Worm.Ariss.e

該病毒會遍歷驅動器，把自己複製到各個驅動器下，並且還會查找本機存在的一些其它病毒，同時會刪除這些病毒，來保護自己，病毒會為用戶到symantec去下載一個對W32.Serflog病毒的專殺，來麻痹用戶，以為機子上沒有病毒了，來達到病毒長期留在機器上，修改註冊表來達到下次啟動自己

1。以不同的名字拷貝自身到

C:\MS_LARISSA.pif

%systemroot%\ISASS32.pif

%system32%\L4r1$.pif

%system32%\Service.pif

D:\MS_LARISSA.pif

2。創建一個txt檔案，C:\BROPIA_IS_LAMER.txt

內容為：

0MG, BROPIA = N00B hahahaha - u still writing ur w0rmz in VB... LMAO

Whatz wrong cant do C++? L-A-M-E :-) anyone can write wormz in VB

----------------------------------------------

- QUOTE FROM F-SECURE -

The worm's file is a PE executable file about 17 kilobytes long packed with Mew file

compressor. The unpacked file's size is over 155 kilobytes. The worm is written in Visual

Basic.

- END QUOTE -

hahaha, and u were callen me a n00b? -- LARISSA AUTHOR : 3-7-05

3。修改註冊表，來達到下次啟動的目的

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run L4r1$ "C:\WINNT\System32\L4r1$.pif"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LSASS 32 "C:\WINNT\ISASS32.pif"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Service "C:\WINNT\System32\Service.pif"

4。刪除本機的以下病毒

C:\Drunk_lol.pif

C:\WINDOWS\System32\Drunk_lol.pif

C:\WINDOWS\System\Drunk_lol.pif

C:\Winnt\System\Drunk_lol.pif

C:\Webcam_004.pif

C:\WINDOWS\System32\Webcam_004.pif

C:\WINDOWS\System\Webcam_004.pif

C:\Winnt\System\Webcam_004.pif

C:\sexy_bedroom.pif

C:\WINDOWS\System32\sexy_bedroom.pif

C:\WINDOWS\System\sexy_bedroom.pif

C:\Winnt\System\sexy_bedroom.pif

C:\naked_party.pif

C:\WINDOWS\System32\naked_party.pif

C:\WINDOWS\System\naked_party.pif

C:\Winnt\System\naked_party.pif

C:\love_me.pif

C:\WINDOWS\System32\love_me.pif

C:\WINDOWS\System\love_me.pif

C:\Winnt\love_me.pif

C:\osm.exe

C:\WINDOWS\System32\lexplore.exe

C:\WINDOWS\System\lexplore.exe

C:\Winnt\System\lexplore.exe

C:\LOL.scr

C:\Webcam.pif

C:\hahahaha.pif

C:\me_2005.pif

C:\sister.pif

C:\cz.exe

C:\WINDOWS\System32\winhost.exe

C:\WINDOWS\System\winhost.exe

C:\Winnt\System\winhost.exe

C:\LOL.scr

C:\Webcam.pif

C:\bedroom-thongs.pif

C:\naked_drunk.pif

C:\LMAO.pif

C:\ROFL.pif

C:\underware.pif

C:\Hot.pif

C:\new_webcam.pif

C:\WINDOWS\System32\msnus.exe

C:\WIDNOWS\System\msnus.exe

C:\Winnt\System\msnus.exe

C:\sexy.jpg

C:\WINDOWS\System32\updates.exe

C:\WINDOWS\System\updates.exe

C:\Winnt\System\updates.exe

C:\WINDOWS\System32\msnmsr.exe

C:\WINDOWS\System\msnmsr.exe

C:\Winnt\System\msnsr.exe

C:\Webcam.pif

C:\bedroom-things.pif

C:\naked_drunk.pif

C:\my_pussy.pif

C:\WINDOWS\System32\ISASS.EXE

C:\WINDOWS\System\ISASS.EXE

C:\Winnt\System\ISASS.EXE

C:\Beautiful Ass.pif

C:\John Kerry as Super Chicken.scr

C:\Kool.pif

C:\Me & you pic!.pif

C:\Me Pissed!.pif

C:\sexy.pif

C:\She Could Fit her Ass in a Teacup.pif

C:\she',27h,'s fuckin fit.pif

C:\titanic2.jpg.pif

C:\WINDOWS\System32\winis.exe

C:\WINDOWS\System\winis.exe

C:\Winnt\System\winis.exe

C:\WINDOWS\System32\nvsc32.exe

C:\WINDOWS\System\nvsc32.exe

C:\Winnt\System\nvsc32.exe

C:\Crazy-Frog.Html

C:\Annoying crazy frog getting killed.pif

C:\Crazy frog gets killed by train!.pif

C:\Fat Elvis! lol.pif

C:\How a Blonde Eats a Banana...pif

C:\Jennifer Lopez.scr

C:\LOL that ur pic!.pif

C:\lspt.exe

C:\Me on holiday!.pif

C:\Mona Lisa Wants Her Smile Back.pif

C:\My new photo!.pif

C:\See my lesbian friends.pif

C:\The Cat And The Fan piccy.pif

C:\Topless in Mini Skirt! lol.pif

C:\WINDOWS\System32\formatsys.exe

C:\WINDOWS\System\formatsys.exe

C:\WINDOWS\System32\serbw.exe

C:\WINDOWS\System\serbw.exe

C:\WINDOWS\msmbw.exe

通過郵件

病毒傳送郵件到所有通過MAPI接觸到的地址，它創建的郵件有以下特徵：

主題：Re: LOV YA! 或 Re:My Letter 或 Re:Your Documents

內容：

“Kindly read and reply to my LOVE LETTER in attachments :-)”

或Your personal information is included in the attachments.

或The DOCUMENTS you requested are in the attachments.

或Your Administrator settings have been changed, please check the attachments for more details.

或Please read and reply to my LETTER in the attachments!

附屬檔案:

LOVE_LETTER_FOR_YOU.exe

6。病毒會訪問

為用戶下載一個對W32.Serflog病毒的專殺