Worm.KanzaaShare.a
病毒名称(中文):
病毒别名:
威胁级别:
★☆☆☆☆
病毒类型:
蠕虫病毒
病毒长度:
19536
影响系统:
Win9xWinMeWinNTWin2000WinXPWin2003
病毒行为:
这是一个通过P2P软件Kazaa进行传播的蠕虫病毒,同时病毒还会链接指定的
IRC服务器,开通IRC频道,使被感染机器被黑客控制。
1.病毒利用dir命令获取c:\progra~1目录下的所有文件及文件夹名,并保存在
c:\mog.txt文件中,然后从中搜索"mysharedfolder"字样(Kazaa的共享文
件夹名)。假如找到,病毒将复制多个备份到该共享目录下,并采用下面的
诱惑性文件名:
SumofallFearsSVCDCD2.exe
SumofallFearsSVCDCD1.exe
StarWarsEpisode2-AttackoftheClonesVCDCD2.exe
StarWarsEpisode2-AttackoftheClonesVCDCD1.exe
SpidermanTheMovie-TheGame.exe
SpidermanSVCDCD3.exe
SpidermanSVCDCD2.exe
SpidermanSVCDCD1.exe
SoldierofFortune2CD2ISO.exe
SoldierofFortune2CD1ISO.exe
ReturntoCastleWolfensteinRTCWcrackedserverpatch(playonanyserverwithafakeserial!).exe
SumofallFearsSVCDCD3.exe
Hentai-MysteryoftheNecromonicon(DivX)(xxxfuckanallesbiancumscatbukkakehentai).exe
Hentai-bondagepicseries(142pics)(xxxfuckanallesbiancumscatbukkakehentai).exe
GrandTheftAuto3CD2ISO.exe
GrandTheftAuto3CD1ISO.exe
ZoneAlarmFirewallPro.exe
XXXTetris(xxxpussylesbianslutcuntfuck).exe
XXXPasswordcracker(xxxpussylesbianslutcuntfuck).exe
WinzipKeyGenerator(c0re).exe
WinRARwithcrack.exe
WinMXBackdoorhack.exe
WindowsXPServeriso.exe
WindowsXPRemotepasswordcracker.exe
WindowsXPProfessionaliso.exe
WindowsXPHometoProfessionalUpgrade.exe
WindowsXPbackdoorhack.exe
Windows98hacker.exe
Windows2000win2kpasswordstealer.exe
Windows2000win2kBackdoorhack.exe
Winamp3.0beta.exe
WinACEwithcrack.exe
WarriorKingsiso.exe
Warezlocator(findsandverifies).exe
Warcraft3Keygen.exe
Warcraft3Crack.exe
Warcraft3beta.exe
UnrealTournamentcracked(worksonallservers).exe
Unreal3betaCRACKED.exe
UniversityStudyGuide(cheatsheet).exe
UncapperforEDUconnections.exe
TurboTaxProfessional2002iso.exe
TheSecretoftheNautilusiso.exe
StarWarsJediKnightII2.exe
StarTrekKlingonAcademyiso.exe
StarTrekBridgeCommanderiso.exe
SpaceEmpiresIV4Goldiso.exe
SoundForgeXPStudio+Serial.exe
ReturntoCastleWolfensteinRTCWcrack(playonanyserverwithfakeserial!).exe
ReturntoCastleWolfensteiniso.exe
RayCrisisiso.exe
QuickenPro2002iso.exe
Quake4leakedbeta(cracked).exe
Quake3cracked(worksonallservers).exe
Preteennudepics(xxxpussylesbianslutcuntfuck).exe
Preteengirlrapecollection(xxxpussylesbianslutcuntfuck).exe
Preteengirlgangbang(xxxfuckanallesbiancumscatbukkakehentai).exe
Preteengirlfucksandsucksherdad(xxxpussylesbianslutcuntfuck).exe
Preteenbondagepics(xxxpussylesbianslutcuntfuck).exe
Playstation2PS2Emulator.exe
Playboynudewallpaper(xxxpussylesbianslutcuntfuck).exe
PHP4UltimateStudyGuide.exe
PerlUltimateStudyGuide.exe
Oni2ndsecondedition.exe
OfficeXPCorporateEd.iso.exe
NotronUtilities2002.exe
NortonUtilities2002.exe
NortonSystemworks2002.exe
NortonInternetSecurity2002.exe
NortonAntiVirus2002.exe
NeroBurningRom5.5cracked.exe
NeroBurningRom5.5Crack.exe
Nero5.5Crack.exe
Monstervillecracked.exe
mIRCbackdoorhack.exe
MicrosoftVisualC++7.0iso.exe
MicrosoftOfficeXPUpgrade(fromolderversions).exe
MCSEUltimateStudyGuide.exe
MaxPayneMultiplayerAddon.exe
MaxPaynefulliso.exe
MacromediaFlash5.exe
MacromediaFlash5UltimateStudyGuide.exe
LESBIANHORSEFUCKERS.exe
KazaaAdvertisementAdremover.exe
KamaSutra.exe
Japanesescatvideo(sick)(xxxfuckanallesbiancumscatbukkakehentai).exe
IRChacker.exe
IncomingForcesiso.exe
ICQhack.exe
ICQAIMPasswordstealer.exe
Hornylesbianfuckshorse!(xxxfuckanallesbiancumscatbukkakehentai).exe
Hooligansiso.exe
Hentai-MysteryoftheNecromonicon(DivX)(xxxfuckanallesbiancumscathentai).exe
Hentai-bondagepicseries(142pics)(xxxfuckanallesbiancumscathentai).exe
hackingtools2002.exe
hackerutils2002.exe
GhostRecon.exe
GhostRecon-DesertSiege.exe
GamecubeEmulator.exe
ESPNNFLPrimetime2002iso.exe
EndOfTwilightiso.exe
EasyCDCreatorcrack(allversions)(core).exe
DSLUncapper.exe
DSLAnonymizer.exe
DreamcastEmulator.exe
DoSAttacker.exe
DivXCodec6.0beta(codeconly).exe
DivXCodec5.0(codeconly).exe
DivXCodec4.0(codeconly).exe
DelphiUltimateStudyGuide.exe
DarkPlanetBattleForNatroliscracked.exe
CreditCardnumbergeneratorVERIFIER(cccc#).exe
cowsgonewild.exe
CopyofZoneAlarmFirewallPro.exe
Copy(11)ofZoneAlarmFirewallPro.exe
ConcealPCFirewall.exe
CommandandConquercncc&cRenegadeiso.exe
CollegePhilosophyUltimateStudyGuide.exe
CollegeHistoryUltimateStudyGuide.exe
CollegeEthicsUltimateStudyGuide.exe
CollegeEnglishUltimateStudyGuide.exe
CollegeComputerScienceUltimateStudyGuide.exe
CollegeComputerEngineeringUltimateStudyGuide.exe
CollegeChemistryUltimateStudyGuide.exe
CollegeBiologyUltimateStudyGuide.exe
CloneCD.exe
CloneCDKeygen.exe
CloneCDCrack(allversions)core.exe
ChristinaAguileranudewallpaper(xxxpussylesbianslutcuntfuck).exe
CableUncapper.exe
CableModemAnonymizer.exe
C++UltimateStudyGuide.exe
BRUTALFORCEDPRETEENANALSEX(xxxfuckanallesbiancumscatbukkakehentai).exe
BritneySpearsnudewallpaper(xxxpussylesbianslutcuntfuck).exe
BorlandC++Builder8.0iso.exe
BlackICEDefender.exe
BandwidthBooster4.2forCable,DSL.exe
BabylonXpasswordcracker.exe
BabylonXBackdoor.exe
AOLHacker.exe
ANSICUltimateStudyGuide.exe
AllCliffnotes(cliff"s).exe
AIMhacker.exe
AdultCheckPasswordCracker(xxxpussylesbianslutcuntfuckanalincest).exe
AdobePhotoshop.exe
AdobePhotoshop6.0.exe
AdobePhotoshop6UltimateStudyGuide.exe
ACDSee4.1cracked.exe
A+CertificationUltimateStudyGuide.exe
2002Playboycenterfoldwallpapers(xxxpussylesbianslutcuntfuck).exe
2001Playboycenterfoldwallpapers(xxxpussylesbianslutcuntfuck).exe
2000Playboycenterfoldwallpapers(xxxpussylesbianslutcuntfuck).exe
1001MixedDrinks.exe
100XXXPasswords(verified3-24-02).exe
100Hotlesbianwallpapers(xxxpussylesbianslutcuntfuck).exe
100HotHardcorePreteenWallpapers(xxxpussylesbianslutcuntfuckanal).exe
2.病毒还会生成c:\mog.reg文件,内容如下:
********************************************************
WindowsRegistryEditorVersion.500
[HKEY_CURRENT_USER\Software\Kazaa\LocalContent]
DisableSharing=dword:00000000
********************************************************
病毒将该文件导入注册表,以确保Kazaa的共享目录被开启。
3.假如是第一次运行,病毒还会将自身复制到%SYSTEM%目录下,并命名为
explorer32.exe,同时在注册表中添加以下注册表项,以实现开机自启:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsExplorerUpdateBuild1142"="%SYSTEM%\explorer32.exe"
[HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices]
"WindowsExplorerUpdateBuild1142"="%SYSTEM%\explorer32.exe"
4.此外,病毒还会链接指定的IRC服务器("m**c*w.or***ic**ap.com"),开通IRC
频道,使被感染机器被黑客控制。
