Worm.Redist.b

王朝other·作者佚名 2008-05-31

宽屏版字体: 小|中|大|超大

病毒名称:

Worm.Redist.b

类别：蠕虫病毒

病毒资料：

破坏方法：

启动方式：

病毒从注册表启动，相关的注册表键值为：

HKLM\Software\Microsoft\Windows\CurrentVersion

\Run\Winhlp32

"Wscript.exe ％SYSDIR％\Msexec32.vbs ％1"

HKLM\Software\Microsoft\Windows\CurrentVersion

\Run\WindowsEXPlorer Shell

"％WINDIR％\％CURFILE％"

病毒行为：

1.病毒能够终止许多反病毒软件如：AVP、LOCKDOWN、Norton AntiVirus等

2.病毒通过Outlook发送邮件传播，邮件的内容一般为：

标题一般为：

"Re:"、

"Joke book"、

"Read this before?"、

"Better than KaZaA?"

正文一般为：

"Here is that file that you asked for a few days ago.

I'm sorry I sent it this late"、

"Hello,Have I sent you the Gift Card in the attachments before?

if not, check it out!"、

"have you read the Hackers of If you haven't, It is in the attachments :)

It contains true stories, hacking techniques, and more!

It is a fairly big thing to read, so don't read it all at once!"、

"If you download music files from the interne't, you would know that

P2PInstall.exe，KaZaA is seen to be the best file-sharing network

for music. Well, I have included a file，in the attachments that

connects and downloads music twice as fast as what KaZaA can do.

It works well with my computer!Enjoy!"、

"Here is that file you wanted (in the attachments)."。

3. 病毒在通过P2P共享传播时采用的名字一般为下列诱惑性的文件名：

Hotmail PassWord Cracker.pif

How to hack SMTP servers.pif

DoS ICMP-flooder.pif

KaZaA SpeedUp Patch.pif

Modem speed booster.exe

Half-Life KeyGen.exe

RTCW cheat-enabler.exe等等

4.病毒会以文件名为*_32.cab和Wininet32.ocx保存许多份

病毒的清除法：

使用光华反病毒软件，彻底删除。

病毒演示：

病毒FAQ：

Windows下的PE病毒。VB写的蠕虫

发现日期：

2003-6-6