病毒介紹
病毒別名:Worm.Win32.Myfib.h【avp】
處理時間:
威脅級別:★★
中文名稱:
病毒類型:蠕蟲
影響系統:Win9x / WinNT
病毒行為
1。將自己複製到%system32%目錄下,檔案名稱為"kernel32dll.exe"。
2。創建名為"Meteo/EA【DCA】"的互斥量,以確保只有一個病毒檔案在運行。
3。修改註冊表以下鍵值以達到其自啟動的目的。
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Run
增加數據項:"Distributed File System"
數據值為:"kernel32dll.exe"
4。查找"explorer.exe"進程,並在該進程中創建遠程執行緒用於守護病毒進程。
5。搜尋區域網路中的其他計算機,並嘗試用系統管理員用戶名以及以下密碼登錄這些計算機
"Administrator"
"administrator"
"admin"
"Admin"
"administrator123"
"admin123456"
"administrator123456"
"administratorpasswd"
"adminpasswd"
"adminpwd"
"adminpasswd"
"password"
"Password"
"1234"
"12345"
"123456"
"1234567"
"12345678"
"123456789"
"87654321"
"7654321"
"654321"
"54321"
"000000"
"passwd"
"Passwd"
"00000000"
"0007"
"007007"
"0246"
"0249"
"#$%^"
"!@#$%^&"
"!@#$%^&*"
"root"
"daemon "
"bin "
"sys "
"adm "
"nobody "
"noaccess"
"freedom"
"1a2b3c"
"1p2o3i"
"1q2w3e"
"1qw23e"
"1sanjose"
"2004"
"2222"
"4444"
"love"
"4runner"
"7777"
"888888"
"99999999"
"#$%^&"
"a12345"
"a1b2c3"
"a1b2c3d4"
"aaaaaa"
"abby"
"abc123"
"abcd"
"abcd1234"
"abcde"
"abcdef"
"abcdefg"
"access"
"action"
"active"
"adam"
"mypc"
"mypc123"
"admin123"
"pw123"
"mypass"
"mypass123"
"asdf"
"asdfg"
"asdfgh"
"asdfghjk"
"asdfjkl"
"asdfjkl;"
"hacker"
"zxcvb"
"zxcvbnm"
"xxxx"
"test"
"test1"
……
6。如果登錄成功,病毒將會把自己複製到該計算機的%system32%目錄下,檔案名稱為"Dfsvc.exe"。
