| 订阅 | 在线投稿
分享
 
 
 

Worm.MSNLoveme.g

来源:互联网  宽屏版  评论
2008-08-14 22:23:55

病毒名称(中文):

性感鸡变种G

病毒别名:

威胁级别:

★★★☆☆

病毒类型:

蠕虫病毒

病毒长度:

36352

影响系统:

Win9xWinNT

病毒行为:

该病毒为性感鸡变种G,它通过MSN和共享目录传播,当用户感染该病毒后,该病毒会修改hosts文件,使众多安全及反病毒公司网站地址重定位到MSN网站,有可能导致DDos攻击,且无法正常这此安全公司的网站;禁止运行一些系统程序(如:任务治理器,msconfig.exe等),严重影响用户的正常工作.

1.复制自身到系统目录%System32%下:

svosm.exe

sysup.exe

2.复制自身到%SystemRoot%下:

msmpatch.exe

3.在系统盘根目录下创建以下文件:

Crazy.Html

dsm.exe

OneEyeGrannypic!.pif

MedrunkatTheSea!.pif

PunkLives!lol.pif

MeLoveYouLongTime.pif

Mepic.pif

HillBillyChicklol.pif

DumbLookingGothChick.pif

HotBlonde!.pif

ModellingHerNewBikini.pif

CrazyJapanesemankickscrazyfrog!.pif

FunnyHitlerparody!.pif

Mybirthdaypic!.pif

4.调用IE打开Crazy.Html文件,该病毒有个计数器来统计有多少用户感染了该病毒,如下图:

5.修改注册表使自身随计算机启而自动运行

DsmSer="%System32%\svosm.exe"

AvSer="%System32%\sysup.exe"

rollbk="%SystemRoot%\msmpatch.exe"

HKEY_CURRENT_USER\Microsoft\Windows\CurrentVersion\Run

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

6.修改hosts文件,使众多安全及反病毒公司网站重定向到MSN网站,有可能导致DDos攻击,且无法正常登录下列公司的网站:

213.199.154.54www.symantec.com

213.199.154.54www.sophos.com

213.199.154.54www.mcafee.com

213.199.154.54www.viruslist.com

213.199.154.54www.f-secure.com

213.199.154.54www.avp.com

213.199.154.54www.kaspersky.com

213.199.154.54www.networkassociates.com

213.199.154.54www.ca.com

213.199.154.54www.my-etrust.com

213.199.154.54www.nai.com

213.199.154.54www.trendmicro.com

213.199.154.54www.grisoft.com

213.199.154.54securityresponse.symantec.com

213.199.154.54symantec.com

213.199.154.54sophos.com

213.199.154.54mcafee.com

213.199.154.54liveupdate.symantecliveupdate.com

213.199.154.54viruslist.com

213.199.154.54f-secure.com

213.199.154.54kaspersky.com

213.199.154.54kaspersky-labs.com

213.199.154.54avp.com

213.199.154.54networkassociates.com

213.199.154.54ca.com

213.199.154.54mast.mcafee.com

213.199.154.54my-etrust.com

213.199.154.54download.mcafee.com

213.199.154.54dispatch.mcafee.com

213.199.154.54secure.nai.com

213.199.154.54nai.com

213.199.154.54update.symantec.com

213.199.154.54updates.symantec.com

213.199.154.54us.mcafee.com

213.199.154.54liveupdate.symantec.com

213.199.154.54customer.symantec.com

213.199.154.54rads.mcafee.com

213.199.154.54trendmicro.com

213.199.154.54grisoft.com

213.199.154.54sandbox.norman.no

213.199.154.54www.pandasoftware.com

213.199.154.54uk.trendmicro-europe.com

7.结束安全软件和禁止运行一些系统程序(如:任务治理器,msconfig.exe等):

8.向MSN在线好友发送病毒文件

9.通网络共享目录(如eMule)传播自身,可能的文件名如下:

MSNDisplaypicturestealer.exe

MSNMessenger7.exe

MSNAvatarCreator.exe

10.关闭包含以下字符串的窗口,从而达到保护病毒自身的目的:

ADWARE

ALERTS

ANTI

AUTOSTARTED

Avg

BENIGN

BLOCKER

BUG

BULLGUARD

BUSTER

CENTER

CILLIN

CLEANER

CMD

Command

DESTROY

DETECTION

DOCTOR

EARTHLINK

EDITOR

ELIMINATE

EYE

FIGHT

Filter

FIREWALL

FIX

FIXING

HEAL

HELP

HUNTER

KERIO

Kill

LABS

LIVEUPDATE

MALWARE

MALWHERE

MCAFEE

NETCOP

NOD32

NORTON

PANDA

PROMPT

PROTECTOR

REGISTRY

REMOVAL

RESTORE

SANDBOX

SCAN

SECURE

SECURITY

SOPHOS

SPY

SPYBOT

SPYWARE

STOPPER

SWEEPER

TASK

TOOL

TREND

Update

VCATCH

VIRUS

WATCH

WORM

PROCESS

 
病毒名称(中文): 性感鸡变种G 病毒别名: 威胁级别: ★★★☆☆ 病毒类型: 蠕虫病毒 病毒长度: 36352 影响系统: Win9xWinNT 病毒行为: 该病毒为性感鸡变种G,它通过MSN和共享目录传播,当用户感染该病毒后,该病毒会修改hosts文件,使众多安全及反病毒公司网站地址重定位到MSN网站,有可能导致DDos攻击,且无法正常这此安全公司的网站;禁止运行一些系统程序(如:任务治理器,msconfig.exe等),严重影响用户的正常工作. 1.复制自身到系统目录%System32%下: svosm.exe sysup.exe 2.复制自身到%SystemRoot%下: msmpatch.exe 3.在系统盘根目录下创建以下文件: Crazy.Html dsm.exe OneEyeGrannypic!.pif MedrunkatTheSea!.pif PunkLives!lol.pif MeLoveYouLongTime.pif Mepic.pif HillBillyChicklol.pif DumbLookingGothChick.pif HotBlonde!.pif ModellingHerNewBikini.pif CrazyJapanesemankickscrazyfrog!.pif FunnyHitlerparody!.pif Mybirthdaypic!.pif 4.调用IE打开Crazy.Html文件,该病毒有个计数器来统计有多少用户感染了该病毒,如下图: 5.修改注册表使自身随计算机启而自动运行 DsmSer= "%System32%\svosm.exe" AvSer="%System32%\sysup.exe" rollbk="%SystemRoot%\msmpatch.exe" HKEY_CURRENT_USER\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 6.修改hosts文件,使众多安全及反病毒公司网站重定向到MSN网站,有可能导致DDos攻击,且无法正常登录下列公司的网站: 213.199.154.54www.symantec.com 213.199.154.54www.sophos.com 213.199.154.54www.mcafee.com 213.199.154.54www.viruslist.com 213.199.154.54www.f-secure.com 213.199.154.54www.avp.com 213.199.154.54www.kaspersky.com 213.199.154.54www.networkassociates.com 213.199.154.54www.ca.com 213.199.154.54www.my-etrust.com 213.199.154.54www.nai.com 213.199.154.54www.trendmicro.com 213.199.154.54www.grisoft.com 213.199.154.54securityresponse.symantec.com 213.199.154.54symantec.com 213.199.154.54sophos.com 213.199.154.54mcafee.com 213.199.154.54liveupdate.symantecliveupdate.com 213.199.154.54viruslist.com 213.199.154.54f-secure.com 213.199.154.54kaspersky.com 213.199.154.54kaspersky-labs.com 213.199.154.54avp.com 213.199.154.54networkassociates.com 213.199.154.54ca.com 213.199.154.54mast.mcafee.com 213.199.154.54my-etrust.com 213.199.154.54download.mcafee.com 213.199.154.54dispatch.mcafee.com 213.199.154.54secure.nai.com 213.199.154.54nai.com 213.199.154.54update.symantec.com 213.199.154.54updates.symantec.com 213.199.154.54us.mcafee.com 213.199.154.54liveupdate.symantec.com 213.199.154.54customer.symantec.com 213.199.154.54rads.mcafee.com 213.199.154.54trendmicro.com 213.199.154.54grisoft.com 213.199.154.54sandbox.norman.no 213.199.154.54www.pandasoftware.com 213.199.154.54uk.trendmicro-europe.com 7.结束安全软件和禁止运行一些系统程序(如:任务治理器,msconfig.exe等): 8.向MSN在线好友发送病毒文件 9.通网络共享目录(如eMule)传播自身,可能的文件名如下: MSNDisplaypicturestealer.exe MSNMessenger7.exe MSNAvatarCreator.exe 10.关闭包含以下字符串的窗口,从而达到保护病毒自身的目的: ADWARE ALERTS ANTI AUTOSTARTED Avg BENIGN BLOCKER BUG BULLGUARD BUSTER CENTER CILLIN CLEANER CMD Command DESTROY DETECTION DOCTOR EARTHLINK EDITOR ELIMINATE EYE FIGHT Filter FIREWALL FIX FIXING HEAL HELP HUNTER KERIO Kill LABS LIVEUPDATE MALWARE MALWHERE MCAFEE NETCOP NOD32 NORTON PANDA PROMPT PROTECTOR REGISTRY REMOVAL RESTORE SANDBOX SCAN SECURE SECURITY SOPHOS SPY SPYBOT SPYWARE STOPPER SWEEPER TASK TOOL TREND Update VCATCH VIRUS WATCH WORM PROCESS
󰈣󰈤
 
 
 
>>返回首页<<
 
 热帖排行
 
 
 
静静地坐在废墟上,四周的荒凉一望无际,忽然觉得,凄凉也很美
©2005- 王朝网络 版权所有