基本介紹
病毒特點
病毒運行的時候,它將自身複製到C:\Windows\sysrnj.exe,並在註冊表中創建以下內容:
HKEY_CLASSES_ROOT\rnjfile
\DefaultIcon= %1
\shell\open\command = sysrnj.exe "%1" %*
當"rnjfile" 被指定,上面提到的鍵值將運行這個蠕蟲副本,接著修改下列鍵值:
HKEY_CLASSES_ROOT
\.exe = rnjfile
\.jpg = rnjfile
\.jpeg = rnjfile
\.jpe = rnjfile
\.bmp = rnjfile
\.gif = rnjfile
\.avi = rnjfile
\.mpg = rnjfile
\.mpeg = rnjfile
\.wmf = rnjfile
\.wma = rnjfile
\.wmv = rnjfile
\.mp3 = rnjfile
\.mp2 = rnjfile
\.vqf = rnjfile
\.doc = rnjfile
\.xls = rnjfile
\.zip = rnjfile
\.rar = rnjfile
\.lha = rnjfile
\.arj = rnjfile
\.reg = rnjfile
上面列出的任何一個檔案被打開都將使該蠕蟲副本啟動。
該蠕蟲將自身傳送到新聞組 alt.comp.virus ,訊息內容如下:
From: "Romeo&Juliet"
Subject:[Romeo&Juliet] R.i.P.
Romeo&Juliet
where is my juliet ?
where is my romeo ?
hi
last wish ???
lol :)
,,...'
!!!
newborn
merry christmas!
surprise !
Caution: NEW VIRUS !
scandal !
^_^
Re: