Worm.Sixem.a

病毒名称(中文):

病毒别名:

威胁级别:

★☆☆☆☆

病毒类型:

蠕虫病毒

病毒长度:

39904

影响系统:

Win9xWinMeWinNTWin2000WinXPWin2003

病毒行为:

这是一个通过邮件传播的蠕虫病毒，该病毒会搜索被感染机器上的邮件地址并且把自己发送出去，会尝试下载该蠕虫的其他变种。

1.生成互斥变量:

“dezas”

2.生成文件:

%System%\msctools.exe

%System%\cats2.jpg

3.添加注册表起始项，使病毒开机运行:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

nsdevice

msctools.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

nsdevice

msctools.exe

4.添加服务:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

nsdevice

msctools.exe

5.添加注册表项:

HKCU\Software\Microsoft\Windows\CurrentVersion\Url

mls

6.修改以下注册表项:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System

DisableTaskMgr

"0"

HKLM\SOFTWARE\Microsoft\SecurityCenter

FirewallOverride

dword:00000001

HKLM\SOFTWARE\Microsoft\SecurityCenter

FirewallDisableNotify

dword:00000001

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL

dnk

HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile

EnableFirewall

dword:00000000

HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile

EnableFirewall

dword:00000000

7.从下面的网站下载病毒:

http://couplesexxx.com/XXX/dianaimg.exe

8.结束以下进程:

_AVP32.EXE

_AVPCC.EXE

_AVPM.EXE

AVP32.EXE

AVPCC.EXE

AVPM.EXE

AVP.EXE

iamapp.exe

iamserv.exe

FRW.EXE

blackice.exe

blackd.exe

zonealarm.exe

vsmon.exe

VSHWIN32.EXE

VSECOMR.EXE

WEBSCANX.EXE

AVCONSOL.EXE

VSSTAT.EXE

OUTPOST.EXE

REGEDIT.EXE

NETSTAT.EXE

TASKMGR.EXE

MSCONFIG.EXE

NAVAPW32.EXE

NAVW32.EXE

UPDATE.EXE

9.搜索以下文件后缀的文件，来获取邮件地址:

.wab

.adb

.msg

.dbx

.mbx

.mdx

.eml

.nch

.txt

.tbb

.html

.htm

.xml

.doc

.rtf

.xls

.sht

.oft

.not

10.发送邮件:

发件人为以下任意一个:

hotnews@cnn.com

kellyjast@hotmail.com

lindasal@gmail.com

mr.robs@yahoo.com

newsreader@hotmail.com

todaynews@cnn.com

主题为以下任意一个:

Soccerfanskilledfiveteens

Crazysoccerfans

PleasereplymeTomas

Mytricksforyou

NakedWorldCupgameset

Mysisterwhores,shitidontknow

邮件内容为以下任意一个:

Soccerfanskilledfiveteens,watchwhattheymakeonphotos.Pleasereportonthisallwhoknow.

Crazysoccerfanskilledtwoteens,watchwhattheymakeonphotos.Pleasereportonthisallwhoknow.

HaloMarkus,isentmynudepics.Pleasereplymewithyounudephotos;).BestregardYouSweetKitty

IwaityouphotosfromNewYork.Isentmypicswhereinakedforyou.Pleasereplyme.LindaSalivan

Nudistsareorganisingtheirowntributetotheworldcup,bystagingtheirownnudesoccergame,thoughitisnotclearhowtheteamswilltelleachotherapart.Goodphotos;)

EmilyCarrwasanartistknownforherprudery,butnowthePortraitGalleryofCanadahasacquiredanudeself-portrait.Viewphotos.

附件名为以下任意一个:

soccer_fans.jpg.exe

soccer_pics.jpg.exe

kelly_nude_imgs.jpg.exe

linda_bigtit.gif.exe

soccer_nudist.bmp.exe

emily_selfphoto.jpg.exe