病毒簡介
病毒別名:處理時間:2005-08-05
威脅級別:★
中文名稱:
病毒類型:蠕蟲
影響:Win 9x/ME,Win 2000/NT,Win XP,Win 2003
病毒行為
1,隱蔽性強1) 首先生成%temp%\???.exe,並執行???.exe,自身退出
2) ???.exe生成%temp%\???.tmp,並注入到explorer.exe,???.exe退出
3) ???.tmp拷貝病毒到%system32%\thhellsedujsfl.exe
4) 刪除臨時檔案 ???.exe、???.tmp
5) 病毒運行時,首先生成臨時檔案%temp%\???.tmp,注入???.tmp到explorer.exe,自身退出。
2,生成檔案
%system32%\thhellsedujsfl.exe
%temp%\???.tmp
3,添加啟動項
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
fovflsoigxfmx = "%system%\thhellsedujsfl.exe"
4,隨機郵件內容
1) Osama Bin Laden Captured.
Attached some pics that i found
2) Saddam Hussein - Attempted Escape, Shot dead.
Attached some pics that i found
3) Testing
4) Secret!
1) Hey, Remember this?
2) Hello, Long time! Check this out!
3) Hey, I was going through my album, and look what I found..
4) Hey, Check this out :-)
1) +++ Attachment: No Virus found
+++ Panda AntiVirus - You are protected
+++ http://www.hudong.com/wiki/www.pandasoftware.com
2) +++ Attachment: No Virus found
+++ Norman AntiVirus - You are protected
+++ http://www.hudong.com/wiki/www.norman.com
3) +++ Attachment: No Virus found
+++ F-Secure AntiVirus - You are protected
+++ http://www.hudong.com/wiki/www.f-secure.com
4) +++ Attachment: No Virus found
+++ Norton AntiVirus - You are protected
+++ http://www.hudong.com/wiki/www.symantec.com
附屬檔案名可能:
1) Cool
2) pics.1
3) funny.1
4) bush.1
5) joke.1
6) secret.2
1) .pif
2) .scr
3) .exe
