該病毒通過感染在windows和macintosh平台運行的word6.x/7.x版本進行自我複製。在自動宏運行的時候,病毒會被激活。
基本介紹
- 中文名:w97m_class_d
- 別名:W97M/Class.D
- 屬性:計算機病毒
- 特點:感染檔案
- 相似病毒:KRIZ.3836病毒
病毒簡介,病毒特點,
病毒簡介
病毒名稱:w97m_class_d
別名:W97M/Class.D,Word97Macro.Class
病毒特點
在剛剛感染的時候,病毒會把它的代碼輸出到ASCII檔案C:/CLASS.SYS中。在五月到十捉舟永二月的十四日如果運行被感染檔案,就會又一個信息框會顯示出來,內容如下:
- Class.Poppy X
I Think " (word97 reg. User name) " is a big stupid jerk!
OK
同時病毒在以下位置修改登錄用戶和登錄拜潤邀組織的信息:
HKLM/Software/Microsoft/Windows/CurrentVersion
RegisteredOwnder="VicodinES/VB/TNN"
RegisteredOrganization="-(Dr. Diet Mountain Dew)
該病毒和KRIZ.3836病毒很相似,不同的是增加了一些程式,而且,如果SoftIce調試程式安裝在系統中的時候,病毒的破壞程式會被激殼茅煮活;病毒含有的字元串也有不同,這個病毒的字元串是:T-2000 / Immortal Riot 。
病毒在每次感染前都查找檔案,如果與下墊局晚煮列檔案名稱匹配,感染就不會發生。(AVP32.EXE,AVPM.EXE,ALERTSVC.EXE,AMON.EXE,AVP32.EXE,AVPM.EXE,N32SCANW.EXE,NAVAPSVC.EXE,NAVAPW32.EXE,NAVLU32.EXE,NAVRUNR.EXE,NAVWNT.EXE,NOD32.EXE,NPSSVC.EXE,NSCHEDNT.EXE,NSPLUGIN.EXE,SCAN.EXE,SMSS.EXE)
該病毒具有相當破壞性的有效載荷,當12月25日病毒被觸發,它將毀壞CMOS數據,向染毒機器的所有檔案寫入垃圾數據並破壞Flash BIOS。該病毒使用秘密技術來加碑雅密它的代碼,在解密以後,你會在病毒體中發現下面的文本:
=( [c] 1999 [t] )=
YOU CALL IT RELIGION, YOU'RE FULL OF SHIT
YOU NEVER KNEW, YOU NEVER DID, YOU NEVER WILL
YOU'RE SO FULL OF SHIT, I DON'T WANT TO HEAR IT
ALL YOU DO IS TALK ABOUT YOURSELF
I DON'T WANNA HEAR IT, COZ I KNOW NONE OF IT'S TRUE
I'M SICK AND TIRED OF ALL YOUR GODDAMN LIES
LIES IN THE NAME OF GOD
WHEN ARE YOU GOING TO REALIZE THAT I DON'T
WANT TO HEAR IT?!
I KNOW YOU'RE SO FULL OF SHIT, SO SHUT YOUR FUCKING MOUTH
YOU KEEP ON TALKING, TALKING EVERYDAY FIRST YOU'RE TELLING STORIES, THEN YOU'譽諒催RE TELLING LIES
WHEN THE FUCK ARE YOU GOING TO REALIZE THAT I DON'T WANT TO HEAR IT!!
AH, SHUT THE FUCK UP...