| 订阅 | 在线投稿
分享
 
 
 

Worm.MSNLoveme.i

来源:互联网  宽屏版  评论
2008-08-14 22:23:30

病毒名称(中文):

性感鸡变种i

病毒别名:

威胁级别:

★★☆☆☆

病毒类型:

蠕虫病毒

病毒长度:

23476

影响系统:

Win9xWinNT

病毒行为:

该病毒为性感鸡变种i,它通过MSN传播,当用户感染该病毒后,该病毒会修改hosts文件,使众多安全及反病毒公司网站地址重定位到BBC网站,有可能导致对BBC网站的DDos攻击,且无法正常这些安全公司的网站;禁止运行一些系统程序(如:任务治理器,msconfig.exe等);禁止系统还原;禁止Windows资源治理器的"文件夹选项"等;关闭MSN接收文件查毒选项,严重影响用户的正常工作.

调用IE打开的html如下:

1.复制自身到系统目录%System32%下:

csnss.exe

mcsv.com

2.复制自身到%SystemRoot%下:

svhost.exe

LARISSAyoumuppet.txt

3.在系统盘根目录下创建以下文件:

D:\l0ser.Html

D:\Deathofcrazyfrog!.pif

D:\Hotbabe!.pif

D:\ReallyCute.pif

D:\Mypiccy.pif24KB

D:\Bungee-Fuck.pif

D:\I_love_you.123greetings.com.com

D:\ParisHiltonSexTape.pif

D:\ShootBillGates!.exe

D:\Best_Friend.scr

D:\lolBustedAreGay!.pif

D:\SaddamSong!.pif

D:\MeattheBeach!.pif

4.修改注册表使自身随计算机启而自动运行

NDAv="%System32%\csnss.exe"

SDAv="%System32%\mcsv.com.exe"

HKEY_CURRENT_USER\Microsoft\Windows\CurrentVersion\Run

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon

Userinit="%System32%\userinit.exe,D:\WINNT\system32\mcsv.com"

5.在系统注册表中添加(禁止系统还原):

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsNT\SystemRestore

DisableConfig=00000001

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsNT\SystemRestore

DisableSR=00000001

6.修改MSN接收文件查毒选项

HKEY_CURRENT_USER\Software\Microsoft\MSNMessenger

AVEnbl=00000000

7.修改hosts文件,使众多安全及反病毒公司网站重定向到BBC网站,导致无法正常下列公司的网站:

212.58.240.33www.symantec.com

212.58.240.33www.sophos.com

212.58.240.33www.mcafee.com

212.58.240.33www.viruslist.com

212.58.240.33www.f-secure.com

212.58.240.33www.avp.com

212.58.240.33www.kaspersky.com

212.58.240.33www.networkassociates.com

212.58.240.33www.ca.com

212.58.240.33www.my-etrust.com

212.58.240.33www.nai.com

212.58.240.33www.trendmicro.com

212.58.240.33www.grisoft.com

212.58.240.33securityresponse.symantec.com

212.58.240.33symantec.com

212.58.240.33sophos.com

212.58.240.33mcafee.com

212.58.240.33liveupdate.symantecliveupdate.com

212.58.240.33viruslist.com

212.58.240.33f-secure.com

212.58.240.33kaspersky.com

212.58.240.33kaspersky-labs.com

212.58.240.33avp.com

212.58.240.33networkassociates.com

212.58.240.33ca.com

212.58.240.33mast.mcafee.com

212.58.240.33my-etrust.com

212.58.240.33download.mcafee.com

212.58.240.33dispatch.mcafee.com

212.58.240.33secure.nai.com

212.58.240.33nai.com

212.58.240.33update.symantec.com

212.58.240.33updates.symantec.com

212.58.240.33us.mcafee.com

212.58.240.33liveupdate.symantec.com

212.58.240.33customer.symantec.com

212.58.240.33rads.mcafee.com

212.58.240.33trendmicro.com

212.58.240.33grisoft.com

212.58.240.33sandbox.norman.no

212.58.240.33www.pandasoftware.com

212.58.240.33uk.trendmicro-europe.com

8.结束安全软件和禁止运行一些系统程序(如:任务治理器,msconfig.exe等):

9.向MSN好友发送病毒文件

10.通网络共享目录(如eMule)传播自身,可能的文件名如下:

MSNMessenger7patch!.exe

CE/DPStealer2.exe

MSNAvatarDisplayPack1.0.exe

病毒名称(中文): 性感鸡变种i 病毒别名: 威胁级别: ★★☆☆☆ 病毒类型: 蠕虫病毒 病毒长度: 23476 影响系统: Win9xWinNT 病毒行为: 该病毒为性感鸡变种i,它通过MSN传播,当用户感染该病毒后,该病毒会修改hosts文件,使众多安全及反病毒公司网站地址重定位到BBC网站,有可能导致对BBC网站的DDos攻击,且无法正常这些安全公司的网站;禁止运行一些系统程序(如:任务治理器,msconfig.exe等);禁止系统还原;禁止Windows资源治理器的"文件夹选项"等;关闭MSN接收文件查毒选项,严重影响用户的正常工作. 调用IE打开的html如下: 1.复制自身到系统目录%System32%下: csnss.exe mcsv.com 2.复制自身到%SystemRoot%下: svhost.exe LARISSAyoumuppet.txt 3.在系统盘根目录下创建以下文件: D:\l0ser.Html D:\Deathofcrazyfrog!.pif D:\Hotbabe!.pif D:\ReallyCute.pif D:\Mypiccy.pif 24KB D:\Bungee-Fuck.pif D:\I_love_you.123greetings.com.com D:\ParisHiltonSexTape.pif D:\ShootBillGates!.exe D:\Best_Friend.scr D:\lolBustedAreGay!.pif D:\SaddamSong!.pif D:\MeattheBeach!.pif 4.修改注册表使自身随计算机启而自动运行 NDAv= "%System32%\csnss.exe" SDAv="%System32%\mcsv.com.exe" HKEY_CURRENT_USER\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon Userinit= "%System32%\userinit.exe,D:\WINNT\system32\mcsv.com" 5.在系统注册表中添加(禁止系统还原): HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsNT\SystemRestore DisableConfig= 00000001 HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsNT\SystemRestore DisableSR= 00000001 6.修改MSN接收文件查毒选项 HKEY_CURRENT_USER\Software\Microsoft\MSNMessenger AVEnbl =00000000 7.修改hosts文件,使众多安全及反病毒公司网站重定向到BBC网站,导致无法正常下列公司的网站: 212.58.240.33www.symantec.com 212.58.240.33www.sophos.com 212.58.240.33www.mcafee.com 212.58.240.33www.viruslist.com 212.58.240.33www.f-secure.com 212.58.240.33www.avp.com 212.58.240.33www.kaspersky.com 212.58.240.33www.networkassociates.com 212.58.240.33www.ca.com 212.58.240.33www.my-etrust.com 212.58.240.33www.nai.com 212.58.240.33www.trendmicro.com 212.58.240.33www.grisoft.com 212.58.240.33securityresponse.symantec.com 212.58.240.33symantec.com 212.58.240.33sophos.com 212.58.240.33mcafee.com 212.58.240.33liveupdate.symantecliveupdate.com 212.58.240.33viruslist.com 212.58.240.33f-secure.com 212.58.240.33kaspersky.com 212.58.240.33kaspersky-labs.com 212.58.240.33avp.com 212.58.240.33networkassociates.com 212.58.240.33ca.com 212.58.240.33mast.mcafee.com 212.58.240.33my-etrust.com 212.58.240.33download.mcafee.com 212.58.240.33dispatch.mcafee.com 212.58.240.33secure.nai.com 212.58.240.33nai.com 212.58.240.33update.symantec.com 212.58.240.33updates.symantec.com 212.58.240.33us.mcafee.com 212.58.240.33liveupdate.symantec.com 212.58.240.33customer.symantec.com 212.58.240.33rads.mcafee.com 212.58.240.33trendmicro.com 212.58.240.33grisoft.com 212.58.240.33sandbox.norman.no 212.58.240.33www.pandasoftware.com 212.58.240.33uk.trendmicro-europe.com 8.结束安全软件和禁止运行一些系统程序(如:任务治理器,msconfig.exe等): 9.向MSN好友发送病毒文件 10.通网络共享目录(如eMule)传播自身,可能的文件名如下: MSNMessenger7patch!.exe CE/DPStealer2.exe MSNAvatarDisplayPack1.0.exe
󰈣󰈤
 
 
 
>>返回首页<<
 
 热帖排行
 
 
 
静静地坐在废墟上,四周的荒凉一望无际,忽然觉得,凄凉也很美
©2005- 王朝网络 版权所有