Worm.MSNLoveme.e

該病毒為性感雞變種E,它通過MSN和網路已分享資料夾傳播自身。當用戶感染該病毒後,該病毒會修改hosts檔案,使眾多安全及反病毒公司網站重定向一個固定的IP,導致無法正常這此公司的網站;結束常用的反病毒軟體進程;禁止運行一些系統程式(如:任務管理器,msconfig.exe等),嚴重影響用戶的正常工作。

病毒概述

病毒別名:
處理時間:2005-03-07
威脅級別:★★★
中文名稱:性感雞變種E
病毒類型:蠕蟲
影響系統:Win9x / WinNT
病毒行為:
該病毒為性感雞變種E,它通過MSN和網路共享目錄傳播自身.當用戶感染該病毒後,該病毒會修改hosts檔案,使眾多安全及反病毒公司網站重定向一個固定的IP,導致無法正常這此公司的網站;結束常用的反病毒軟體進程;禁止運行一些系統程式(如:任務管理器,msconfig.exe等),嚴重影響用戶的正常工作.

病毒特性

1.複製自身到系統目錄%System32%下:
serbw.exe
formatsys.exe
2.複製自身到%SystemRoot%下:
msmbw.exe
3.在系統盤根目錄下創建以下檔案:
Crazy-Frog.Html
lspt.exe
Crazy frog gets killed by train!.pif
Annoying crazy frog getting killed.pif
See my lesbian friends.pif
LOL that ur pic!.pif
My new photo!.pif
Me on holiday!.pif
The Cat And The Fan piccy.pif
How a Blonde Eats a Banana...pif
Mona Lisa Wants Her Smile Back.pif
Topless in Mini Skirt! lol.pif
Fat Elvis! lol.pif
Jennifer Lopez.scr
Message to n00b LARISSA.txt
4.修改註冊表使自身隨計算機啟而自動運行
在以下註冊表項:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
添加(隨機):
serpe = "%System32%\serbw.exe"
ltwob = "%System32%\formatsys.exe"
avnort = "%SystemRoot%\msmbw.exe"
5.修改hosts檔案,使眾多安全及反病毒公司網站重定向一個固定的IP,導致無法正常下列公司的網站:
64.233.167.104 www.symantec.com
64.233.167.104 www.sophos.com
64.233.167.104 www.mcafee.com
64.233.167.104 www.viruslist.com
64.233.167.104 www.f-secure.com
64.233.167.104 www.avp.com
64.233.167.104 www.kaspersky.com
64.233.167.104 www.networkassociates.com
64.233.167.104 www.ca.com
64.233.167.104 www.my-etrust.com
64.233.167.104 www.nai.com
64.233.167.104 www.trendmicro.com
64.233.167.104 www.grisoft.com
64.233.167.104 securityresponse.symantec.com
64.233.167.104 symantec.com
64.233.167.104 sophos.com
64.233.167.104 mcafee.com
64.233.167.104 liveupdate.symantecliveupdate.com
64.233.167.104 viruslist.com
64.233.167.104 f-secure.com
64.233.167.104 kaspersky.com
64.233.167.104 kaspersky-labs.com
64.233.167.104 avp.com
64.233.167.104 networkassociates.com
64.233.167.104 ca.com
64.233.167.104 mast.mcafee.com
64.233.167.104 my-etrust.com
64.233.167.104 download.mcafee.com
64.233.167.104 dispatch.mcafee.com
64.233.167.104 secure.nai.com
64.233.167.104 nai.com
64.233.167.104 update.symantec.com
64.233.167.104 updates.symantec.com
64.233.167.104 us.mcafee.com
64.233.167.104 liveupdate.symantec.com
64.233.167.104 customer.symantec.com
64.233.167.104 rads.mcafee.com
64.233.167.104 trendmicro.com
64.233.167.104 grisoft.com
64.233.167.104 sandbox.norman.no
64.233.167.104 www.pandasoftware.com
64.233.167.104 uk.trendmicro-europe.com
6.結束安全軟體和禁止運行一些系統程式(如:任務管理器,msconfig.exe等):
7.向MSN好友傳送病毒檔案,
8. 彈出一個記事本視窗,
9.通網路已分享資料夾(如eMule)傳播自身,可能的檔案名稱如下:
Messenger Plus! 3.50.exe
MSN all version polygamy.exe
MSN nudge bomb.exe
10.關閉包含以下字元串的視窗,從而達到保護病毒自身的目的:
ADWARE,ALERTS,ANTI,AUTOSTARTED,Avg,BENIGN,BLOCKER,BUG,BullGuard,BUSTER,CENTER,
CILLIN,CLEANER,CMD,Command,DESTROY,DETECTION,DOCTOR,EARTHLINK,EDITOR,ELIMINATE,
EYE,FIGHT,Filter,FIREWALL,FIX,FIXING,HEAL,HELP,HUNTER,KERIO,Kill,LABS,LIVEUPDATE,MALWARE,
MALWHERE,MCAFEE,NETCOP,NOD32,NORTON,PANDA,PROMPT,PROTECTOR,REGISTRY,REMOVAL,
RESTORE,SANDBOX,SCAN,SECURE,SECURITY,SOPHOS,SPY,SPYBOT,SPYWARE,STOPPER,SWEEPER,
TASK,TOOL,TREND,Update,VCATCH,VIRUS,WATCH,WORM,PROCESS

相關詞條

相關搜尋

熱門詞條

聯絡我們