光华反病毒研究中心近日进行病毒特征码更新,请用户尽快到光华网站http://www.viruschina.com下载升级包,以下是几个重要病毒的简介:
一、W32病毒:W32.Mabezat.B 危害级别:★★★☆☆
根据光华反病毒研究中心专家介绍,W32.Mabezat.B 是个 W32 病毒,长度 154,751 字节 (exe), 32,768 字节(dll),感染 Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000 系统。它通过邮件、移动盘和网络共享(弱口令)传播,感染所有exe文件加密数据文件,当收到、打开此病毒时,有以下危害:
A 复制自身到
系统盘:\Documents and Settings\tazebama.dl_
系统盘:\Documents and Settings\hook.dl_
用户目录\Start Menu\Programs\Startup\zPharoh.exe
B 生成文件
系统盘:\Documents and Settings\tazebama.dll
系统盘:\Documents and Settings\[USER NAME]\Application Data\tazebama
系统盘:\Documents and Settings\[USER NAME]\Application Data\tazebama\
tazebama.log
系统盘:\Documents and Settings\[USER NAME]\Application Data\tazebama\zPharaoh.dat
C 删除注册表项
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer\NoDriveTypeAutoRun
D 设置注册表项
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\"ShowSuperHidden" = "0"
隐藏系统文件
E 在移动盘根目录创建以下文件
zPharaoh.exe
autorun.inf
F 搜索感染硬盘上的所有exe文件,加密文件内容,修改资源,使图标正常
G 通过使用用户anonymous 和 administrator 尝试破解弱口令保护的网络共享
H 复制自身到网络共享中的以下文件
My documents .exe
Readme.doc .exe
My Documents [空格].exe
I 发送以下邮件传播病毒(在附件中)
主题: ABOUT PEOPLE WITH WHOM MATRIMONY IS PROHIBITED
附件: PROHIBITED_MATRIMONY.rar
正文:
1 : If a man commits adultery with a woman, then it is not permissible for him to marry her mother or her daughters. 2 : If a woman out of sexual passion and with evil intent commits sexual intercourse with a man, then it is not permissible for the mother or daughters of that woman to merry that man. In the same way, the man who committed sexual intercourse with a woman, because prohibited for her mother and daughters. Download the attached article to read.
主题: Windows secrets
附件: FolderPW_CH(1).rar
正文:
The attached article is on "how to make a folder password". If your are interested in this article download it, if you are not delete it.
主题: Canada immigration
附件: IMM_Forms_E01.rar
正文:
The debate is no longer about whether Canada should remain open to
immigration. That debate became moot when Canadians realized that low birth rates and an aging population would eventually lead to a shrinking populace. Baby bonuses and other such incentives couldn't convince Canadians to have more kids, and demographic experts have forecasted that a Canada without immigration would pretty much disintegrate as a nation by 2050. Download the attached file to know about the required forms. The sender of this email got this article from our side and forwarded it to you.
主题: Viruses history
附件: virushistory.rar
正文:
Nowadays, the viruses have become one of the most dangerous systems to attack the computers. There are a lot of kinds of viruses. The common and popular kind is called "Trojan.Backdoor" which runs as a backdoor of the victim machine. This enables the virus to have a full remote administration of the victim machine. To read the full story about the viruses history since 1970 download the attached and decompress It by WinRAR. The sender has red the story and forwarded it to you.
主题: Web designer vacancy
附件: JobDetails.rar
正文:
Fortunately, we have recently received your CV/Resume from moister web site and we found it matching the job requirements we offer. If your are interested in this job Please send us an updated CV showing the required items with the attached file that we sent.
Thanks & Regards,
Ajy Bokra
Computer department.
AjyBokra@webconsulting.com
主题: MBA new vision
附件: Marketing.rar
正文:
[http://]ster of business administration ) one of the most required degree around the world. We offer a lot of books helping you to gain this degree. We attached one of our .doc word formatted books on "Marketing basics" to download. Our web site http://www.tazeunv.edu.cr/mba/info.htm
Contacts:
Human resource
Ajy klaf
AjyKolav@tazeunv[REMOVED]
主题: problem
附件: outlooklog.rar
正文:
When I had opened your last email I received some errors have been saved in the attached file. Please inform me with those errors as soon as possible.
主题: hi
附件: notes.rar
正文:
Unfortunately, I received unformatted email with an attached file from you. I couldn't understand what is behind the words. I wish you next time send me a readable file!. I forwarded the attached file again to evaluate your self.
J 病毒还使用以下文件名作为附件
windows.rar
office_crack.rar
serials.rar
passwords.rar
windows_secrets.rar
source.rar
imp_data.rar
documents_backup.rar
backup.rar
MyDocuments.rar
HpphmfUppmcbsOpujgjfs/fyf
GoogleToolbarNotifier.exe
PanasonicDVD_DigitalCam.exe
Antenna2Net.exe
RadioTV.exe
Microsoft MSN.exe
Sony Erikson DigitalCam.exe
IDE Conector P2P.exe
Windows Keys Secrets.exe
FaxSend.exe
RecycleBinProtect.exe
Disk Defragmenter.exe
CD Burner.exe
ShowDesktop.exe
BrowseAllUsers.exe
LockWindowsPartition.exe
Win99compatibleXP.exe
MakeUrOwnFamilyTree.exe
WindowsXp StartMenu Settings.exe
Recycle Bin.exe
Adjust Time.exe
Microsoft Windows Network.exe
HP_LaserJetAllInOneConfig.exe
FloppyDiskPartion.exe
msjavx86.exe
AmericanOnLine.exe
Crack_GoogleEarthPro.exe
Lock Folder.exe
InstallMSN11En.exe
InstallMSN11Ar.exe
JetAudio dump.exe
KasperSky6.0 Key.doc.exe
Office2007 Serial.txt.exe
Office2007 CD-Key.doc.exe
Make Windows Original.exe
NokiaN73Tools.exe
WinrRarSerialInstall.exe
K 病毒将自身(以下文件)复制到
[用户目录]\Local Settings\Application Data\Microsoft\CD Burning 下,在刻录光盘时带上病毒
zPharaoh.exe
autorun.inf
L 病毒加密硬盘上以下扩展名的文件
.hlp
.pdf
.html
.txt
.aspx.cs
.aspx
.psd
.mdf
.rtf
.htm
.ppt
.php
.asp
.pas
.h
.cpp
.xls
.doc
.rar
.zip
.mdb
光华反病毒软件已经对这种病毒进行了处理,请用户升级后,使用光华反病毒软件清除。
二 木马病毒 Trojan.Voterai 危害级别:★★★☆☆
根据光华反病毒研究中心专家介绍,Trojan.Voterai 是一个木马病毒,长度 100,014 字节,感染 Windows 2000, Windows Vista, Windows XP 系统。它结束系统中的安全程序,当收到、打开此病毒时,主要有以下危害:
A 复制自身到
Win目录\installer\userinit.exe
Win目录\installer\SMSS.EXE
Win目录\debug\explorer.exe
系统目录\dllcache\LSASS.EXE
系统目录\dllcache\smss.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\defaults.pif
B 创建文件
Win目录\SoftWareProtector\dat24_out.pr
[根目录]\kib.htm
C 修改注册表
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\
"AlternateShell" = "%WINDOWS%\installer\SMSS.EXE"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
AeDebug\"Debugger" = "%SYSTEM%\dllcache\smss.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
AeDebug\"Auto" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Policies\Explorer\"NoFolderOptions" = "1"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
Policies\Explorer\"NoFolderOptions" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Explorer\Advanced\"Hidden" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Explorer\Advanced\"ShowSuperHidden" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Explorer\Advanced\"HideFileExt" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Explorer\CabinetState\"FullPathAddress" = "1"
D 删除注册表
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
Run\"AVP"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
Run\"nod32kui"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
Run\"ShStatEXE"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
Run\"McAfeeUpdaterUI"
E 搜索删除以下文件
Alwil Software\Avast4\ashAvast.exe
Alwil Software\Avast4\ashBug.exe
Alwil Software\Avast4\ashdisp.exe
Alwil Software\Avast4\ashmaisv.exe
Alwil Software\Avast4\ashserv.exe
Alwil Software\Avast4\ashwebsv.exe
Alwil Software\Avast4\sched.exe
Alwil Software\Avast4\visthupd.exe
Apvxdwin.ex
Ashavast.exe
Ashdisp.exe
Ashmaisv.exe
Ashserv.exe
Ashwebsv.exe
aswupdsv.exe
avengine.exe
avgcc.exe
AVS 2007.exe
c:\ntkrnl.exe
ESET\nod32.exe
ESET\nod32krn.exe
ESET\nod32kui.exe
Grisoft\Avg free\avgcc.exe
Grisoft\Avg free\avgvv.exe
Grisoft\Avg free\avgw.exe
kav6.0.2.621en.exe
McAfee.com\Agent\mcagent.exe
McAfee.com\VSO\Mcmnhdlr.exe
McAfee.com\VSO\Mcshield.exe
McAfee.com\VSO\McVSEscn.exe
McAfee.com\VSO\Mcvsftsn.exe
mcagent.exe
Mcmnhdlr.exe
mcshield.exe
McVSEscn.exe
McVsftsn.exe
nod32.exe
nod32krn.exe
nod32kui.exe
Panda Software\Panda Antivirus 2007\apvxdwin.exe
Panda Software\Panda Antivirus 2007\Apvxdwin.exe
Panda Software\Panda Antivirus 2007\Avciman.exe
Panda Software\Panda Antivirus 2007\avengine.exe
Panda Software\Panda Antivirus 2007\Avengine.exe
Panda Software\Panda Antivirus 2007\avlite.exe
Panda Software\Panda Antivirus 2007\Avltmain.exe
Panda Software\Panda Antivirus 2007\Avtask.exe
Panda Software\Panda Antivirus 2007\lupgconf.exe
Panda Software\Panda Antivirus 2007\panicsh.exe
Panda Software\Panda Antivirus 2007\pavsrv51.exe
Panda Software\Panda Antivirus 2007\psctrls.exe
Panda Software\Panda Antivirus 2007\psimsvc.exe
Panda Software\Panda Antivirus 2007\webproxy.exe
pavsrv51.exe
psctrls.exe
psimsvc.exe
F 结束含有以下字符的进程
2007
AID
ANT
AUTO
AVI
AVS
BUG
CLEA
COMPON
CONFIG
CONSOL
DEAC
DEFE
DETEC
DIAM
FREE
GUA
HIJ
HIT
INSTALL
KASP
KILL
MANAGEMENT
MCAFEE
MONI
NEME
NOD32
NORTON
PAND
PATR
POLI
REG
REMO
SCAN
SECUR
SERVI
SETUP
SUPPORT
SWEEP
SYMAN
TASK
TERMI
TRIA
TUNE
UND
UNHO
UNL
UNLO
VIEW
VIR
W32
WARE
北京日月光华软件公司网站(http://www.viruschina.com)每日进行病毒特征码更新,光华反病毒研究中心专家提醒您:请尽快到光华安全网站在线订购光华反病毒软件来防范病毒的入侵,时刻保护您的电脑安全。光华反病毒软件用户升级到12月3日的病毒库(免费下载地址为:http://www.viruschina.com/html/update.htm)就可以完全查杀这些病毒。
|
|
