词条 | Email-Worm.Win32.NetSky.t |
释义 | 简介病毒名称:Email-Worm.Win32.NetSky.t 中文名称:网络天空变种 病毒类型:蠕虫 文件 MD5:F1EAC29A09279D51C81585AE47C5255D 公开范围:完全公开 危害等级:中等 文件长度:38,912 字节 感染系统:Win98以上系统 开发工具:Microsoft Visual C++ 6.0 加壳工具:LE-Exe Executable Image * UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo 命名对照:驱逐舰[Win32.HLLP.Secto] 瑞星[Win32.Sality.k] 病毒描述“网络天空”04年起肆虐互联网络,至今仍存活。该病毒运行后,衍生病毒文件到系统目录下,添加注册表启动项以随机引导病毒体。病毒内建SMTP服务器,伪造大量发信地址,发送大量带有名为“主题名+随机数字.pif”的附件的垃圾邮件到指定地址。当用户点击附件时,即中毒。 行为分析衍生下列副本与文件%Windir%\\ uinmzertinmds.opm %Windir%\\ EasyAV.exe %System32%\\vcmgcd32.dll %System32%\\vcmgcd32.dl 新建注册表键值HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion \\Run\\EasyAVValue: String: "%WINDir\\EasyAV.exe" 病毒从包含下列扩展名的文件中搜索邮件地址.sht.adb .tbb.wab.dbx.oft.doc.msg 用户可能收到的邮件信息发送邮件地址: smoke@freenet.am neox@pisem.net oriontrooper@yahoo.com gfplus@softhome.net kzm@cisco.com cryorb@tut.by hubmib-request@ietf.org msoe@microsoft.com fkma@mmtools.ru uri@lucent.com raraghun@cisco.com joe@joestewart.org joespammer@example.com bik78@mail.ru case@snmp.com crsky@yeah.net gerrit@familiehaase.de shag@apsvans.com hanta@chiva.net msoe@microsoft.com smoke@freenet.am fkma@mmtools.ru waldbusser@lucent.com ietfmibs@ops.ietf.org dyk_158@163.com gfplus@softhome.net ts@polynet.lviv.ua tbd@despammed.com hoto@ipbcn.org waldbusser@lucent.com net-snmp-coders@lists.sourceforge.net hanta@chiva.net 收件人地址: cao_cong_hx@yahoo.com.cn tbd@despammed.com oriontrooper@yahoo.com bmd2chen@tom.com mario555@pisem.net tbd@despammed.com mario555@pisem.net 邮件主题: Diggest Archive Request Requested document Re: Approved Letter Thank you! Re: Movie document Re: Text Re: Thanks you! Powerpoint document Re: Photo document Approved Info Hi My details Re: User list Re: Hello Re: Hi Developement Thank you! Re: Movie document My details Re: Details Re: Important Your information Your details Sample Homepage Important Excel document Re: Old document Re: Bill Re: Important Re: Your document 邮件内容: Please notice the attached diggest. The info.Thanks I have spent much time for your document. My number list. My instructions. My developement is attached.Yours sincerely Your letter.Thank you Your file is attached to this mail.Yours sincerely Hello!Please see the text. Hello!Please have a look at the attached document.Yours sincerely Please read the attached document. Hi!Please, old document. Hi!Please, user list. Hi!Please read quickly. Hello!Please have a look at the info. Hello!The bill. Hello!The icq number.Thank you Hello!Here is the document.Thanks Here is the document.Yours sincerely Hello!The note is attached. Hello!Please have a look at the note.Thank you Hello!Please notice the attached document.Thanks Hello!See the document for details Hi!Here is the document. Please read the attached document.Thanks Please read the summary.Yours sincerely Please notice the attached postcard. Please notice the attached document.Yours sincerely Please have a look at the attached document. Please see the requested document. Please have a look at the archive Please see the new document. Please see the excel document. Hello!Please notice the attached sample.Thank you See the document for details.Yours sincerely I have found the order.Thanks Hi!For more details see the attached document.Thank you Hi!Note that I have attached your document. Hi!Please see the homepage. 注:% System%是一个可变路径。病毒通过查询操作系统来决定当前System文件夹的位置。Windows2000/NT中默认的安装路径是C:\\Winnt\\System32,windows95/98/me中默认的安装路径是C:\\Windows\\System,windowsXP中默认的安装路径是C:\\Windows\\System32。 清除方案1、使用安天木马防线可彻底清除此病毒(推荐) 2、手工清除请按照行为分析删除对应文件,恢复相关系统设置。 (1) 使用安天木马防线“进程管理”关闭病毒进程 EasyAV.exe (2) 删除病毒释放文件 %Windir%\\ uinmzertinmds.opm %Windir%\\ EasyAV.exe %System32%\\vcmgcd32.dll %System32%\\vcmgcd32.dl (3) 恢复病毒修改的注册表项目,删除病毒添加的注册表项 HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion \\Run\\EasyAVValue: String: "%WINDir\\EasyAV.exe" |
随便看 |
|
百科全书收录4421916条中文百科知识,基本涵盖了大多数领域的百科知识,是一部内容开放、自由的电子版百科全书。