Worm.Aimes.a是一個通過AOL Instant Messenger和電子郵件傳播的蠕蟲病毒。
基本介紹
- 中文名:Worm.Aimes.a
- 病毒類型:蠕蟲
- 影響系統:Win9x / WinNT
- 威脅級別:2星
病毒行為,檔案列表,
病毒行為
該病毒會禁止用戶使用任務管理器和註冊表編輯器,關閉Windows的自動更新功能,強行終止某些進程,從網路上下載病毒到本地機器,試圖將自己拷貝到軟碟驅動器A中,向AOL Instant Messenger聯繫人傳送一條訊息誘騙該聯繫人打開附屬檔案,從Outlook地址薄裡面收集郵件地址並將病毒做為附屬檔案傳送給這些郵件接收者,最後將機器設定成休眠狀態。
檔案列表
1.病毒運行時釋放下列檔案:
%SystemRoot%\Msvbdll.pif
%SystemRoot%\msVBdll.exe
%ProgramFiles%\Sony\VAIO Action Setup\MsVBdll32.exe
%UserProfile%\Start Menu\Programs\Startup\msVBdll.exe
2.添加啟動項:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
"MsVBdll" = "%SystemRoot%\MsVBdll.pif"
3.禁止通過Windows安全中心的防火牆、反病毒、更新通知
HKEY_CURRENT_USER\Software\Microsoft\security center
HKEY_LOCAL_MACHINE\Software\Microsoft\security center
"FirewallDisableNotify" = "1"
"UpdatesDisableNotify" = "1"
"AntiVirusDisableNotify" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
"DisableTaskMgr" = "1"
"DisableRegistryTools" = "1"
5.禁止Windows自動更新
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
"NoAutoUpdate" = "1"
6.刪除以下鍵值
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Run
"Windows" = "Auto Update.exe"
7.顯示下面的某一個對話框
標題: "Blow Me"
內容: "Hello Windows has suffered from a serious error, it may never recover unless you perform oral sec on the cd drive"
標題: "Disgusting"
內容: "You are viewing this message because someone in the house is homosexual"
8.打開AOL Instant Messenger並向聯繫人傳送訊息"Hey whats up!! look what I did to my hair...lol!!"和附屬檔案%SystemRoot%\picture.pif
9.從網上下載檔案到C:\Fix_SP2.zip
10.從Outlook地址薄裡面收集郵件地址並將病毒做為附屬檔案傳送給這些郵件接收者
郵件主題:Service Pack 2 BUG!!
郵件正文:
Dear user I have been informed that there was a BUG in Windows Service Pack 2 which was fixed I recommend you to download this Patch version which will fix the bug and keep your system safe.
You will find the Patch file in the attachment, feal free to send it to anyone.
I'll be in touch with you as soon as another bug is found.
Regards,
A.H
附屬檔案:C:\Fix_SP2.zip
11.強行終止以下2個進程:
svchost.exe
lsass.exe
12.將機器設定為休眠狀態,並試圖將自己拷貝到A:\homework.exe,如果驅動器A不可用,就顯示"Run-time error '71': Disk not ready"。
