Worm.Redist.c

病毒名称:

Worm.Redist.c

类别： 蠕虫病毒

病毒资料：

破坏方法：

启动方式：

病毒从注册表启动，相关的注册表键值为：

HKLM\Software\Microsoft\Windows\CurrentVersion

\Run\SecureLogin

"％WINDIR％\％CURFILE％"

病毒行为：

1.病毒能够终止许多反病毒软件如：AVP、LOCKDOWN、Norton AntiVirus等

2.病毒通过Outlook发送邮件传播，邮件的内容一般为：

标题："Modem booster"

正文：

"I have a fairly slow modem, that is, until I installed the file in the attachments!This program is a "Modem booster", it can make your internet connection go at most 2x faster :)"

标题:"Better than WinZip?"

正文："Try this file compressor that I downloaded from the net yesterday!

I have compressed some files, and it makes them at least 3 times smaller!

The installation file should be in the attachments as "FileCompress.exe""

标题:Warp ScreenSaver

正文："Try this warp ScreenSaver in the attachments!"

标题:Program

正文："Here is that program that you asked for yesterday."

标题:Fire ScreenSaver

正文："Check out this ScreenSaver of fire!

I think that it is one of the best ScreenSavers that I have ever seen!"

标题:Here is a copy of that program that everyone

正文："Please don't delete it, because I might not send it to anyone else."

3. 病毒在通过P2P共享传播时采用的名字一般为下列诱惑性的文件名：

"Johnny English (Movie) - Full Downloader.pif"

"Gladiator (Movie) - Full Downloader.pif"

"SWordFish (Movie) - Full Downloader.pif"

"MSN Messenger Password Stealer.pif"等等

病毒的清除法：

使用光华反病毒软件，彻底删除。

病毒演示：

病毒FAQ：

Windows下的PE病毒。

发现日期：

2003-6-13