Worm.Ariss.c

Worm.Ariss.c是一個通過郵件傳播的蠕蟲,病毒會破壞用戶計算機的保護措施,如:關閉防火牆及常見的防毒軟體等,病毒禁用註冊表編輯器,還有一些惡意行為,如:禁用開始選單中的運行、隱藏硬碟分區、禁止用戶進入windows 2000的MS-DOS方式、禁止顯示“遠程管理”等,為其他的病毒入侵做好了鋪墊。對系統中一些不需要的服務進行關閉或刪除。許多作業系統會安裝一些輔助服務,這些服務為攻擊者提供了方便,而對用戶來說沒有太多的用處,如果刪除它們,就能大大減少被攻擊的可能性。

基本介紹

  • 中文名:Worm.Ariss.c
  • 類別蠕蟲病毒
  • 威脅級別:★★
  • 中文名稱:狂妄獵手

病毒描述
1.生成檔案:
IExplore.exe
MSLARISSA.pif
CmdPrompt32.pif
SP00Lsv32.pif
C:\WINDOWS\WinVBS.vbs
C:\MESSAGE_TO_USER.txt
C:\MESSAGE_TO_AVs.txt
C:\MESSAGE_TO_BROPIA.txt
2.註冊表:
增加鍵值:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
MSLARISSA:MSLARISSA.pif
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Command Prompt32:CmdPrompt32.pif
增加啟動項,使病毒開機運行。
修改鍵值:
Software\Microsoft\Windows\CurrentVersion\Explorer\Sheelfol
設定病毒本身和IE的關聯,做到一打開IE的同時病毒就被打開。
3.下載檔案:mslarissac/WindowsSecurityUpdate.zip
4.生成檔案C:\MESSAGE_TO_USER.txt的內容
Greetz to infected user!I will survive,In this moment in time.'Your computer will crash,So, you will be mine.I will not crash,I will not f—a—i—l.S—o, i—n this moment in time,I will survive...
- LARISSA AUTHOR : 2-24-05
C:\MESSAGE_TO_AVs.txt的內容
Greetz to AVs!
I wanna be in AV industry when I grow up :-)
LARISSA AUTHOR : 2-24-05
C:\MESSAGE_TO_BROPIA.txt
Hey Bropia.. stop making MSN worms it',27h's stupid...... lol -- Larissa Anti Bropia... -- Saving the world from BROPIA!!!
- LARISSA AUTHOR : 2-24-05
5.郵件的內容為下面的隨機一洌?
The message is located in the attachments.
The letter you requested is in the attachments.
Information attached.
Kindly read and reply to my LOVE LETTER in the attachments :-)
The documents you requested are in the attachments.
Info reguarding your Email account is in the attachments.
Dear Windows User Please download the windows update included in the attachmen
My letter is in the attachments.
Your email account is about to expire, please check the attachments for details.
6.郵件的隨機主題
Re: Message
Re: Letter
Re: Information
I LOVE YOU
Re: Your Documents
Re: Account Info
Windows Update
Re: My Letter
Re: Docs
Re: Your Email Info
7.郵件附屬檔案的隨機名稱:
Message.exe
Letter.exe
Information.exe
LOVE_LETTER_FOR_YOU.exe
Documents.exe
Attached_Message.exe
Microsoft_Update.exe
Private_Letter.exe
Private_Document.exe
Important_Message.exe
8.把病毒自己複製到下面目錄裡面:
"b:"
"c:"
"d:"
"e:"
"f:"
"g:"
"h:"
"i:"
"j:"
"k:"
"l:"
"m:"
"n:"
"o:"
"q:"
"r:"
"s:"
"t:"
"u:"
"v:"
"w:"
"x:"
"y:"
"z:"
9.病毒會關閉一些保護軟體,也會關閉一些病毒
"AGENTSVR.EXE"
"ANTI-TROJAN.EXE"
"ANTIVIRUS.EXE"
"ANTS.EXE"
"APIMONITOR.EXE"
"APLICA32.EXE"
"APVXDWIN.EXE"
"ATCON.EXE"
"ATGUARD.EXE"
"ATRO55EN.EXE"
"ATUPDATER.EXE"
"ATWATCH.EXE"
"ZAPRO.EXE"
"ZAPSETUP3001.EXE"
"ZATUTOR.EXE"
"ZAUINST.EXE"
"ZONALM2601.EXE"
"ZONEALARM.EXE"
"AUPDATE.EXE"
"AUTODOWN.EXE"
"AUTOTRACE.EXE"
"AUTOUPDATE.EXE"
"AVCONSOL.EXE"
"AVGSERV9.EXE"
"AVLTMAIN.EXE"
"AVPUPD.EXE"
"AVSYNMGR.EXE"
"AVWUPD32.EXE"
"AVXQUAR.EXE"
"AVprotect9x.exe"
"Au.exe"
"BD_PROFESSIONAL.EXE"....

相關詞條

熱門詞條

聯絡我們