病毒名稱:
Klez(求職信)別名:
Win32/Krn132,Win32/Klez, W32.Klez, Kleza.A,ElKern, Klaz, Kletz, I-Worm.Klez病毒特點:
由於病毒體代碼包含以下內容,該英文信的內容與求職有關,所以我們將其命名為“求職信”病毒。(I'm sorry to do so,but it's helpless to say sorry.
I want a good job,I must support my parents.
Now you have seen my technical capabilities.
How much my year-salary now? NO more than ,500.
What do you think of this fact?
Don't call my names,I have no hostility.
Can you help me?)
該病毒通過電子郵件傳播,郵件的主題從下列中隨機選取
Hi
Hello
How are you?
Can you help me?
We want peace
Where will you go?
Congratulations!!!
Don't Cry
Look at the pretty
Some advice on your shortcoming
Free XXX Pictures
A free hot porn site
Why don't you reply to me?
How about have dinner with me together?
Never kiss a stranger
附屬檔案的名稱也是隨機的,如Nxrj.exe,Uruo.exe,Vws.exe。如果用戶使用微軟的Outlook收發電子郵件,那么在預覽含有該病毒的郵件時,病毒已經被執行。病毒一旦運行,將在C:\Windows\System下生成兩個隱含檔案Krn132.exe和Wqk.exe,修改註冊表,添加如下鍵值:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Krn132=C:\WINDOWS\SYSTEM\Krn132.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WQK=C:\WINDOWS\SYSTEM\Wqk.exe
同時感染PE檔案和.scr檔案。