Worm.Saros.a

王朝other·作者佚名 2008-08-14

宽屏版字体: 小|中|大|超大

病毒名称(中文):

萨露丝

病毒别名:

I-Worm.Saros.a[AVP]

威胁级别:

★★☆☆☆

病毒类型:

蠕虫病毒

病毒长度:

60014

影响系统:

Win9xWinNTWin2000WinXPWin2003

病毒行为:

编写工具:

传染条件:

发作条件:

系统修改:

1.复制自身到以下文件:

WINDOWSsystem32NonYou.exe

WINDOWSsystem32Love-ScreenSaver.scr

WINDOWSsystem32MSOutlookInternetUpdate.exe

progra~1KazaaMySharedFolderRosy.exe

progra~1KazaaMySharedFolderPipponoto.exe

progra~1KazaaMySharedFolderAnastacia-LeftOutsideAlone.mp3.exe

progra~1KazaaMySharedFolderTheRasmus-InTheShadows.mp3.exe

progra~1KazaaMySharedFolder50Cent-IndaClub.mp3.exe

progra~1KazaaMySharedFolderVanessaCarltron-OrdinaryDay.mp3.exe

progra~1KazaaMySharedFolderHaiducii-DragosteaDinTei.mp3.exe

progra~1KazaaMySharedFolderBlackEyedPeas-HeyMama.mp3.exe

progra~1KazaaMySharedFolderRaf-Intuttiimieigiorni.mp3.exe

progra~1KazaaMySharedFolderVascoRossi-Buoniecattivi.mp3.exe

progra~1KazaaMySharedFolderLionelRichie-JustForYou.mp3.exe

progra~1KazaaLiteMySharedFolderRosy.exe

progra~1KazaaLiteMySharedFolderPipponoto.exe

progra~1KazaaLiteMySharedFolderAnastacia-LeftOutsideAlone.mp3.exe

progra~1KazaaLiteMySharedFolderTheRasmus-InTheShadows.mp3.exe

progra~1KazaaLiteMySharedFolder50Cent-IndaClub.mp3.exe

progra~1KazaaLiteMySharedFolderVanessaCarltron-OrdinaryDay.mp3.exe

progra~1KazaaLiteMySharedFolderHaiducii-DragosteaDinTei.mp3.exe

progra~1KazaaLiteMySharedFolderBlackEyedPeas-HeyMama.mp3.exe

progra~1KazaaLiteMySharedFolderRaf-Intuttiimieigiorni.mp3.exe

progra~1KazaaLiteMySharedFolderVascoRossi-Buoniecattivi.mp3.exe

progra~1KazaaLiteMySharedFolderLionelRichie-JustForYou.mp3.exe

progra~1KazaaLiteK++MySharedFolderRosy.exe

progra~1KazaaLiteK++MySharedFolderPipponoto.exe

progra~1KazaaLiteK++MySharedFolderAnastacia-LeftOutsideAlone.mp3.exe

progra~1KazaaLiteK++MySharedFolderTheRasmus-InTheShadows.mp3.exe

progra~1KazaaLiteK++MySharedFolder50Cent-IndaClub.mp3.exe

progra~1KazaaLiteK++MySharedFolderVanessaCarltron-OrdinaryDay.mp3.exe

progra~1KazaaLiteK++MySharedFolderHaiducii-DragosteaDinTei.mp3.exe

progra~1KazaaLiteK++MySharedFolderHaiducii-Dragosteadintei.mp3.exe

progra~1KazaaLiteK++MySharedFolderRaf-Intuttiimieigiorni.mp3.exe

progra~1KazaaLiteK++MySharedFolderVascoRossi-Buoniecattivi.mp3.exe

progra~1KazaaLiteK++MySharedFolderLionelRichie-JustForYou.mp3.exe

progra~1ICQSharedFolderRosy.exe

progra~1ICQSharedFolderPipponoto.exe

progra~1ICQSharedFolderAnastacia-LeftOutsideAlone.mp3.exe

progra~1ICQSharedFolderTheRasmus-InTheShadows.mp3.exe

progra~1ICQSharedFolder50Cent-IndaClub.mp3.exe

progra~1ICQSharedFolderVanessaCarltron-OrdinaryDay.mp3.exe

progra~1ICQSharedFolderHaiducii-DragosteaDinTei.mp3.exe

progra~1ICQSharedFolderBlackEyedPeas-HeyMama.mp3.exe

progra~1ICQSharedFolderRaf-Intuttiimieigiorni.mp3.exe

progra~1ICQSharedFolderVascoRossi-Buoniecattivi.mp3.exe

progra~1ICQSharedFolderLionelRichie-JustForYou.mp3.exe

progra~1GroksterMyGroksterRosy.exe

progra~1GroksterMyGroksterPipponoto.exe

progra~1GroksterMyGroksterAnastacia-LeftOutsideAlone.mp3.exe

progra~1GroksterMyGroksterTheRasmus-InTheShadows.mp3.exe

progra~1GroksterMyGrokster50Cent-IndaClub.mp3.exe

progra~1GroksterMyGroksterVanessaCarltron-OrdinaryDay.mp3.exe

progra~1GroksterMyGroksterHaiducii-DragosteaDinTei.mp3.exe

progra~1GroksterMyGroksterBlackEyedPeas-HeyMama.mp3.exe

progra~1GroksterMyGroksterRaf-Intuttiimieigiorni.mp3.exe

progra~1GroksterMyGroksterVascoRossi-Buoniecattivi.mp3.exe

progra~1GroksterMyGroksterLionelRichie-JustForYou.mp3.exe

progra~1BearshareSharedRosy.exe

progra~1BearshareSharedPipponoto.exe

progra~1BearshareSharedAnastacia-LeftOutsideAlone.mp3.exe

progra~1BearshareSharedTheRasmus-InTheShadows.mp3.exe

progra~1BearshareShared50Cent-IndaClub.mp3.exe

progra~1BearshareSharedVanessaCarltron-OrdinaryDay.mp3.exe

progra~1BearshareSharedHaiducii-DragosteaDinTei.mp3.exe

progra~1BearshareSharedBlackEyedPeas-HeyMama.mp3.exe

progra~1BearshareSharedRaf-Intuttiimieigiorni.mp3.exe

progra~1BearshareSharedVascoRossi-Buoniecattivi.mp3.exe

progra~1BearshareSharedLionelRichie-JustForYou.mp3.exe

progra~1eDonkey2000IncomingRosy.exe

progra~1eDonkey2000IncomingPipponoto.exe

progra~1eDonkey2000IncomingAnastacia-LeftOutsideAlone.mp3.exe

progra~1eDonkey2000IncomingTheRasmus-InTheShadows.mp3.exe

progra~1eDonkey2000Incoming50Cent-IndaClub.mp3.exe

progra~1eDonkey2000IncomingVanessaCarltron-OrdinaryDay.mp3.exe

progra~1eDonkey2000IncomingHaiducii-DragosteaDinTei.mp3.exe

progra~1eDonkey2000IncomingBlackEyedPeas-HeyMama.mp3.exe

progra~1eDonkey2000IncomingRaf-Intuttiimieigiorni.mp3.exe

progra~1eDonkey2000IncomingVascoRossi-Buoniecattivi.mp3.exe

progra~1eDonkey2000IncomingLionelRichie-JustForYou.mp3.exe

progra~1eMuleIncomingRosy.exe

progra~1eMuleIncomingPipponoto.exe

progra~1eMuleIncomingAnastacia-LeftOutsideAlone.mp3.exe

progra~1eMuleIncomingTheRasmus-InTheShadows.mp3.exe

progra~1eMuleIncoming50Cent-IndaClub.mp3.exe

progra~1eMuleIncomingVanessaCarltron-OrdinaryDay.mp3.exe

progra~1eMuleIncomingHaiducii-DragosteaDinTei.mp3.exe

progra~1eMuleIncomingBlackEyedPeas-HeyMama.mp3.exe

progra~1eMuleIncomingRaf-Intuttiimieigiorni.mp3.exe

progra~1eMuleIncomingVascoRossi-Buoniecattivi.mp3.exe

progra~1eMuleIncomingLionelRichie-JustForYou.mp3.exe

progra~1MorpheusMySharedFolderRosy.exe

progra~1MorpheusMySharedFolderPipponoto.exe

progra~1MorpheusMySharedFolderAnastacia-LeftOutsideAlone.mp3.exe

progra~1MorpheusMySharedFolderTheRasmus-InTheShadows.mp3.exe

progra~1MorpheusMySharedFolder50Cent-IndaClub.mp3.exe

progra~1MorpheusMySharedFolderVanessaCarltron-OrdinaryDay.mp3.exe

progra~1MorpheusMySharedFolderHaiducii-DragosteaDinTei.mp3.exe

progra~1MorpheusMySharedFolderBlackEyedPeas-HeyMama.mp3.exe

progra~1MorpheusMySharedFolderRaf-Intuttiimieigiorni.mp3.exe

progra~1MorpheusMySharedFolderVascoRossi-Buoniecattivi.mp3.exe

progra~1MorpheusMySharedFolderLionelRichie-JustForYou.mp3.exe

progra~1LimeWireSharedRosy.exe

progra~1LimeWireSharedPipponoto.exe

progra~1LimeWireSharedAnastacia-LeftOutsideAlone.mp3.exe

progra~1LimeWireSharedTheRasmus-InTheShadows.mp3.exe

progra~1LimeWireShared50Cent-IndaClub.mp3.exe

progra~1LimeWireSharedVanessaCarltron-OrdinaryDay.mp3.exe

progra~1LimeWireSharedHaiducii-DragosteaDinTei.mp3.exe

progra~1LimeWireSharedBlackEyedPeas-HeyMama.mp3.exe

progra~1LimeWireSharedRaf-Intuttiimieigiorni.mp3.exe

progra~1LimeWireSharedVascoRossi-Buoniecattivi.mp3.exe

progra~1LimeWireSharedLionelRichie-JustForYou.mp3.exe

progra~1TeslaFilesRosy.exe

progra~1TeslaFilesPipponoto.exe

progra~1TeslaFilesAnastacia-LeftOutsideAlone.mp3.exe

progra~1TeslaFilesTheRasmus-InTheShadows.mp3.exe

progra~1TeslaFiles50Cent-IndaClub.mp3.exe

progra~1TeslaFilesVanessaCarltron-OrdinaryDay.mp3.exe

progra~1TeslaFilesHaiducii-DragosteaDinTei.mp3.exe

progra~1TeslaFilesBlackEyedPeas-HeyMama.mp3.exe

progra~1TeslaFilesRaf-Intuttiimieigiorni.mp3.exe

progra~1TeslaFilesVascoRossi-Buoniecattivi.mp3.exe

progra~1TeslaFilesLionelRichie-JustForYou.mp3.exe

progra~1WinMXSharedRosy.exe

progra~1WinMXSharedPipponoto.exe

progra~1WinMXSharedAnastacia-LeftOutsideAlone.mp3.exe

progra~1WinMXSharedTheRasmus-InTheShadows.mp3.exe

progra~1WinMXShared50Cent-IndaClub.mp3.exe

progra~1WinMXSharedVanessaCarltron-OrdinaryDay.mp3.exe

progra~1WinMXSharedHaiducii-DragosteaDinTei.mp3.exe

progra~1WinMXSharedBlackEyedPeas-HeyMama.mp3.exe

progra~1WinMXSharedRaf-Intuttiimieigiorni.mp3.exe

progra~1WinMXSharedVascoRossi-Buoniecattivi.mp3.exe

progra~1WinMXSharedLionelRichie-JustForYou.mp3.exe

2..建立WINDOWSsystem32About.hta文件

3..显示消息

标题:MicrosoftWindowsUpdate

内容:ClickYesForUpdateMicrosoftOutlookviaE-mail

4.建立WINDOWSsystem32

stdnrdll32.vbs文件

该VBS文件作如下工作:

a.在注册表主键"HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun

ldr32"下，

添加如下键值："default"="WINDOWSsystem32NonYou.exe"

b.在注册表主键"HKEY_CURRENT_USERSoftwareMicrosoftOffice8.0OutlookSecurity"下，

添加如下键值："Level1Remove"="exe"

c.在注册表主键"HKEY_CURRENT_USERSoftwareMicrosoftOffice9.0OutlookSecurity"下，

添加如下键值："Level1Remove"="exe"

d.在注册表主键"HKEY_CURRENT_USERSoftwareMicrosoftOffice10.0OutlookSecurity"下，

添加如下键值："Level1Remove"="exe"

e.在注册表主键"HKLMSOFTWAREMicrosoftWindowsCurrentVersionRunoncewincomp32"下，

添加如下键值："default"="WINDOWSsystem32

stdnrdll32.vbs"

f.建立文件WINDOWSsystem32Love-ScreenSaver.cab,它包含蠕虫本身

g.假如当前日期是11号或23号,则把IE的默认页改为:www.gedzac.tk

并用浏览器打开WINDOWSsystem32About.hta

h.根据outlook地址簿Email地址发送带毒邮件

该邮件主题为:MicrosoftOutlookNews

内容:MicrosoftOutlookUpdate/BugFixed-Contact:support@microsoft.com

附件:MSOutlookInternetUpdate.exe(该附件为病毒本身)

i.打开www.windowsupdate.com

5.在ProgramFilesmIRCmirc.ini文件中的rfiles节中增加

n2=tdll32.dll

6.通过mIrc发送Love-ScreenSaver.cab(病毒)给其它mIrc用户

发作现象:

检查当前日期是否为11号或23号

假如是则显示如下两条消息:

标题:NonYou

内容:RosyTiAmo-Saro&RosyForever

标题:GedzacGroup2004

内容:

NonYou.aGedzacLabsProductions

CodedbySarosoft-DedicatedtomyLoveRos

GedzacGroup2004-http://www.gedzac.tk

Gedzac

TheVirusCrew

非凡说明: