这是一个利用p2p软件传播自己的病毒,由于采用WinZip图标,文件名采用常用的软件名称,所以用户极其容易上当。
1.释放若干自身拷贝到系统。
WINDOWS_CRITICAL_UPDATE.EXE
WINDOWSUPDATE.EXE
SVCHOST.EXE
WINDLL32.EXE
OCX32.EXE
CALC.EXE 把系统的calc.exe改名为calc.com
SOL.EXE
FREECELL.EXE
2.修改注册表,实现自启动。
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
\CurrentVersion\Run
windll : %WINDOWS%\windll32.exe
ocx32 : %WINDOWS%\ocx32.exe
microsoft : %WINDOWS%\svchost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows
\CurrentVersion\Run
WindowsCriticalUpdate : %WINDOWS%\windows_critical_update.exe
WindowsUpdate : %WINDOWS%\svchost.exe
3.搜索下列目录,如果找到,释放自身拷贝到其中,从数组中随机取一个字符串作为文件名。
具有很大欺骗性。
\Kazaa Lite K \my shared folder\kazaa lite
\my shared folder\
kazaa\my shared folder\kmd\my shared folder
\grokster\
my grokster\bearshare\shared\edonkey2000\incoming\morpheus\my shared folder\limewire
\shared\
winmx\sharedc:\my shared folderc:\program files\ICQ\Shared Folder
c:\program files\overnet\incomingc:\My Downloads\
Rapigator\Share\XoloX\Downloads\Tesla\Files\
WinMX\My Shared Folder\Shareaza\Downloads\GnUCleus\Downloads
可能的文件名称为:
HotMail Hack.exe
Hack Any Computer.exe
AIM & AOL PassWord Hacker.exe
Mircosoft CD Key Generator.exe
PornStar3D.exe
Keylogger2003.exe
Advanced Password Recovery Hacker.exe
AIM Hacker.exe
Acoustica_mp3-FULL.exe
ICQ Hack.exe
Spy Toolz.exe
XBOX-BootDVD Instructions.exe
Windows Hacker.exe
Windows CD KeyGen.exe
Photoshop71-Crack.exe
Swift 3D.v3.Keygen.exe
Sony PlayStation Hack Boot Disk (No MOD Chip Needed)-Working.exe
simsonline(money-cheat)-WORKS.exe
Password Decoder.exe
XBOX-HackTheBox(PDF Utils).exe
Halflife & CounterStrike Hack Pack.exe
CyberPass Keygen for Adult Sites.exe
AutoFX-Mystical-Lighting Crack.exe
AudioCatalyst-Crack(working).exe
Adobe Photoshop 7.0 serial key.exe
YuGiOh-FULL-VERSION.exe
Teen Screen Saver.exe
Super Sex Games.exe
The Sex Files.exe
WWE-XXX-Screensavers.exe
Adult Tetris.exe
Interactive Sex Game-Funny XXX.exe
September 22, 1999
XXXPassword_Hacker Dictionary.exe
Pong.exe
AudioCatalyst-FULL-RETAIL.exe
AgeOfMythology--NOCD-Crack.exe
CD KEY HACKER.exe
Monitor.exe
System Monitor.exe
YuGiOh-RARE.exe
AgeOfMythology-Cheat.exe
AgeOfMythology-TITANS-FULL.exe
Adobe_AfterEffects6-Crack.exe
TrillianPro-2-FULL Crack.exe
GroksterPRO(NoAdvertising)FULL.exe
Grokster(AdFree).exe
MSN_Messenger_PLUS(Full).exe
HackerToolz 8( WinXP Toolz).exe
eBook - Real.Penis.Enlargement.Techniques.
v1.2.WinNone.
Incl.FULL.METHOD-TNO.exe
病毒的清除法: 使用光华反病毒软件,彻底删除。 病毒演示: 病毒FAQ: Windows下的PE病毒。
发现日期: 2003-11-7
文章整理:西部数码--专业提供域名注册、虚拟主机服务
http://www.west263.com
以上信息与文章正文是不可分割的一部分,如果您要转载本文章,请保留以上信息,谢谢!
