病毒簡介
病毒別名:Email-worm.Win32.Anpir.a【avp】
處理時間:
威脅級別:★★
中文名稱:網路噬蟲
病毒類型:蠕蟲
影響系統:Win9x / WinNT
病毒行為
該病毒是郵件蠕蟲,通過電子郵件傳播,病毒運行後,會搜尋病毒所在當前目錄的檔案,把*.exe 的內容替換為病毒體的內容,同時還會刪除刪除當前目錄的*.avi *.zip *.rar *.nfo *.txt *.mp3 *.mpg *.bin *.iso *.jpg所有檔案,最後將搜尋本機的outlook中的通信簿的聯繫人名單,病毒冒充一些大型公司的郵件,並把病毒體作為附屬檔案傳送出去,去感染下一個用戶
1。創建以下檔案
C:\Documents and Settings\administrator\Application Data\Microsoft\Address Book\Administrator.wab
C:\Documents and Settings\administrator\Local Settings\Application Data\Identities\\Microsoft\Outlook Express\Folders.dbx
C:\Documents and Settings\administrator\Local Settings\Application Data\Identities\\Microsoft\Outlook Express\Offline.dbx
C:\Documents and Settings\administrator\Local Settings\Application Data\Identities\\Microsoft\Outlook Express\收件箱.dbx
2。通過調用mapi32.dll中的BMAPISendMail來傳送郵件
3。病毒冒充的郵件地址
[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@geocities.com
