病毒簡介
病毒別名:
處理時間:
威脅級別:★★
中文名稱:狂妄獵手
病毒類型:蠕蟲
影響系統:Win9x / WinNT
病毒行為
這是一個通過郵件附屬檔案的方式傳播的蠕蟲,他會破壞用戶計算機的保護措施,如,關閉防火牆,常見防毒軟體等,禁用註冊表編輯器,還有一些惡意行為,如禁用開始選單中的運行,隱藏硬碟分區,禁止用戶進入Windows 2000的MS-DOS方式,禁止顯示"遠程管理",等為其他的病毒做鋪墊。1.生成檔案:
IExplore.exe
MSLARISSA.pif
CmdPrompt32.pif
SP00Lsv32.pif
C:\WINDOWS\WinVBS.vbs
C:\MESSAGE_TO_USER.txt
C:\MESSAGE_TO_AVs.txt
C:\MESSAGE_TO_BROPIA.txt
2.註冊表:
增加鍵值:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
MSLARISSA:MSLARISSA.pif
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Command Prompt32:CmdPrompt32.pif
增加啟動項,使病毒開機運行。
修改鍵值:
Software\Microsoft\Windows\CurrentVersion\Explorer\Sheelfol
設定病毒本身和IE的關聯,做到一打開IE的同時病毒就被打開。
3.下載檔案http://www.geocities.com/mslarissac/WindowsSecurityUpdate.zip
4.生成檔案C:\MESSAGE_TO_USER.txt的內容
Greetz to infected user!I will survive,In this moment in time.'Your computer will crash,So, you will be mine.I will not crash,I will not fail.So, in this moment in time,I will survive...
- LARISSA AUTHOR : 2-24-05
C:\MESSAGE_TO_AVs.txt的內容
Greetz to AVs!
I wanna be in AV industry when I grow up :-)
LARISSA AUTHOR : 2-24-05
C:\MESSAGE_TO_BROPIA.txt
Hey Bropia.. stop making MSN worms it',27h's stupid...... lol -- Larissa Anti Bropia... -- Saving the world from BROPIA!!!
- LARISSA AUTHOR : 2-24-05
5.郵件的內容為下面的隨機一洌?
The message is located in the attachments.
The letter you requested is in the attachments.
Information attached.
Kindly read and reply to my LOVE LETTER in the attachments :-)
The documents you requested are in the attachments.
Info reguarding your Email account is in the attachments.
Dear Windows User Please download the windows update included in the attachmen
My letter is in the attachments.
Your email account is about to expire, please check the attachments for details.
6.郵件的隨機主題
Re: Message
Re: Letter
Re: Information
I LOVE YOU
Re: Your Documents
Re: Account Info
Windows Update
Re: My Letter
Re: Docs
Re: Your Email Info
7.郵件附屬檔案的隨機名稱:
Message.exe
Letter.exe
Information.exe
LOVE_LETTER_FOR_YOU.exe
Documents.exe
Attached_Message.exe
Microsoft_Update.exe
Private_Letter.exe
Private_Document.exe
Important_Message.exe
8.把病毒自己複製到下面目錄裡面:
"b:"
"c:"
"d:"
"e:"
"f:"
"g:"
"h:"
"i:"
"j:"
"k:"
"l:"
"m:"
"n:"
"o:"
"q:"
"r:"
"s:"
"t:"
"u:"
"v:"
"w:"
"x:"
"y:"
"z:"
9.病毒會關閉一些保護軟體,也會關閉一些病毒
"agentsvr.exe"
"ANTI-TROJAN.EXE"
"ANTIVIRUS.EXE"
"ANTS.EXE"
"APIMONITOR.EXE"
"APLICA32.EXE"
"APVXDWIN.EXE"
"ATCON.EXE"
"ATGUARD.EXE"
"ATRO55EN.EXE"
"ATUPDATER.EXE"
"ATWATCH.EXE"
"ZAPRO.EXE"
"ZAPSETUP3001.EXE"
"ZATUTOR.EXE"
"ZAUINST.EXE"
"ZONALM2601.EXE"
"ZONEALARM.EXE"
"AUPDATE.EXE"
"AUTODOWN.EXE"
"AUTOTRACE.EXE"
"AUTOUPDATE.EXE"
"AVCONSOL.EXE"
"AVGSERV9.EXE"
"AVLTMAIN.EXE"
"AVPUPD.EXE"
"avsynmgr.exe"
"AVWUPD32.EXE"
"AVXQUAR.EXE"
"AVprotect9x.exe"
"Au.exe"
"BD_PROFESSIONAL.EXE"....
