病毒簡介
病毒別名:
處理時間:
威脅級別:★★
中文名稱:狂妄獵手
病毒類型:蠕蟲
影響系統:Win9x / WinNT
病毒行為
這是一個通過郵件和mIRC傳播的蠕蟲,他會破壞用戶計算機的保護措施,關閉防火牆,常見防毒軟體等,禁用註冊表編輯器,禁用開始選單中的運行,隱藏硬碟分區,禁止用戶進入Windows 2000的MS-DOS方式,禁止顯示"遠程管理",通過mIRC病毒達到控制用戶機器和傳播的目的。1.生成檔案:
C:\LARISSA.html
C:\WINDOWS\WSocket32.vbs
C:\WINDOWS\SPOOL_SV32.vbs
C:\Program Files\MIRC\script.ini
C:\WINDOWS\LARISSA.exe
C:\WINDOWS\SMSS_32.exe
2.會通過通過Outlook傳送郵件。
3.郵件的
Subject:Re: LOVELETTER
Body:vbcrlf&"I LOVE YOU TOO!"
附屬檔案名LOVELETTER.exe
4.結束以下進程:
"ATUPDATER.EXE"
"AUPDATE.EXE"
"AUTODOWN.EXE"
"AUTOUPDATE.EXE"
"Avconsol.exe"
"AVENGINE.EXE"
"AVXQUAR.EXE"
"bawindo.exe"
"ccevtmgr.exe"
"ccproxy.exe"
"ccpxysvc.exe"
"DefWatch.exe"
"DRWEBUPW.EXE"
"ESCANHNT.EXE"
"LUCOMS~1.EXE"
"vstskmgr.exe"
"UpdaterUI.exe"
"NPROTECT.EXE"
"mcvsshld.exe"
"mcvsrte.exe"
"mcvsescn.exe"
"mcagent.exe"
"mcshield.exe"
"MCUPDATE.EXE"
"FrameworkService.exe"
"PINGSCAN.EXE"
"rtvscn95.exe"
"W9X.EXE"
"ZAUINST.EXE"
"XPF202EN.EXE"
"SPF.EXE"
"CV.EXE"
"FSAV530STBYB.EXE"
"FSAV530WTBYB.EXE"
"IAMSERV.EXE"
"KILLPROCESSSETUP161.EXE"
"NETMON.EXE"
"PF2.EXE"
"ANTI-TROJAN.EXE"
"taskmgr.exe"
"spysweeper.exe"
"BGTray.exe"
'ccApp.exe'
'APVXDWIN.EXE'
'ATUPDATER.EXE'
'AUPDATE.EXE'
'AUTODOWN.EXE'
'AUTOUPDATE.EXE'
'Avconsol.exe'
'AVENGINE.EXE'
'AVXQUAR.EXE'
'bawindo.exe'
'ccEvtMgr.exe'
'ccProxy.exe'
'ccPxySvc.exe'
'DefWatch.exe'
'DRWEBUPW.EXE'
'ESCANHNT.EXE'
'LUCOMS~1.EXE'
'VsTskMgr.exe'
'UpdaterUI.exe'
'NPROTECT.EXE'
'mcvsshld.exe'
'mcvsrte.exe'
'mcvsescn.exe'
'mcagent.exe'
'mcshield.exe'
'MCUPDATE.EXE'
'FrameworkService.exe'
'PINGSCAN.EXE'
'RTVSCN95.EXE'
'W9X.EXE'
'ZAUINST.EXE'
'XPF202EN.EXE'
'SPF.EXE'
'CV.EXE'
'FSAV530STBYB.EXE'
'FSAV530WTBYB.EXE'
'IAMSERV.EXE'
'KILLPROCESSSETUP161.EXE'
NETMON.EXE'
'PF2.EXE'
'ANTI-TROJAN.EXE'
'taskmgr.exe'
'SpySweeper.exe'
'BGTray.exe'
