Worm.Sixem.a
病毒名称(中文):
病毒别名:
威胁级别:
★☆☆☆☆
病毒类型:
蠕虫病毒
病毒长度:
39904
影响系统:
Win9xWinMeWinNTWin2000WinXPWin2003
病毒行为:
这是一个通过邮件传播的蠕虫病毒,该病毒会搜索被感染机器上的邮件地址并且把自己发送出去,会尝试下载该蠕虫的其他变种。
1.生成互斥变量:
“dezas”
2.生成文件:
%System%\msctools.exe
%System%\cats2.jpg
3.添加注册表起始项,使病毒开机运行:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
nsdevice
msctools.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
nsdevice
msctools.exe
4.添加服务:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
nsdevice
msctools.exe
5.添加注册表项:
HKCU\Software\Microsoft\Windows\CurrentVersion\Url
mls
6.修改以下注册表项:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableTaskMgr
"0"
HKLM\SOFTWARE\Microsoft\SecurityCenter
FirewallOverride
dword:00000001
HKLM\SOFTWARE\Microsoft\SecurityCenter
FirewallDisableNotify
dword:00000001
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL
dnk
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
EnableFirewall
dword:00000000
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile
EnableFirewall
dword:00000000
7.从下面的网站下载病毒:
http://couplesexxx.com/XXX/dianaimg.exe
8.结束以下进程:
_AVP32.EXE
_AVPCC.EXE
_AVPM.EXE
AVP32.EXE
AVPCC.EXE
AVPM.EXE
AVP.EXE
iamapp.exe
iamserv.exe
FRW.EXE
blackice.exe
blackd.exe
zonealarm.exe
vsmon.exe
VSHWIN32.EXE
VSECOMR.EXE
WEBSCANX.EXE
AVCONSOL.EXE
VSSTAT.EXE
OUTPOST.EXE
REGEDIT.EXE
NETSTAT.EXE
TASKMGR.EXE
MSCONFIG.EXE
NAVAPW32.EXE
NAVW32.EXE
UPDATE.EXE
9.搜索以下文件后缀的文件,来获取邮件地址:
.wab
.adb
.msg
.dbx
.mbx
.mdx
.eml
.nch
.txt
.tbb
.html
.htm
.xml
.doc
.rtf
.xls
.sht
.oft
.not
10.发送邮件:
发件人为以下任意一个:
hotnews@cnn.com
kellyjast@hotmail.com
lindasal@gmail.com
mr.robs@yahoo.com
newsreader@hotmail.com
todaynews@cnn.com
主题为以下任意一个:
Soccerfanskilledfiveteens
Crazysoccerfans
PleasereplymeTomas
Mytricksforyou
NakedWorldCupgameset
Mysisterwhores,shitidontknow
邮件内容为以下任意一个:
Soccerfanskilledfiveteens,watchwhattheymakeonphotos.Pleasereportonthisallwhoknow.
Crazysoccerfanskilledtwoteens,watchwhattheymakeonphotos.Pleasereportonthisallwhoknow.
HaloMarkus,isentmynudepics.Pleasereplymewithyounudephotos;).BestregardYouSweetKitty
IwaityouphotosfromNewYork.Isentmypicswhereinakedforyou.Pleasereplyme.LindaSalivan
Nudistsareorganisingtheirowntributetotheworldcup,bystagingtheirownnudesoccergame,thoughitisnotclearhowtheteamswilltelleachotherapart.Goodphotos;)
EmilyCarrwasanartistknownforherprudery,butnowthePortraitGalleryofCanadahasacquiredanudeself-portrait.Viewphotos.
附件名为以下任意一个:
soccer_fans.jpg.exe
soccer_pics.jpg.exe
kelly_nude_imgs.jpg.exe
linda_bigtit.gif.exe
soccer_nudist.bmp.exe
emily_selfphoto.jpg.exe
