簡介,病毒行為,
簡介
病毒別名:
處理時間:
威脅級別:★★
中文名稱:
病毒類型:VBS病毒
影響系統:Win9x / WinNT
病毒行為
該腳本病毒在每月的2,7,14,21號會刪除win9x用戶的WINDOWS目錄,導致系統癱瘓,winnt用戶不受影響,系統的界面設定將被修改,病毒會隱藏磁碟圖示,禁止註冊表編輯,禁止任務管理器,禁止系統自動升級,將IE的安全級別將最低,win9x用戶在開機之後會立即自動關機,病毒還會結束一下常用軟體進程:
"vsmon.exe"
"zonealarm.exe"
"PNTIOMON.exe"
"pccntupd.exe"
"WebTrap*.exe"
"Pop3trap.exe"
"MWSOEMON.exe"
"avpcc.exe"
"AvpM.exe"
"RapApp.exe"
"blackice.exe"
"blackd.exe"
"xcommsrv.exe"
"avxgui.exe"
"avxlive.exe"
"lmgui.exe"
"Iface.exe"
"Pavsrv*.exe"
"Avengine.exe"
"UPDATE.EXE"
"NUPGRADE.EXE"
"MCUPDATE.EXE"
"LUALL.EXE"
"ICSUPP95.EXE"
"ICSSUPPNT.EXE"
"DRWEBUPW.EXE"
"CFIAUDIT.EXE"
"DRWEBUPW.EXE"
"AVXQUAR.EXE"
"AVWUPD32.EXE"
"AVPUPD.EXE"
"AVLTMAIN.EXE"
"AUTOUPDATE.EXE"
"AUTOTRACE.EXE"
"AUTODOWN.EXE"
"AUPDATE.EXE"
"ATUPDATER.EXE"
"nod32krn.exe"
"nod32kui.exe"
"_avp*"
"ackwin32*"
"anti-trojan*"
"aplica32*"
"apvxdwin*"
"autodown*"
"avconsol*"
"ave32*"
"avgcc32*"
"avgctrl*"
"avgw*"
"avkserv*"
"avnt*"
"avp*"
"avsched32*"
"avwin95*"
"avwupd32*"
"blackd*"
"blackice*"
"bootwarn*"
"ccapp*"
"ccshtdwn*"
"cfiadmin*"
"cfiaudit*"
"cfind*"
"cfinet*"
"claw95*"
"dv95*"
"ecengine*"
"efinet32*"
"esafe*"
"espwatch*"
"f-agnt95*"
"findviru*"
"fprot*"
"f-prot*"
"fprot95*"
"f-prot95*"
"fp-win*"
"frw*"
"f-stopw*"
"gibe*"
"iamapp*"
"iamserv*"
"ibmasn*"
"ibmavsp*"
"icload95*"
"icloadnt*"
"icmon*"
"icmoon*"
"icssuppnt*"
"icsupp*"
"iface*"
"iomon98*"
"jedi*"
"kpfw32*"
"lockdown2000*"
"lookout*"
"luall*"
"moolive*"
"mpftray*"
"msconfig*"
"nai_vs_stat*"
"navapw32*"
"navlu32*"
"navnt*"
"navsched*"
"navw*"
"nisum*"
"nmain*"
"normist*"
"nupdate*"
"nupgrade*"
"nvc95*"
"outpost*"
"padmin*"
"pavcl*"
"pavsched*"
"pavw*"
"pcciomon*"
"pccmain*"
"pccwin98*"
"pcfwallicon*"
"persfw*"
"pop3trap*"
"pview*"
"rav*"
"regedit*"
"rescue*"
"safeweb*"
"serv95*"
"sphinx*"
"sweep*"
"tca*"
"tds2*"
"vcleaner*"
"vcontrol*"
"vet32*"
"vet95*"
"vet98*"
"vettray*"
"vscan*"
"vsecomr*"
"vshwin32*"
"vsstat*"
"webtrap*"
"wfindv32*"
"zapro*"
"zonealarm*"
"McVSEscn*"
"mcvsrte*"
"mcvsftsn*"
"mcvsshld*"
"AntiTroj*"
"smc*"
"doors*"
"dpf*"
"drwatson*"
"drweb32*"
"fameh32*"
"fast*"
"findviru*"
"fix-it*"
"flowprotector*"
"fnrb32*"
"fsaa*"
"fsav530stbyb*"
"fsav530wtbyb*"
"fsm32*"
"guard*"
"guarddog*"
"iamstats*"
"ifw2000*"
"iomon98*"
"jed*"
"jammer*"
"kerio-pf-213-en-win*"
"kerio-wrl-421-en-win*"
"kerio-wrp-421-en-win*"
"kavlite40eng*"
"kavpers40eng*"
"killprocesssetup161*"
"kpf*"
"kpfw32*"
"ldpro*"
"ldpromenu*"
"ldscan*"
"localnet*"
"lucomserver*"
"mfweng3.02d30*"
"mfw2en*"
"monsys32*"
"monsysnt*"
"msblast*"
"mrflux*"
"mspatch*"
"mssmmc32*"
"nav80try*"
"navengnavex15*"
"nc2000*"
"norton_internet_secu_3.0_407*"
"amon9x*"
"antivirus*"
"ants*"
"autotrace*"
"azonealarm*"
"bd_professional*"
"bidef*"
"bidserver*"
"bipcp*"
"mxtask*"
"nai_vs_stat*"
"navauto-protect*"
"navengnavex15*"
"nc2000*"
"ncinst4*"
"ndd32*"
"neomonitor*"
"netinfo*"
"nsched32*"
"pcip10117_0*"
"Ad-aware*"
"SpybotSD*"
"ntxconfig*"
"panixk*"
"pathping*"
"zonalm2601*"
"xpf202en*"
"wyvernworksfirewall*"
"symproxysvc*"
"rav8win32eng*"
"EXANTIVIRUS-CNET*"
"Fast*"
"Nav80try*"
"Cleaner*"
"Tgbob*"
"Titanin*"
"TitaninXp*"
"Tracert*"
"Trjscan*"
"Trojantrap3*"
"AVprotect9x*"
"Bisp*"
"Ostronet*"
"Nwinst4*"
"Nwtool16*"
"Periscope*"
"Regedt32*"
"Qserver*"
"Integrator*"
"Moolive*"