| 订阅 | 在线投稿
分享
 
 
 

Worm.Sixem.a

来源:互联网  宽屏版  评论
2008-08-14 22:50:14

病毒名称(中文):

病毒别名:

威胁级别:

★☆☆☆☆

病毒类型:

蠕虫病毒

病毒长度:

39904

影响系统:

Win9xWinMeWinNTWin2000WinXPWin2003

病毒行为:

这是一个通过邮件传播的蠕虫病毒,该病毒会搜索被感染机器上的邮件地址并且把自己发送出去,会尝试下载该蠕虫的其他变种。

1.生成互斥变量:

“dezas”

2.生成文件:

%System%\msctools.exe

%System%\cats2.jpg

3.添加注册表起始项,使病毒开机运行:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

nsdevice

msctools.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

nsdevice

msctools.exe

4.添加服务:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

nsdevice

msctools.exe

5.添加注册表项:

HKCU\Software\Microsoft\Windows\CurrentVersion\Url

mls

6.修改以下注册表项:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System

DisableTaskMgr

"0"

HKLM\SOFTWARE\Microsoft\SecurityCenter

FirewallOverride

dword:00000001

HKLM\SOFTWARE\Microsoft\SecurityCenter

FirewallDisableNotify

dword:00000001

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL

dnk

HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile

EnableFirewall

dword:00000000

HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile

EnableFirewall

dword:00000000

7.从下面的网站下载病毒:

http://couplesexxx.com/XXX/dianaimg.exe

8.结束以下进程:

_AVP32.EXE

_AVPCC.EXE

_AVPM.EXE

AVP32.EXE

AVPCC.EXE

AVPM.EXE

AVP.EXE

iamapp.exe

iamserv.exe

FRW.EXE

blackice.exe

blackd.exe

zonealarm.exe

vsmon.exe

VSHWIN32.EXE

VSECOMR.EXE

WEBSCANX.EXE

AVCONSOL.EXE

VSSTAT.EXE

OUTPOST.EXE

REGEDIT.EXE

NETSTAT.EXE

TASKMGR.EXE

MSCONFIG.EXE

NAVAPW32.EXE

NAVW32.EXE

UPDATE.EXE

9.搜索以下文件后缀的文件,来获取邮件地址:

.wab

.adb

.msg

.dbx

.mbx

.mdx

.eml

.nch

.txt

.tbb

.html

.htm

.xml

.doc

.rtf

.xls

.sht

.oft

.not

10.发送邮件:

发件人为以下任意一个:

hotnews@cnn.com

kellyjast@hotmail.com

lindasal@gmail.com

mr.robs@yahoo.com

newsreader@hotmail.com

todaynews@cnn.com

主题为以下任意一个:

Soccerfanskilledfiveteens

Crazysoccerfans

PleasereplymeTomas

Mytricksforyou

NakedWorldCupgameset

Mysisterwhores,shitidontknow

邮件内容为以下任意一个:

Soccerfanskilledfiveteens,watchwhattheymakeonphotos.Pleasereportonthisallwhoknow.

Crazysoccerfanskilledtwoteens,watchwhattheymakeonphotos.Pleasereportonthisallwhoknow.

HaloMarkus,isentmynudepics.Pleasereplymewithyounudephotos;).BestregardYouSweetKitty

IwaityouphotosfromNewYork.Isentmypicswhereinakedforyou.Pleasereplyme.LindaSalivan

Nudistsareorganisingtheirowntributetotheworldcup,bystagingtheirownnudesoccergame,thoughitisnotclearhowtheteamswilltelleachotherapart.Goodphotos;)

EmilyCarrwasanartistknownforherprudery,butnowthePortraitGalleryofCanadahasacquiredanudeself-portrait.Viewphotos.

附件名为以下任意一个:

soccer_fans.jpg.exe

soccer_pics.jpg.exe

kelly_nude_imgs.jpg.exe

linda_bigtit.gif.exe

soccer_nudist.bmp.exe

emily_selfphoto.jpg.exe

 
病毒名称(中文): 病毒别名: 威胁级别: ★☆☆☆☆ 病毒类型: 蠕虫病毒 病毒长度: 39904 影响系统: Win9xWinMeWinNTWin2000WinXPWin2003 病毒行为: 这是一个通过邮件传播的蠕虫病毒,该病毒会搜索被感染机器上的邮件地址并且把自己发送出去,会尝试下载该蠕虫的其他变种。 1.生成互斥变量: “dezas” 2.生成文件: %System%\msctools.exe %System%\cats2.jpg 3.添加注册表起始项,使病毒开机运行: HKCU\Software\Microsoft\Windows\CurrentVersion\Run nsdevice msctools.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Run nsdevice msctools.exe 4.添加服务: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices nsdevice msctools.exe 5.添加注册表项: HKCU\Software\Microsoft\Windows\CurrentVersion\Url mls 6.修改以下注册表项: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System DisableTaskMgr "0" HKLM\SOFTWARE\Microsoft\SecurityCenter FirewallOverride dword:00000001 HKLM\SOFTWARE\Microsoft\SecurityCenter FirewallDisableNotify dword:00000001 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL dnk HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile EnableFirewall dword:00000000 HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile EnableFirewall dword:00000000 7.从下面的网站下载病毒: http://couplesexxx.com/XXX/dianaimg.exe 8.结束以下进程: _AVP32.EXE _AVPCC.EXE _AVPM.EXE AVP32.EXE AVPCC.EXE AVPM.EXE AVP.EXE iamapp.exe iamserv.exe FRW.EXE blackice.exe blackd.exe zonealarm.exe vsmon.exe VSHWIN32.EXE VSECOMR.EXE WEBSCANX.EXE AVCONSOL.EXE VSSTAT.EXE OUTPOST.EXE REGEDIT.EXE NETSTAT.EXE TASKMGR.EXE MSCONFIG.EXE NAVAPW32.EXE NAVW32.EXE UPDATE.EXE 9.搜索以下文件后缀的文件,来获取邮件地址: .wab .adb .msg .dbx .mbx .mdx .eml .nch .txt .tbb .html .htm .xml .doc .rtf .xls .sht .oft .not 10.发送邮件: 发件人为以下任意一个: hotnews@cnn.com kellyjast@hotmail.com lindasal@gmail.com mr.robs@yahoo.com newsreader@hotmail.com todaynews@cnn.com 主题为以下任意一个: Soccerfanskilledfiveteens Crazysoccerfans PleasereplymeTomas Mytricksforyou NakedWorldCupgameset Mysisterwhores,shitidontknow 邮件内容为以下任意一个: Soccerfanskilledfiveteens,watchwhattheymakeonphotos.Pleasereportonthisallwhoknow. Crazysoccerfanskilledtwoteens,watchwhattheymakeonphotos.Pleasereportonthisallwhoknow. HaloMarkus,isentmynudepics.Pleasereplymewithyounudephotos;).BestregardYouSweetKitty IwaityouphotosfromNewYork.Isentmypicswhereinakedforyou.Pleasereplyme.LindaSalivan Nudistsareorganisingtheirowntributetotheworldcup,bystagingtheirownnudesoccergame,thoughitisnotclearhowtheteamswilltelleachotherapart.Goodphotos;) EmilyCarrwasanartistknownforherprudery,butnowthePortraitGalleryofCanadahasacquiredanudeself-portrait.Viewphotos. 附件名为以下任意一个: soccer_fans.jpg.exe soccer_pics.jpg.exe kelly_nude_imgs.jpg.exe linda_bigtit.gif.exe soccer_nudist.bmp.exe emily_selfphoto.jpg.exe
󰈣󰈤
 
 
 
>>返回首页<<
 
 热帖排行
 
 
 
静静地坐在废墟上,四周的荒凉一望无际,忽然觉得,凄凉也很美
©2005- 王朝网络 版权所有