PE_KRIZ.4029

PE_KRIZ.4029是一個駐留記憶體的多態型病毒,當運行時它將感染win32執行檔(例如:.exe和.dll)。

基本介紹

  • 外文名:PE_KRIZ.4029
  • 危害程度:大
  • 破壞性:強
  • 形態:多態型病毒
病毒簡介
當一個染毒的程式執行時病毒首先感染KERNELL32.DLL並且在整個Windows進程中駐留記憶體。之後,每次Woindows 啟動病毒立即駐留記憶體並感染所有WIN32執行檔
該病毒在感染之前首先檢測下列檔案名稱是否存在(大部分是反病毒軟體),如果有下列檔案存在則不進行感染。
- _AVP32.EXE
- _AVPM.EXE
- ALERTSVC.EXE
- AMON.EXE
- AVP32.EXE
- AVPM.EXE
- N32SCANW.EXE
- NAVAPSVC.EXE
- NAVAPW32.EXE
- NAVLU32.EXE
- NAVRUNR.EXE
- NAVWNT.EXE
- NOD32.EXE
- NPSSVC.EXE
- NSCHEDNT.EXE
- NSPLUGIN.EXE
- SCAN.EXE
- SMSS.EXE
該病毒具有相當的破壞性,當12月25日病毒被觸發,它將毀壞CMOS數據,向染毒機器的所有檔案寫入垃圾數據並破壞Flash BIOS。該病毒使用秘密技術來加密它的代碼,在解密以後,你會在病毒體中發現下面的文本:
=( [c] 1999 [t] )=
YOU CALL IT RELIGION, YOU'RE FULL OF SHIT
YOU NEVER KNEW, YOU NEVER DID, YOU NEVER WILL
YOU'RE SO FULL OF SHIT, I DON'T WANT TO HEAR IT
ALL YOU DO IS TALK ABOUT YOURSELF
I DON'T WANNA HEAR IT, COZ I KNOW NONE OF IT'S TRUE
I'M SICK AND TIRED OF ALL YOUR GODDAMN LIES
LIES IN THE NAME OF GOD
WHEN ARE YOU GOING TO REALIZE THAT I DON'T
WANT TO HEAR IT?!
I KNOW YOU'RE SO FULL OF SHIT, SO SHUT YOUR FUCKING MOUTH
YOU KEEP ON TALKING, TALKING EVERYDAY FIRST YOU'RE TELLING STORIES, THEN YOU'RE TELLING LIES
WHEN THE FUCK ARE YOU GOING TO REALIZE THAT I DON'T WANT TO HEAR IT!!
AH, SHUT THE FUCK UP...
該病毒還有一些變種,如PE_KRIZ.4050,PE_KRIZ.3740(聖誕CIH)等,危害程度都不小,在歡度聖誕之際,請大家還是謹慎為妙。

相關詞條

熱門詞條

聯絡我們