病毒别名：

处理时间：

威胁级别：★★

中文名称：狂妄猎手

病毒类型：蠕虫

影响系统：Win9x / WinNT

病毒行为:

这是一个通过邮件和mIRC传播的蠕虫，他会破坏用户计算机的保护措施，关闭防火墙，常见杀毒软件等，禁用注册表编辑器，禁用开始菜单中的运行，隐藏硬盘分区，禁止用户进入Windows 2000的MS－DOS方式，禁止显示"远程管理"，通过mIRC病毒达到控制用户机器和传播的目的。

1.生成文件：

C:\\LARISSA.html

C:\\WINDOWS\\WSocket32.vbs

C:\\WINDOWS\\SPOOL_SV32.vbs

C:\\Program Files\\MIRC\\script.ini

C:\\WINDOWS\\LARISSA.exe

C:\\WINDOWS\\SMSS_32.exe

2.会通过通过Outlook发送邮件。

3.邮件的

Subject：Re: LOVELETTER

Body：vbcrlf&"I LOVE YOU TOO!"

附件名LOVELETTER.exe

4.结束以下进程：

"ATUPDATER.EXE"

"AUPDATE.EXE"

"AUTODOWN.EXE"

"AUTOUPDATE.EXE"

"Avconsol.exe"

"AVENGINE.EXE"

"AVXQUAR.EXE"

"bawindo.exe"

"ccEvtMgr.exe"

"ccProxy.exe"

"ccPxySvc.exe"

"DefWatch.exe"

"DRWEBUPW.EXE"

"ESCANHNT.EXE"

"LUCOMS~1.EXE"

"VsTskMgr.exe"

"UpdaterUI.exe"

"NPROTECT.EXE"

"mcvsshld.exe"

"mcvsrte.exe"

"mcvsescn.exe"

"mcagent.exe"

"mcshield.exe"

"MCUPDATE.EXE"

"FrameworkService.exe"

"PINGSCAN.EXE"

"RTVSCN95.EXE"

"W9X.EXE"

"ZAUINST.EXE"

"XPF202EN.EXE"

"SPF.EXE"

"CV.EXE"

"FSAV530STBYB.EXE"

"FSAV530WTBYB.EXE"

"IAMSERV.EXE"

"KILLPROCESSSETUP161.EXE"

"NETMON.EXE"

"PF2.EXE"

"ANTI-TROJAN.EXE"

"taskmgr.exe"

"SpySweeper.exe"

"BGTray.exe"

'ccApp.exe'

'APVXDWIN.EXE'

'ATUPDATER.EXE'

'AUPDATE.EXE'

'AUTODOWN.EXE'

'AUTOUPDATE.EXE'

'Avconsol.exe'

'AVENGINE.EXE'

'AVXQUAR.EXE'

'bawindo.exe'

'ccEvtMgr.exe'

'ccProxy.exe'

'ccPxySvc.exe'

'DefWatch.exe'

'DRWEBUPW.EXE'

'ESCANHNT.EXE'

'LUCOMS~1.EXE'

'VsTskMgr.exe'

'UpdaterUI.exe'

'NPROTECT.EXE'

'mcvsshld.exe'

'mcvsrte.exe'

'mcvsescn.exe'

'mcagent.exe'

'mcshield.exe'

'MCUPDATE.EXE'

'FrameworkService.exe'

'PINGSCAN.EXE'

'RTVSCN95.EXE'

'W9X.EXE'

'ZAUINST.EXE'

'XPF202EN.EXE'

'SPF.EXE'

'CV.EXE'

'FSAV530STBYB.EXE'

'FSAV530WTBYB.EXE'

'IAMSERV.EXE'

'KILLPROCESSSETUP161.EXE'

NETMON.EXE'

'PF2.EXE'

'ANTI-TROJAN.EXE'

'taskmgr.exe'

'SpySweeper.exe'

'BGTray.exe'