.EXE VET95.EXE TDS2-NT.EXE TDS2-98.EXE TCA.EXE TBSCAN.EXE SWEEP95.EXE SPHINX.EXE SMC.EXE SERV95.EXE SCRSCAN.EXE SCANPM.EXE SCAN95.EXE SCAN32.EXE SAFEWEB.EXE RESCUE.EXE RAV7WIN.EXE RAV7.EXE PERSFW.EXE PCFWALLICON.EXE PCCWIN98.EXE PAVW.EXE PAVSCHED.EXE PAVCL.EXE PADMIN.EXE OUTPOST.EXE NVC95.EXE NUPGRADE.EXE NORMIST.EXE NMAIN.EXE NISUM.EXE NAVWNT.EXE NAVW32.EXE NAVNT.EXE NAVLU32.EXE NAVAPW32.EXE N32SCANW.EXE MPFTRAY.EXE MOOLIVE.EXE LUALL.EXE LOOKOUT.EXE LOCKDOWN2000.EXE JEDI.EXE IOMON98.EXE IFACE.EXE ICSUPPNT.EXE ICSUPP95.EXE ICMON.EXE ICLOADNT.EXE ICLOAD95.EXE IBMAVSP.EXE IBMASN.EXE IAMSERV.EXE IAMAPP.EXE FRW.EXE FPROT.EXE FP-WIN.EXE FINDVIRU.EXE F-STOPW.EXE F-PROT95.EXE F-PROT.EXE F-AGNT95.EXE ESPWATCH.EXE ESAFE.EXE ECENGINE.EXE DVP95_0.EXE DVP95.EXE CLEANER3.EXE CLEANER.EXE CLAW95CF.EXE CLAW95.EXE CFINET32.EXE CFINET.EXE CFIAUDIT.EXE CFIADMIN.EXE BLACKICE.EXE BLACKD.EXE AVWUPD32.EXE AVWIN95.EXE AVSCHED32.EXE AVPUPD.EXE AVPTC32.EXE AVPM.EXE AVPDOS32.EXE AVPCC.EXE AVP32.EXE AVP.EXE AVNT.EXE AVKSERV.EXE AVGCTRL.EXE AVE32.EXE AVCONSOL.EXE AUTODOWN.EXE APVXDWIN.EXE ANTI-TROJAN.EXE ACKWIN32.EXE _AVPM.EXE _AVPCC.EXE _AVP32.EXE 特别说明: A、该病毒感染系统后,会从系统的本地盘中具有以下后缀的文件中扫描Email地址: .SHT .ASP .ODS .MMF .MBX .TBB .TXT .HTM .NCH .EML .DBX B、该病毒感染后会使用其自带的SMTP引擎来向搜索到的 Email地址发送邮件,邮件具有以下特征: 发件人: (从以下字符串中选择一个) george georg garry gabriele funds frederic franz frank franco francisco finance fernand felix ernst erika erick erich erica emmanuel ellen elizabeth eduardo ecommerce earth e-gold dsmith douglas donna dominik debby david daniela daniel customerservice contact company collins colin claudia claude cindy christopher christoph christine chris check center catherine caroline carol carlos carina cards calvin bruno bruce brother bridge brian brent brenda brave brandon brain boris bonny judge jsmith johannes johann johan jimmy bernhard bernard becky beauty beatrice beach balance archives antonio anton anthony answer another anita anger angelo angela alive alison alicia kontakt kimberly kevin alice alfred alexander albert agree agency adrian accounts marcus marco manuel lucia lawrence gerhard gerard gerald laurence laura larry kristine kristin krista tobias allen henry henrik helpdesk helmut helga helene helen thomas terry terri sylvia susan support steven steve stephen andrew andres andreas stephane stefano stefan sophie smith simon silvia silver sharon service serge scott sandra sabine sabina russell rudolf rubber rsmith ronald roland gordon glenn gerry roger roberto robert robbie andrea andre ricardo randy ralph rachel questions peter pedro paulo patrick patricia patrice paolo pamela oliver norbert nicole nicolas nicola netbank nancy nadine monica molly miguel michel michaela michael metal member melanie melania mauro maurizio maureen matti wolfgang william werner wendy walter wagner voice vladimir vincent vanessa tomas matthew mathias martin markus marketing market dominic doctor diane diana dennis denise denis marion mario marina marie linda leopold leonardo mariano marianna maria margit marge margaretha margareta kerry kenneth kendra kelly katrin katri kathy kathryn kathleen karin karen justin julio julien julie julia juhani juergen juerg jerry jerome jennifer jason joseph josef jorgen jorge jonathan janne janna janice janet james isaac irina irene ingrid howard hernan hermann herman herbert heinz harrison harbor harald gregory gregor 后面的域名为以下字符串串中的一个: yahoo.com msn.com worldnet.att.net excite.com ntlworld.com hotmail.com microsoft.com usa.com freesurf.ch earthlink.net btopenworld.com btinternet.com bluewin.ch bigpond.com bellsouth.net aol.com 主题:(以下字符串中选择一个) Hello! trojan virus lyris noreply recipients undisclosed remove please,read the attach file. See the attached file see attachment Pease open an attachment to see the message. Please see Attachment See the attached file for more info Take a look to the attachment update hmm.. Payment notices Just a reminder history screen Announcement various Introduction Interesting... I need photo!!! Stats Please Help... Report Greetings! [Fwd: look] ;-) Today Only New Contests Lost & Found bad news fantastic Me nude Old photos empty account photos Is that your password? I love you! new reading Friendly photo Warning! You are fat! I cannot forget you! Sex pictures Your Gift good news! !!! WARNING !!! Greets! 附件名:(以下字符串中选择一个) 000032.jpg .scr song.wav .scr music.mp3 .scr video.avi .scr photo.jpg .scr girls.jpg .scr pic.jpg .scr message.txt .scr image.jpg .scr news.doc .scr myphoto.jpg .scr you.jpg .scr love.jpg .scr readme.txt .scr 附件中的文件可能为双后缀名,第二个后缀名可能为以下字符串中的一个: .EXE .PIF .SCR |
| 随便看 |
|
百科全书收录4421916条中文百科知识,基本涵盖了大多数领域的百科知识,是一部内容开放、自由的电子版百科全书。