“Worm.Torvil.b”的意思、由来-中文百科全书

简介

病毒别名：I-Worm.Torvil.b[AVP]

处理时间：2004-02-05

威胁级别：★

中文名称：

病毒类型：蠕虫

影响系统：Win9x/NT/2000/XP

病毒行为:

编写工具: Delphi,Aspack压缩

传染条件:

A.电子邮件

B.猜弱口令连接远程机器

C.利用ICQ，mIRC，KaZaA共享

发作条件:

系统修改:

A.在%SystemRoot%下复制两份病毒副本：

SMSS??.exe或Spool??.exe(其中??为任意字母,)

svchost.exe

B.在%SystemRoot%下创建目录:mstorvil,并在其下复制多份病毒副本:

文件名的前半部分可能为:

　NetObjects Fusion v7.5

Macromedia Studio MX 2004 AllApps

BearShare Pro 4.3.0

Borland C++ BuilderX 1.0 Enterprise Edition

Microsoft Office System Professional V2003

Halo FLT

Nero Burning ROM v6.0.0.19 Ultra Edition

TVTool v8.31

NHL 2004

Norton SystemWorks 2004

McAfee Personal Firewall Plus 2004

iMesh 4.2 Ad Remover

Norton AntiVirus 2004

Norton Antispam 2004

Sophos AntiVirus v3.74

Macromedia Contribute 2

McAfee VirusScan Home Edition 2004

McAfee SpamKiller 2004

后半部分可能为

　Keygen.exe

Crack.exe

C.创建如下文件:

C: orvil.log

message.dat

message.htm

msg.zip

D.在注册表主键:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun

下创建键值:

"Service Host"="%SystemRoot%SMSS??.exe"

在注册表主键:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon

下修改如下键值:

"Shell"="Explorer.exe SMSS??.exe"

创建如下子键及其下各项:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedOneLevelDeeperTorvilDB

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnumRootLEGACY_TORVIL

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTORVIL(创建服务"TORVIL",路径为:"%SystemRootSMSS??.exe -s")

发作现象:

A.运行时会出现一个标题为"Microsoft RPC-DCOM Fix2"的窗口

B.反复打开关闭一个DOS窗口,显示: "%当前时间% xExec %SystemRoot%SMSS??.exe"

C.会结束以下进程:

_AVP32

_AVPCC

_AVPM

ACKWIN32

ATRACK

ADVXDWIN

AGENTW

ALERTSVC

ALOGSERV

AMON9X

ANTIVIR

ANTI-TROJAN

AVPUPD

AVWIN95

AVPTC

AVE32

ANTS

APVXDWIN

ATCON

ATUPDATER

ATWATCH

AUTODOWN

AUTOTRACE

AVCONSOL

AVGCC32

AVGCTRL

AVGSERV

AVGSERV9

AVGW

AVKPOP

AVKSERV

AVKSERVICE

AVKWCTL9

AVP

AVP32

AVPM

AVSCHED32

AVSYNMGR

AVWINNT

AVXMONITOR9X

AVXMONITORNT

AVXQUAR

AVXW

BLACKD

BLACKICE

CDP

CFGWIZ

CLAW95

CCEVTMGR

CCPWDSVC

CCSETMGR

CLAW95CF

CFINET

CLEANER

CLEANER3

CMGRDIAN

CONNECTIONMONITOR

CPD

CPDClNT

CTRL

DEFALERT

DEFSCANGUI

DEFWATCH

DOORS

DVP95

DVP95_0

EFPEADM

ETRUSTCIPE

EVPN

EXPERT

FIREWAL

F-AGNT95

FAMEH32

FCH32

FIH32

FNRB32

F-PROT

F-PROT95

FP-WIN

FRW

FSAA

FSAV32

FSGK32

FSM32

FSMA32

FSMB32

F-STOPW

GBMENU

GBPOLL

GENERICS

GUARD

GUARDDOG

IAMAPP

IAMSERV

IAMSTATS

ICLOAD95

ICLOADNT

ICMON

ICSUPP95

ICSUPPNT

IFACE

IOMON98

ISRV95

JEDI

LDNETMON

LDPROMENU

LDSCAN

LOCKDOWN

LOCKDOWN2000

LUALL

LUCOMSERVER

LUSPT

MCAGENT

MCMNHDLR

MCSHIELD

MCTOOL

MCUPDATE

MCVSRTE

MCVSSHLD

MGAVRTCL

MGAVRTE

MGHTML

MINILOG

MONITOR

NAVRUNR

MOOLIVE

MPFAGENT

MPFSERVICE

MPFTRAY

MWATCH

NAV

AUTO-PROTECT

NAVAP

NAVAPSVC

NAVAPW32

NAVENGNAVEX15

N32SCANW

NAVENGNAVEX15

NAVLU32

NAVW32

NAVWNT

NDD32

NEOWATCHLOG

NETUTILS

NISSERV

NISUM

NMAIN

NOD32

NORMIST

NOTSTART

NPROTECT

NPSCHECK

NPSSVC

NSCHED32

NSPLUGIN

NTRTSCAN

NTVDM

NRESQ32

NTXcONFIG

Nui

NUPGRADE

NVC95

NVSVC32

NWSERVICE

NWTOOL16

NSCHEDNT

PADMIN

PAVPROXY

PCCIOMON

PCCNTMON

PCCWIN97

PCCWIN98

PCSCAN

PERSFW

PERSWF

POP3TRAP

PCFWALLICON

POPROXY

PORTMONITOR

PROCESSMONITOR

PROGRAMAUDITOR

PVIEW95

RAPAPP

RAV7

RAV7WIN

REALMON

RESCUE

PCCMAIN

RTVSCN95

RULAUNCH

TMNTSRV

SBSERV

SAFEWEB

SAVSCAN

SCAN32

SCRSCAN

SMC

SPHINX

SPYXX

SS3EDIT

SWEEP95

SWEEPNET

SWEEPSRV

SWNETSUP

SymProxySvc

SYMTRAY

TAUMON

TDS2-98

TDS2-NT

TCA

TCM

TDS-3

TFAK

VBCMSERV

VBCONS

VET32

VET95

VETTRAY

VIR-HELP

VPC32

VPTRAY

VSCHED

VSECOMR

VSHWIN32

VSMAIN

VSMON

VSSTAT

WATCHDOG

WEBSCANX

WEBTRAP

WGFE95

WIMMUN32

WRADMIN

WRCTRL

ZAPRO

ZONEALARM

D.发送病毒邮件

　主题:

congratulations!

darling

Do not release, its the internal rls!

Documents

Pr0n!

Undeliverable mail--

Returned mail--

here s a nice Picture

New Internal Rls...

here s the document

here s the document you requested

here s the archive you requested

正文:

　第一部分可能是:

Hi,

Hello,

Re:

Fw:

第二部分可能是

See the attached file for details.

I have a document attached,

which should solve your problems.

The release file is attached...

Send me your comments.

Real outtakes from Sex in the City!!

Adult content!!! Use with parental advisory =)

Have a look the Pic attached !!

dOnT gIvE iT aWaY...

iTs cOnFiDeNtIaL =)

here|s the document that you had requested.

That|s the answer to all your questions.

Have a look at the attatchment.

附件可能是:

yourwin.bat

probsolv.doc.pif

flt-xb5.rar.pif

document.doc.pif

sexinthecity.scr

torvil.pif

win$hitrulez.pif

sexy.jpg

flt-ixb23.zip

readit.doc.pif

document1.doc.pif

attachment.zip

message.zip

Q723523_W9X_WXP_x86_EN.exe

特别说明:

试图通过弱口令连接远程计算机,若成功则复制病毒副本"Reminder.exe"到远程计算机的%SystemRoot%目录中.

词条	Worm.Torvil.b
释义	简介(传染条件: 发作条件: 发作现象:) 特别说明: 简介病毒别名：I-Worm.Torvil.b[AVP] 处理时间：2004-02-05 威胁级别：★ 中文名称：病毒类型：蠕虫影响系统：Win9x/NT/2000/XP 病毒行为: 编写工具: Delphi,Aspack压缩传染条件: A.电子邮件 B.猜弱口令连接远程机器 C.利用ICQ，mIRC，KaZaA共享发作条件: 系统修改: A.在%SystemRoot%下复制两份病毒副本： SMSS??.exe或Spool??.exe(其中??为任意字母,) svchost.exe B.在%SystemRoot%下创建目录:mstorvil,并在其下复制多份病毒副本: 文件名的前半部分可能为: 　NetObjects Fusion v7.5 Macromedia Studio MX 2004 AllApps BearShare Pro 4.3.0 Borland C++ BuilderX 1.0 Enterprise Edition Microsoft Office System Professional V2003 Halo FLT Nero Burning ROM v6.0.0.19 Ultra Edition TVTool v8.31 NHL 2004 Norton SystemWorks 2004 McAfee Personal Firewall Plus 2004 iMesh 4.2 Ad Remover Norton AntiVirus 2004 Norton Antispam 2004 Sophos AntiVirus v3.74 Macromedia Contribute 2 McAfee VirusScan Home Edition 2004 McAfee SpamKiller 2004 后半部分可能为　Keygen.exe Crack.exe C.创建如下文件: C: orvil.log message.dat message.htm msg.zip D.在注册表主键: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun 下创建键值: "Service Host"="%SystemRoot%SMSS??.exe" 在注册表主键: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon 下修改如下键值: "Shell"="Explorer.exe SMSS??.exe" 创建如下子键及其下各项: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedOneLevelDeeperTorvilDB HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnumRootLEGACY_TORVIL HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTORVIL(创建服务"TORVIL",路径为:"%SystemRootSMSS??.exe -s") 发作现象: A.运行时会出现一个标题为"Microsoft RPC-DCOM Fix2"的窗口 B.反复打开关闭一个DOS窗口,显示: "%当前时间% xExec %SystemRoot%SMSS??.exe" C.会结束以下进程: _AVP32 _AVPCC _AVPM ACKWIN32 ATRACK ADVXDWIN AGENTW ALERTSVC ALOGSERV ALOGSERV AMON9X ANTIVIR ANTI-TROJAN AVPUPD AVWIN95 AVPTC AVE32 ANTS APVXDWIN APVXDWIN ATCON ATUPDATER ATWATCH AUTODOWN AUTOTRACE AVCONSOL AVGCC32 AVGCTRL AVGSERV AVGSERV9 AVGW AVKPOP AVKSERV AVKSERVICE AVKWCTL9 AVP AVP32 AVPM AVSCHED32 AVSYNMGR AVWINNT AVXMONITOR9X AVXMONITORNT AVXQUAR AVXQUAR AVXW BLACKD BLACKICE CDP CFGWIZ CLAW95 CCEVTMGR CCPWDSVC CCSETMGR CLAW95CF CFINET CLEANER CLEANER3 CMGRDIAN CONNECTIONMONITOR CPD CPDClNT CTRL DEFALERT DEFSCANGUI DEFWATCH DOORS DVP95 DVP95_0 EFPEADM ETRUSTCIPE EVPN EXPERT FIREWAL F-AGNT95 FAMEH32 FCH32 FIH32 FNRB32 F-PROT F-PROT95 FP-WIN FRW FSAA FSAV32 FSGK32 FSM32 FSMA32 FSMB32 F-STOPW GBMENU GBPOLL GBPOLL GENERICS GUARD GUARDDOG IAMAPP IAMSERV IAMSTATS ICLOAD95 ICLOADNT ICMON ICSUPP95 ICSUPPNT IFACE IOMON98 ISRV95 JEDI LDNETMON LDPROMENU LDSCAN LOCKDOWN LOCKDOWN2000 LUALL LUCOMSERVER LUSPT MCAGENT MCMNHDLR MCSHIELD MCTOOL MCUPDATE MCVSRTE MCVSSHLD MGAVRTCL MGAVRTE MGHTML MINILOG MONITOR NAVRUNR MOOLIVE MPFAGENT MPFSERVICE MPFTRAY MWATCH NAV AUTO-PROTECT NAVAP NAVAPSVC NAVAPW32 NAVENGNAVEX15 N32SCANW NAVENGNAVEX15 NAVLU32 NAVW32 NAVWNT NDD32 NEOWATCHLOG NETUTILS NISSERV NISUM NMAIN NOD32 NORMIST NOTSTART NPROTECT NPSCHECK NPSSVC NSCHED32 NSPLUGIN NTRTSCAN NTVDM NRESQ32 NTXcONFIG Nui NUPGRADE NVC95 NVSVC32 NWSERVICE NWTOOL16 NSCHEDNT PADMIN PAVPROXY PCCIOMON PCCNTMON PCCWIN97 PCCWIN98 PCSCAN PERSFW PERSWF POP3TRAP PCFWALLICON POPROXY PORTMONITOR PROCESSMONITOR PROGRAMAUDITOR PVIEW95 RAPAPP RAV7 RAV7WIN REALMON RESCUE PCCMAIN RTVSCN95 RULAUNCH TMNTSRV SBSERV SAFEWEB SAVSCAN SCAN32 SCRSCAN SMC SPHINX SPYXX SS3EDIT SWEEP95 SWEEPNET SWEEPSRV SWNETSUP SymProxySvc SYMTRAY TAUMON TDS2-98 TDS2-NT TCA TCM TDS-3 TFAK VBCMSERV VBCONS VET32 VET95 VETTRAY VIR-HELP VPC32 VPTRAY VSCHED VSECOMR VSHWIN32 VSMAIN VSMON VSSTAT WATCHDOG WEBSCANX WEBTRAP WGFE95 WIMMUN32 WRADMIN WRCTRL WRCTRL ZAPRO ZONEALARM D.发送病毒邮件　主题: congratulations! darling Do not release, its the internal rls! Documents Pr0n! Undeliverable mail-- Returned mail-- here s a nice Picture New Internal Rls... here s the document here s the document you requested here s the archive you requested 正文: 　第一部分可能是: Hi, Hello, Re: Fw: 第二部分可能是 See the attached file for details. I have a document attached, which should solve your problems. The release file is attached... Send me your comments. Real outtakes from Sex in the City!! Adult content!!! Use with parental advisory =) Have a look the Pic attached !! dOnT gIvE iT aWaY... iTs cOnFiDeNtIaL =) here\|s the document that you had requested. That\|s the answer to all your questions. Have a look at the attatchment. 附件可能是: yourwin.bat probsolv.doc.pif flt-xb5.rar.pif document.doc.pif sexinthecity.scr torvil.pif win$hitrulez.pif sexy.jpg flt-ixb23.zip readit.doc.pif document1.doc.pif attachment.zip message.zip Q723523_W9X_WXP_x86_EN.exe 特别说明: 试图通过弱口令连接远程计算机,若成功则复制病毒副本"Reminder.exe"到远程计算机的%SystemRoot%目录中.
随便看	华硕EN8600GT/2DHT/256M 华硕EN8600GT/HTDP/256M 华硕EN8600GTS/HTDP/256M/A 华硕EN8600GTSILENT/HTDP/256M 华硕EN8600GTSSILENT/HTDP/256M 华硕EN8800GTSHTDP320M 华硕EN8800GTS/HTDP/640M 华硕ENGT240 华硕ENGT440 华硕ENGTS450 华硕ENGTX460 华硕ENGTX465 华硕ENGTX470 华硕ENGTX550 华硕ENGTX550Ti DC/DI/1GD5 华硕ENGTX560 华硕ENGTX560DCII TOP 华硕ENGTX560Ti 华硕ENGTX560 Ti DCII/2DI/1GD5 华硕ENGTX570 华硕ENGTX580 华硕ENGTX580DCII 华硕ENGTX590 华硕EPC700 华硕ET1602