|
1、释放病毒文件到:
%System%\XpFirewall.exe
%homedriver%\funny_pic.scr
%homedriver%\my_photo2005.scr
%homedriver%\see_this!!.scr
%homedriver%\hellmsn.exe |
Net-Worm.Win32.Mytob.w
Net-Worm.Win32.Mytob.w
Net-Worm.Win32.Mytob.w
Net-Worm.Win32.Mytob.w
Net-Worm.Win32.Mytob.f |
2、修改系统注册表文件,添加到启动项,达到随系统启动的目的:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
键值:字串:"Windows Service XP"="XpFirewall.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
键值:字串:"Windows Service XP"="XpFirewall.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
键值:字串:"Windows Service XP"="XpFirewall.exe"
HKCU\SYSTEM\CurrentControlSet\Control\Lsa
键值:字串:"Windows Service XP"="XpFirewall.exe"
HKLM\SYSTEM\CurrentControlSet\Control\Lsa
键值:字串:"Windows Service XP"="XpFirewall.exe"
HKCU\Software\Microsoft\OLE
键值:字串:"Windows Service XP"="XpFirewall.exe"
HKLM\Software\Microsoft\OLE
键值:字串:"Windows Service XP"="XpFirewall.exe"
3、病毒可以利用电子邮件传播:
病毒邮件的发送者可能为:
bob
bob
brenda
brent
brian
britney
bush
claudia
dan
dave
david
debby
fred
george
helen |
jack
james
jane
jerry
jim
jimmy
joe
john
jose
julie
kevin
leo
linda
lolita
madmax |
maria
mary
matt
michael
mike
peter
ray
robert
sam
sandra
serg
smith
stan
steve
ted |
病毒邮件标题可能为:
Error
Good day
Hello
Mail Delivery System
Mail Transaction Failed
Server Report
Status
病毒邮件内容可能为:
Mail transaction failed. Partial message is available.
The original message was included as an attachments.
The message contains Unicode characters and has been sent as a binary attachment.
The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
Here are your banks documents.
病毒附件名可能为:
body
data
doc
document
file |
message
readme
test
text
|
第二扩展名可能为:
bat
cmd
doc
exe
htm |
pif
scr
tmp
txt
zip |
病毒还会修改感染系统的%System%\drivers\etc\hosts 文件,阻止用户访问某些反病毒及安全类网站:
127.0.0.1 www.symantec.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 symantec.com
127.0.0.1 www.sophos.com
127.0.0.1 sophos.com
127.0.0.1 www.mcafee.com
127.0.0.1 mcafee.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 www.viruslist.com
127.0.0.1 viruslist.com
127.0.0.1 viruslist.com
127.0.0.1 f-secure.com
127.0.0.1 www.f-secure.com
127.0.0.1 kaspersky.com
127.0.0.1 www.avp.com
127.0.0.1 www.kaspersky.com
127.0.0.1 avp.com |
127.0.0.1 www.networkassociates.com
127.0.0.1 networkassociates.com
127.0.0.1 www.ca.com
127.0.0.1 ca.com
127.0.0.1 mast.mcafee.com
127.0.0.1 my-etrust.com
127.0.0.1 www.my-etrust.com
127.0.0.1 download.mcafee.com
127.0.0.1 dispatch.mcafee.com
127.0.0.1 secure.nai.com
127.0.0.1 nai.com
127.0.0.1 www.nai.com
127.0.0.1 update.symantec.com
127.0.0.1 updates.symantec.com
127.0.0.1 us.mcafee.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 customer.symantec.com |
注:% System%是一个可变路径。病毒通过查询操作系统来决定当前System文件夹的位置。Windows2000/NT中默认的安装路径是C:\Winnt\System32,windows95/98/me中默认的安装路径是C:\Windows\System,windowsXP中默认的安装路径是C:\Windows\System32。
|
病毒标签:
病毒上报信箱: