Trojan.Meheerwar

Trojan.Meheerwar

該病毒長度15,237位元組,感染Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP 系統,它修改 IE 設定,創建空目錄,交換滑鼠左右鍵。

類別:木馬病毒
病毒資料:該病毒長度 15,237 位元組,感染Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP 系統,它修改 IE 設定,創建空目錄,交換滑鼠左右鍵,當收到、打開此病毒後,有以下現象:
A 複製自身到系統目錄的 winupdate\csrss.exe
B 複製自身到系統所在盤符的根目錄的
Open me.exe
Del.exe
Winfile.exe
MSN.exe
msnpaint.exe
Notedpad.exe
Dont Delete me.exe
C 增加註冊表項 "Update" = "%System%\winupdate\csrss.exe" 到
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
使得病毒每次開機後執行
D 生成檔案d.bmp到系統所在盤符的根目錄,內容見圖一

Trojan.MeheerwarTrojan.Meheerwar

E 修改註冊表HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main的值
"Window Title" = "Warrior !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! By Mr.X"
使得IE的標題為(圖二)

Trojan.MeheerwarTrojan.Meheerwar

F 修改註冊表 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs 的值
"url1" = "www.sex.nl"
"url2" = "www.sex.nl"
"url3" = "www.sex.nl"
"url4" = "www.sex.nl"
"url5" = "www.sex.nl"
"url6" = "www.sex.nl"
"url7" = "www.sex.nl"
"url8" = "www.sex.nl"
"url9" = "www.sex.nl"
"url10" = "www.sex.nl"
"url11" = "www.sex.nl"
"url12" = "www.sex.nl"
"url13" = "www.sex.nl"
使得 IE 地址欄下拉歷史記錄為 www.sex.nl
G 修改註冊表 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main 的值
"Start Page" = "www.mrx-server.com"
使得打開 IE 後的默認頁面為 www.mrx-server.com
H 在桌面上創建以下空目錄
Afghanistan
ASHB
ben jij gay
Call of Duty(R) 2 Singleplayer
DAMN
Darn zeg
Delete LOL
DELETE ME Please
DONT DELETE ME
DRIVERS
GAY
Global Pc Terror
GPT
GTA San Andreas
Hersens
Holland
I OWN
ik weet niks anders
IMC
IMF
Ja jij stink
JIj Stinkt
LESBIE
LOL
LOLz
LOLZA
LOLZAAAAAAA
Lozer
Made in Holland
Master
MASTER WARRIOR
Mister X
MOHAHAHAHAHAHA
Mr.X
Mrx.Afghanistan
Msn Messenger
noem eens wat op
noob
OMG
OMG jij bent dom
OMG OMG
omg vet saai
OMLA
PORNO MAP
POWER
Program files
STINKERD
System32
Terror
VIRUS
waarom ben je homo
Waarom open je virus
WARRIOR
Windows
YOU homo bestanden
You sucks
I 在我的文檔里創建以下空目錄
2005
DARN
Desktop
Deze Computer
Emoticosn
Font
Hardeschijf
HDD
HELP ME
Ik weet niks
Leeg
LOL
LoLza
Made By mrx
Mijn fotos
mijn vriendin
Mr.X
Mrx 2005
Msn
My files
Omg
omG 2005
Open me
Rotzooi
Save game
Shit
Warrior
Weet ff niks
wie ben jij
Your files
Zwak
J 交換滑鼠左右鍵
K 突然打開和關閉光碟機
L 過段時間後結束自己
病毒FAQ:Windows下的PE病毒

發現日期:2006-2-27

參考資料:http://www.viruschina.com/news/Vdatabase_detail.asp?id=5114

相關詞條

相關搜尋

熱門詞條

聯絡我們