簡介
病毒名稱: Email-Worm.Win32.Zhelatin.u中文名稱: 澤拉丁變種
病毒類型: 蠕蟲類
檔案 MD5: BB78341288F265C0659D2A323BE2328E
公開範圍: 完全公開
危害等級: 5
檔案長度: 脫殼前 50,582 位元組,脫殼後1,431,552 位元組
感染系統: Win9X以上系統
開發工具: Microsoft Visual C++ 6.0
加殼工具: UPX變形殼
命名對照: McAfee [W32/Zhelatin.gen@MM] Avast![ Win32:Tibs-AII]
drweb [Trojan.Packed.14] DrWeb[BackDoor.Generic.1138]
AVG[Trojan horse Downloader.Tibs.3.A]
ClamAV [Trojan.Downloader-1381]
行為分析
1 、郵件主題從下列字元串表中選取
'I Love You with All I Am''The Time for Love' 'When You Fall in Love''Your LoveHas Opened' 'My Love', 'Our Love is Free','Eternity of Your Love', 'I Love You
Soo Much' 'Wrapped in Your Arms', 'Our Love Nest' 'Hugging My Pillow', 'The Dance
of Love' 'Falling In Love with You', 'Why I Love You', 'A Kiss So Gentle','Miracle
of Love','A Token of My Love', 'For You....My Love', 'Our Love Will Last','Inside
My Heart', 'The Miracle of Love', 'Our Love is Strong','Love Remains', 'I am
Complete', 'I Dream of you','Dream Girl', 'I Believe', 'Unmatchable Beauty','Baby,
I',27h,'ll Be There' 'Rose for my Love','I Love You So','I Love Thee', 'I',27h,
'll Be Your Man','Will You?', 'Want You to Know', 'Internet Love', 'Only You',
'Passionate Kiss', 'Kiss Coupon', 'Breakfast in Bed Coupon', 'Romantic Picnic
Coupon', 'Dinner Coupon','Massage Coupon', 'A Relaxing Coupon','Steamy Sex
Coupon', 'Bubble Bath Coupon', 'Dream Date Coupon','A Day in Bed Coupon',
'Feeling Horny?', 'Kisses, Hugs & Roses','The Love Bugs', 'A Little (sex) Card',
'A Kiss for You', 'A Monkey Rose for You', 'I Woof You', 'We Are Different', n
'You Are My Guiding Star', 'Puppy Love','You Rock Me!', 'Times Are Hard, I Luv U',
'Crazy way to say I Luv U', 'You Were Worth the Wait', 'Showers Of Love',
'Can',27h,'t Wait to See You!', 'You',27h,'re My Hero', 'You Brighten My Day',
'Love at First Sight', 'The Mood for Love','I Love You Mower', 'A Romantic Place',
'We',27h,'re a Perfect Fit', 'Love is in the Air', 'Emptiness Inside Me', 'Our
Love Everyday', 'I Can',27h,'t Function','5 Reasons I Love You','You Lucky Duck!',
'Peek-A-Boo', 'Last Night was Hot!', 'When I look at you', 'You are out of this
world', 'Memories', 'Wild Nights--Wild Nights','I Think of You', 'A Bouquet of
Love', 'I Would Give you Anything''Hold Me (distant love)', 'Between Us', 'In My
Heart', 'From this day forward','You',27h,'re Soo kissable', 'Angel of Love',
'Thinking about you', 'Love for Granted', 'How Much I Love You', 'A Hug & Roses',
'Summer Love', 'A Weekend Getaway', 'My Heart is Thinking', 'Steamy Dream', 'My
Heart belongs to you','Every Inch of Your Body', 'Our love is torn by miles', 'A
Special Kiss', 'Won',27h,'t you dance with me'A Red Hot Kiss', 'The Sweet Taste
of Love','A Special Flower for You', 'Just You & Me', 'Till Morninig',27h,'s
Light', 'Your Silly Smile', 'Trunk Full Of Love','Till Morning',27h,'s Light',
'The Letter','Bewitching Moonlight', 'I Am Lost In You', 'Fields Of Love', 'We
Have Walked', 'P.M.S', 'So Unique', 'Take My Hand', 'Solitary Beauty', 'Cuddle Me
Please', 'Let',27h,'s Get Frisky', 'Teddy Bear & Roses', 'Wish I Could Tell You',
'Twilight Paradise', 'Thinking of You', 'Longing for You', 'Twice Blest', Forever
and Ever', 'Dancing With You', 'I Still Love You', 'Soul Mates', Two of a Kind',
'He Blessed Our Lives', 'Pockets of Love', 'Live With Me', 'Now I Know', 'The
Kiss', 'Vacation Love','I Would Do Anything', 'You + Me', 'Sending Kiss', 'Safe
With You', 'Love Birds', 'It',27h,'s Your Move', 'In Love', 'Love You Deeply',
'The Long Haul', 'I wish', 'Together Again', 'You',27h,'re so Far Away''Brand New
Love', 'For You', 'Wish Upon a Star', 'You Asked Me Why', 'Our Two Hearts', 'All
That Matters', 'Hold On', 'You and I', 'Someone at Last', 'Made for Each Other',
'Safe and Sound', 'Cuddle Up', 'With All My Love', 'Heart is Breaking', 'Everyone
Needs Someone', 'When I',27h,'m With You', 'All For You', 'For Better of For
Worse', 'To New Spouse', 'Forever in Love', 'Full Heart', 'Unique Love', 'My Eye
on You', 'Our Wedding Day', 'Hey Cutie', 'Against All Odds', 'Cyber Love', 'Old
Together', 'Our Love', 'That Special Love', 'I Give to You', 'Back Together',
'Wine and Roses', 'I Win with You', 'Hand in Hand', 'If I Could', 'A Song to You'
'Search for One', 'A Sweet Love', 'JustYou','Thanks...Love', 'Now and Forever',
'Without Your Love', 'This Day Forward', 'Waiting for You', 'My Perfect Love',
'True Love', 'The Candle',27h,'s Light', 'Words I Write', 'You and I Forever',
'You',27h,'re the One', 'Worthy of You', 'My Invitation', 'Until the Day', 'Red
Rose', 'This Feeling', 'So in Love', 'Want to Meet?', 'Awaiting Your Love', 'I
Always Knew', 'With All of My Heart', 'Soul Partners', 'Tender Whispers', 'With
This Ring', 'Til the End of Time', 'Heart of Mine', 'If I Knew', 'Touched by
Love', 'Most Beautiful Girl', 'Wrapped Up', 'Evening Romance', 'Doing It for You',
'Window of Beauty', 'Together You and I', 'Sending You My Love', 'Magic of
Flowers'
2 、附屬檔案名從下列符串列表中選取
大小為 50,582 位元組Flash Postcard.exe
flash postcard.exe
greeting postcard.exe
Greeting Postcard.exe
greeting card.exe
Greeting Card.exe
3 、偽造下列發信人從下列字元串中選取
'Zenia', 'Zoe', 'Zilya', 'Xenia', 'Xylia','Xandra', 'Willa', 'Wendy', 'Vicky','Vivian', 'Violet', 'Valora', 'Vanessa', 'Valda', 'Ula', 'Uma', 'Sharon',
'Silver', 'Rosa', 'Ruby', 'Rita', 'Rae', 'Rachel', 'Queen','Peggy','Pamela',
'Olivia', 'Olga','Nicole', 'Naomi','Natalie','Nora', 'Nina','Nova', 'Nadia',
'Maia', 'Mary', 'Melody', 'Mimi','Myra', 'Linda', 'Lisa', 'Lolita', 'Lynn',
'Laura','Lara', 'Kara', 'Kassia', 'Kyle','Kali', 'Kacey', 'Katrina', 'Janet',
'Jewel', 'Joanna', 'Juliet', 'Julie', 'Ida', 'Idona', 'Isabel', 'Iris', 'Ivana',
'Ivory', 'Helga', 'Holly', 'Haley', 'Gloria', 'Gilda', 'Gale', 'Faith', 'Emily',
'Evelyn', 'Eve','Erika', 'Eliza', 'Eden','Ebony','Donna','Dora', 'Doris','Diana',
'Danielle', 'Daria', 'Damita','Camille','Cara','Carla','Carmen','Clarissa',
'Chelsea', 'Caitlin', 'Bettina', 'Blenda','Bridget', 'Briana', 'Bella', 'Becky',
'Barbra','Aldora', 'Alysia','Amorita', 'Aretina','Ara', 'April', 'Anita'
4 、 關閉包含下列字元串的程式進程
mcafeetaskmgr
hijack
f-pro
lockdown
msconfig
firewall
blackice
vsmon
zonea
spybot
nod32
reged
troja
viru
anti
alsys
Registry
Editor
5 、郵件內容多為空
6 、在當前目錄下衍生病毒副本
另外可能會在系統目錄下衍生病毒副本 alsys.exe。註: % System% 是一個可變路徑。病毒通過查詢作業系統來決定當前 System 資料夾的位置。 Windows2000/NT 中默認的安裝路徑是 C:\Winnt\System32 , windows95/98/me 中默認的安裝路徑是 C:\Windows\System , windowsXP 中默認的安裝路徑是 C:\Windows\System32 。
清除方案
1 、 使用安天木馬防線可徹底清除此病毒 ( 推薦 )2 、 手工清除請按照行為分析刪除對應檔案,恢復相關係統設定。
(1)使用安天木馬防線斷開網路,結束病毒進程:
病毒檔案名稱 /exe
(2)刪除病毒釋放檔案。
(3)查找系系統目錄下是否病毒副本 , 如有則刪除:
alsys.exe
(4) 建議使用安天木馬防線掃描全盤 。
[tr=#f0f0f0][td=2,1]病毒標籤:[td=1,1,16%][td=1,1,84%]
病毒名稱: Email-Worm.Win32.Zhelatin.u
中文名稱: 澤拉丁變種
病毒類型: 蠕蟲類
檔案 MD5: BB78341288F265C0659D2A323BE2328E
公開範圍: 完全公開
危害等級: 5
檔案長度: 脫殼前 50,582 位元組,脫殼後1,431,552 位元組
感染系統: Win9X以上系統
開發工具: Microsoft Visual C++ 6.0
加殼工具: UPX變形殼
命名對照: McAfee [W32/Zhelatin.gen@MM]
Avast![ Win32:Tibs-AII]
DrWeb [Trojan.Packed.14]
AVG[Trojan horse Downloader.Tibs.3.A]
ClamAV [Trojan.Downloader-1381] [td=2,1]病毒描述:
該病毒運行後,病毒在當前目錄下衍生一個隨機命名的病毒副本,而後構造帶有病毒副本的
垃圾郵件以傳播自身。 [tr=#f0f0f0][td=2,1]行為分析:[td=1,1,16%][td=1,1,84%]1 、郵件主題從下列字元串表中選取:
'I Love You with All I Am''The Time for Love' 'When You Fall in Love''Your Love
Has Opened' 'My Love', 'Our Love is Free','Eternity of Your Love', 'I Love You
Soo Much' 'Wrapped in Your Arms', 'Our Love Nest' 'Hugging My Pillow', 'The Dance
of Love' 'Falling In Love with You', 'Why I Love You', 'A Kiss So Gentle','Miracle
of Love','A Token of My Love', 'For You....My Love', 'Our Love Will Last','Inside
My Heart', 'The Miracle of Love', 'Our Love is Strong','Love Remains', 'I am
Complete', 'I Dream of you','Dream Girl', 'I Believe', 'Unmatchable Beauty','Baby,
I',27h,'ll Be There' 'Rose for my Love','I Love You So','I Love Thee', 'I',27h,
'll Be Your Man','Will You?', 'Want You to Know', 'Internet Love', 'Only You',
'Passionate Kiss', 'Kiss Coupon', 'Breakfast in Bed Coupon', 'Romantic Picnic
Coupon', 'Dinner Coupon','Massage Coupon', 'A Relaxing Coupon','Steamy Sex
Coupon', 'Bubble Bath Coupon', 'Dream Date Coupon','A Day in Bed Coupon',
'Feeling Horny?', 'Kisses, Hugs & Roses','The Love Bugs', 'A Little (sex) Card',
'A Kiss for You', 'A Monkey Rose for You', 'I Woof You', 'We Are Different', n
'You Are My Guiding Star', 'Puppy Love','You Rock Me!', 'Times Are Hard, I Luv U',
'Crazy way to say I Luv U', 'You Were Worth the Wait', 'Showers Of Love',
'Can',27h,'t Wait to See You!', 'You',27h,'re My Hero', 'You Brighten My Day',
'Love at First Sight', 'The Mood for Love','I Love You Mower', 'A Romantic Place',
'We',27h,'re a Perfect Fit', 'Love is in the Air', 'Emptiness Inside Me', 'Our
Love Everyday', 'I Can',27h,'t Function','5 Reasons I Love You','You Lucky Duck!',
'Peek-A-Boo', 'Last Night was Hot!', 'When I look at you', 'You are out of this
world', 'Memories', 'Wild Nights--Wild Nights','I Think of You', 'A Bouquet of
Love', 'I Would Give you Anything''Hold Me (distant love)', 'Between Us', 'In My
Heart', 'From this day forward','You',27h,'re Soo kissable', 'Angel of Love',
'Thinking about you', 'Love for Granted', 'How Much I Love You', 'A Hug & Roses',
'Summer Love', 'A Weekend Getaway', 'My Heart is Thinking', 'Steamy Dream', 'My
Heart belongs to you','Every Inch of Your Body', 'Our love is torn by miles', 'A
Special Kiss', 'Won',27h,'t you dance with me'A Red Hot Kiss', 'The Sweet Taste
of Love','A Special Flower for You', 'Just You & Me', 'Till Morninig',27h,'s
Light', 'Your Silly Smile', 'Trunk Full Of Love','Till Morning',27h,'s Light',
'The Letter','Bewitching Moonlight', 'I Am Lost In You', 'Fields Of Love', 'We
Have Walked', 'P.M.S', 'So Unique', 'Take My Hand', 'Solitary Beauty', 'Cuddle Me
Please', 'Let',27h,'s Get Frisky', 'Teddy Bear & Roses', 'Wish I Could Tell You',
'Twilight Paradise', 'Thinking of You', 'Longing for You', 'Twice Blest', Forever
and Ever', 'Dancing With You', 'I Still Love You', 'Soul Mates', Two of a Kind',
'He Blessed Our Lives', 'Pockets of Love', 'Live With Me', 'Now I Know', 'The
Kiss', 'Vacation Love','I Would Do Anything', 'You + Me', 'Sending Kiss', 'Safe
With You', 'Love Birds', 'It',27h,'s Your Move', 'In Love', 'Love You Deeply',
'The Long Haul', 'I wish', 'Together Again', 'You',27h,'re so Far Away''Brand New
Love', 'For You', 'Wish Upon a Star', 'You Asked Me Why', 'Our Two Hearts', 'All
That Matters', 'Hold On', 'You and I', 'Someone at Last', 'Made for Each Other',
'Safe and Sound', 'Cuddle Up', 'With All My Love', 'Heart is Breaking', 'Everyone
Needs Someone', 'When I',27h,'m With You', 'All For You', 'For Better of For
Worse', 'To New Spouse', 'Forever in Love', 'Full Heart', 'Unique Love', 'My Eye
on You', 'Our Wedding Day', 'Hey Cutie', 'Against All Odds', 'Cyber Love', 'Old
Together', 'Our Love', 'That Special Love', 'I Give to You', 'Back Together',
'Wine and Roses', 'I Win with You', 'Hand in Hand', 'If I Could', 'A Song to You'
'Search for One', 'A Sweet Love', 'JustYou','Thanks...Love', 'Now and Forever',
'Without Your Love', 'This Day Forward', 'Waiting for You', 'My Perfect Love',
'True Love', 'The Candle',27h,'s Light', 'Words I Write', 'You and I Forever',
'You',27h,'re the One', 'Worthy of You', 'My Invitation', 'Until the Day', 'Red
Rose', 'This Feeling', 'So in Love', 'Want to Meet?', 'Awaiting Your Love', 'I
Always Knew', 'With All of My Heart', 'Soul Partners', 'Tender Whispers', 'With
This Ring', 'Til the End of Time', 'Heart of Mine', 'If I Knew', 'Touched by
Love', 'Most Beautiful Girl', 'Wrapped Up', 'Evening Romance', 'Doing It for You',
'Window of Beauty', 'Together You and I', 'Sending You My Love', 'Magic of
Flowers'
2 、附屬檔案名從下列符串列表中選取,大小為 50,582 位元組:
Flash Postcard.exe
flash postcard.exe
greeting postcard.exe
Greeting Postcard.exe
greeting card.exe
Greeting Card.exe
3 、偽造下列發信人從下列字元串中選取:
'Zenia', 'Zoe', 'Zilya', 'Xenia', 'Xylia','Xandra', 'Willa', 'Wendy', 'Vicky',
'Vivian', 'Violet', 'Valora', 'Vanessa', 'Valda', 'Ula', 'Uma', 'Sharon',
'Silver', 'Rosa', 'Ruby', 'Rita', 'Rae', 'Rachel', 'Queen','Peggy','Pamela',
'Olivia', 'Olga','Nicole', 'Naomi','Natalie','Nora', 'Nina','Nova', 'Nadia',
'Maia', 'Mary', 'Melody', 'Mimi','Myra', 'Linda', 'Lisa', 'Lolita', 'Lynn',
'Laura','Lara', 'Kara', 'Kassia', 'Kyle','Kali', 'Kacey', 'Katrina', 'Janet',
'Jewel', 'Joanna', 'Juliet', 'Julie', 'Ida', 'Idona', 'Isabel', 'Iris', 'Ivana',
'Ivory', 'Helga', 'Holly', 'Haley', 'Gloria', 'Gilda', 'Gale', 'Faith', 'Emily',
'Evelyn', 'Eve','Erika', 'Eliza', 'Eden','Ebony','Donna','Dora', 'Doris','Diana',
'Danielle', 'Daria', 'Damita','Camille','Cara','Carla','Carmen','Clarissa',
'Chelsea', 'Caitlin', 'Bettina', 'Blenda','Bridget', 'Briana', 'Bella', 'Becky',
'Barbra','Aldora', 'Alysia','Amorita', 'Aretina','Ara', 'April', 'Anita' 4 、 關閉包含下列字元串的程式進程:
mcafee
taskmgr
hijack
f-pro
lockdown
msconfig
firewall
blackice
vsmon
zonea
spybot
nod32
reged
troja
viru
anti
alsys
Registry
Editor
5 、郵件內容多為空 , 偽造的郵件伺服器為
6 、在當前目錄下衍生病毒副本,另外可能會在系統目錄下衍生病毒副本 alsys.exe。
註: % System% 是一個可變路徑。病毒通過查詢作業系統來決定當前 System 資料夾的位置。 Windows2000/NT 中默認的安裝路徑是 C:\Winnt\System32 , windows95/98/me 中默認的安裝路徑是 C:\Windows\System , windowsXP 中默認的安裝路徑是 C:\Windows\System32 。 [tr=#f0f0f0][td=2,1]清除方案:[td=1,1,16%][td=1,1,84%]
手工清除請按照行為分析刪除對應檔案,恢復相關係統設定。
(1)斷開網路,結束病毒進程:
病毒檔案名稱 /exe
(2)刪除病毒釋放檔案。
(3)查找系系統目錄下是否病毒副本 , 如有則刪除:
alsys.exe