| 订阅 | 在线投稿
分享
 
 
 

Worm.Beagle.fl

来源:互联网  宽屏版  评论
2008-08-14 22:40:55

病毒名称(中文):

恶鹰fl

病毒别名:

威胁级别:

★★☆☆☆

病毒类型:

蠕虫病毒

病毒长度:

41001

影响系统:

Win9xWinMeWinNTWin2000WinXPWin2003

病毒行为:

这是一个通过邮件传播的蠕虫病毒,该病毒首先会删除用户机器上的安全软件的起始项,然后在把自己加载到起始项中,使病毒可以开机启动。该病毒运行时会搜索用户机器上的邮件地址,向搜索到的邮件地

址发送病毒本身,对用户带来很多不便。

1。建立互斥变量名为:

"MuXxXxTENYKSDesignedAsTheFollowerOfSkynet-D"

""D"r"o"p"p"e"d"S"k"y"N"e"t""

"_-oOaxX|-+S+-+k+-+y+-+N+-+e+-+t+-|XxKOo-_"

"[SkyNet.cz]SystemsMutex"

"AdmSkynetJklS003"

"____--->>>>U<<<<--____"

"_-oO]xX|-S-k-y-N-e-t-|Xx[Oo-_"

2。删除一下的起始项:

"HLCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"

"MyAV"

"ZoneLabsClientEx"

"9XHtProtect"

"Antivirus"

"SpecialFirewallService"

"service"

"TinyAV"

"ICQNet"

"HtProtect"

"NetDy"

"Jammer2nd"

"FirewallSvr"

"MsInfo"

"SysMonXP"

"EasyAV"

"PandaAVEngine"

"NortonAntivirusAV"

"KasperskyAVEng"

"SkynetsRevenge"

"ICQNet"

3.在%system%中生成:

windspl.exe

4.添加起始项,使病毒开机启动

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

"DsplObjects"

windspl.exe

5.发送邮件的附件为一下文件名:

MicrosoftOffice2003Crack,Working!.exe

MicrosoftWindowsXP,WinXPCrack,workingKeygen.exe

MicrosoftOfficeXPworkingCrack,Keygen.exe

Porno,sex,oral,analcool,awesome!!.exe

PornoScreensaver.scr

Serials.txt.exe

KAV5.0KasperskyAntivirus5.0Pornopicsarhive,xxx.exe

WindowsSourcecodeupdate.doc.exe

AheadNero7.exe

WindownLonghornBetaLeak.exe

Opera8New!.exe

XXXhardcoreimages.exe

WinAmp6New!.exe

WinAmp5ProKeygenCrackUpdate.exe

AdobePhotoshop9full.exe

Matrix3RevolutionEnglishSubtitles.exe

ACDSee9.exe

标题:

Gwd:MsgreplyGwd:Hello:-)

Gwd:Yahoo!!!Gwd:Thankyou!Gwd:Thanks:)

Gwd:TextmessageGwd:Document

Gwd:Incomingmessage

Gwd:IncomingMessage

Gwd:IncomingMsg

Gwd:MessageNotify

Gwd:Notification

Gwd:Changes..

Gwd:Update

Gwd:FaxMessage

Gwd:ProtectedmessageGwd:Protectedmessage

Gwd:Forumnotify

Gwd:Sitechanges

Gwd:Hi

Gwd:crypteddocument

内容:

Ok.Readtheattach.

Ok.Yourfileisattached.

Ok.Moreinfoisinattach

Ok.Seeattach.

Ok.Please,havealookattheattachedfile.

Ok.Yourdocumentisattached.

Ok.Please,readthedocument.

Ok.Attachtellseverything.

Ok.Attachedfiletellseverything.

Ok.Checkattachedfilefordetails.

Ok.Checkattachedfile.

Ok.Payattentionattheattach.

Ok.Seetheattachedfilefordetails.

Ok.Messageisinattach

Ok.Hereisthefile.

6。在文件中隐藏着作者的一段话:

Inadifficultworld

Inanamelesstime

Iwanttosurvive

So,youwillbemine!!

--BagleAuthor,29.04.04,Germany.

 
病毒名称(中文): 恶鹰fl 病毒别名: 威胁级别: ★★☆☆☆ 病毒类型: 蠕虫病毒 病毒长度: 41001 影响系统: Win9xWinMeWinNTWin2000WinXPWin2003 病毒行为: 这是一个通过邮件传播的蠕虫病毒,该病毒首先会删除用户机器上的安全软件的起始项,然后在把自己加载到起始项中,使病毒可以开机启动。该病毒运行时会搜索用户机器上的邮件地址,向搜索到的邮件地 址发送病毒本身,对用户带来很多不便。 1。建立互斥变量名为: "MuXxXxTENYKSDesignedAsTheFollowerOfSkynet-D" ""D"r"o"p"p"e"d"S"k"y"N"e"t"" "_-oOaxX|-+S+-+k+-+y+-+N+-+e+-+t+-|XxKOo-_" "[SkyNet.cz]SystemsMutex" "AdmSkynetJklS003" "____--->>>>U<<<<--____" "_-oO]xX|-S-k-y-N-e-t-|Xx[Oo-_" 2。删除一下的起始项: "HLCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "MyAV" "ZoneLabsClientEx" "9XHtProtect" "Antivirus" "SpecialFirewallService" "service" "TinyAV" "ICQNet" "HtProtect" "NetDy" "Jammer2nd" "FirewallSvr" "MsInfo" "SysMonXP" "EasyAV" "PandaAVEngine" "NortonAntivirusAV" "KasperskyAVEng" "SkynetsRevenge" "ICQNet" 3.在%system%中生成: windspl.exe 4.添加起始项,使病毒开机启动 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "DsplObjects" windspl.exe 5.发送邮件的附件为一下文件名: MicrosoftOffice2003Crack,Working!.exe MicrosoftWindowsXP,WinXPCrack,workingKeygen.exe MicrosoftOfficeXPworkingCrack,Keygen.exe Porno,sex,oral,analcool,awesome!!.exe PornoScreensaver.scr Serials.txt.exe KAV5.0KasperskyAntivirus5.0Pornopicsarhive,xxx.exe WindowsSourcecodeupdate.doc.exe AheadNero7.exe WindownLonghornBetaLeak.exe Opera8New!.exe XXXhardcoreimages.exe WinAmp6New!.exe WinAmp5ProKeygenCrackUpdate.exe AdobePhotoshop9full.exe Matrix3RevolutionEnglishSubtitles.exe ACDSee9.exe 标题: Gwd:MsgreplyGwd:Hello:-) Gwd:Yahoo!!!Gwd:Thankyou!Gwd:Thanks:) Gwd:TextmessageGwd:Document Gwd:Incomingmessage Gwd:IncomingMessage Gwd:IncomingMsg Gwd:MessageNotify Gwd:Notification Gwd:Changes.. Gwd:Update Gwd:FaxMessage Gwd:ProtectedmessageGwd:Protectedmessage Gwd:Forumnotify Gwd:Sitechanges Gwd:Hi Gwd:crypteddocument 内容: Ok.Readtheattach. Ok.Yourfileisattached. Ok.Moreinfoisinattach Ok.Seeattach. Ok.Please,havealookattheattachedfile. Ok.Yourdocumentisattached. Ok.Please,readthedocument. Ok.Attachtellseverything. Ok.Attachedfiletellseverything. Ok.Checkattachedfilefordetails. Ok.Checkattachedfile. Ok.Payattentionattheattach. Ok.Seetheattachedfilefordetails. Ok.Messageisinattach Ok.Hereisthefile. 6。在文件中隐藏着作者的一段话: Inadifficultworld Inanamelesstime Iwanttosurvive So,youwillbemine!! --BagleAuthor,29.04.04,Germany.
󰈣󰈤
 
 
 
>>返回首页<<
 
 热帖排行
 
 
 
静静地坐在废墟上,四周的荒凉一望无际,忽然觉得,凄凉也很美
©2005- 王朝网络 版权所有