|
查看: 731|回复: 3
|
[询问]这是新病毒吗???URGENT!!!
[复制链接]
|
|
|
annoying crazy frog getting killed, crazy frog gets killed by train!, fat elvis!lol, how blonde eats a banana.., lol that ur pic!, me on holiday, mona lisa wants her smile back, my new photo!, see my lesbian friends, the cat and the fan piccy, topless in mini skirt!lol. .pif files
这是新病毒的化身吗???我很多朋友已经中招,它是通过任何messager auto send的。。。中了之后,antivirus即某些软件都不能开!!!而且中了之后,会通过messager auto send给其他在你buddy list里的人!!! |
|
|
|
|
|
|
|
|
|
|
|
发表于 7-3-2005 06:17 PM
|
显示全部楼层
|
|
|
|
|
|
|
|
|
|
|
发表于 7-3-2005 07:07 PM
|
显示全部楼层
转贴
病毒名称:Worm.MSNLoveme.e 影响系统:Win9x / WinNT 处理时间:2005-03-07
中文名称:性感鸡变种E 病毒类型:蠕虫 威胁级别: ★★★
病毒别名:
病毒行为
该病毒为性感鸡变种E,它通过MSN和网络共享目录传播自身.当用户感染该病毒后,该病毒会修改hosts文件,使众多安全及反病毒公司网站重定向一个固定的IP,导致无法正常这此公司的网站;结束常用的反病毒软件进程;禁止运行一些系统程序(如:任务管理器,msconfig.exe等),严重影响用户的正常工作.
1.复制自身到系统目录%System32%下:
serbw.exe
formatsys.exe
2.复制自身到%SystemRoot%下:
msmbw.exe
3.在系统盘根目录下创建以下文件:
Crazy-Frog.Html
lspt.exe
Crazy frog gets killed by train!.pif
Annoying crazy frog getting killed.pif
See my lesbian friends.pif
LOL that ur pic!.pif
My new photo!.pif
Me on holiday!.pif
The Cat And The Fan piccy.pif
How a Blonde Eats a Banana...pif
Mona Lisa Wants Her Smile Back.pif
Topless in Mini Skirt! lol.pif
Fat Elvis! lol.pif
Jennifer Lopez.scr
Message to n00b LARISSA.txt
4.修改注册表使自身随计算机启而自动运行
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
serpe = "%System32%\serbw.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
serpe = "%System32%\serbw.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
serpe = "%System32%\serbw.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
serpe = "%System32%\serbw.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
serpe = "%System32%\serbw.exe"
5.修改hosts文件,使众多安全及反病毒公司网站重定向一个固定的IP,导致无法正常下列公司的网站:
64.233.167.104 www.symantec.com
64.233.167.104 www.sophos.com
64.233.167.104 www.mcafee.com
64.233.167.104 www.viruslist.com
64.233.167.104 www.f-secure.com
64.233.167.104 www.avp.com
64.233.167.104 www.kaspersky.com
64.233.167.104 www.networkassociates.com
64.233.167.104 www.ca.com
64.233.167.104 www.my-etrust.com
64.233.167.104 www.nai.com
64.233.167.104 www.trendmicro.com
64.233.167.104 www.grisoft.com
64.233.167.104 securityresponse.symantec.com
64.233.167.104 symantec.com
64.233.167.104 sophos.com
64.233.167.104 mcafee.com
64.233.167.104 liveupdate.symantecliveupdate.com
64.233.167.104 viruslist.com
64.233.167.104 f-secure.com
64.233.167.104 kaspersky.com
64.233.167.104 kaspersky-labs.com
64.233.167.104 avp.com
64.233.167.104 networkassociates.com
64.233.167.104 ca.com
64.233.167.104 mast.mcafee.com
64.233.167.104 my-etrust.com
64.233.167.104 download.mcafee.com
64.233.167.104 dispatch.mcafee.com
64.233.167.104 secure.nai.com
64.233.167.104 nai.com
64.233.167.104 update.symantec.com
64.233.167.104 updates.symantec.com
64.233.167.104 us.mcafee.com
64.233.167.104 liveupdate.symantec.com
64.233.167.104 customer.symantec.com
64.233.167.104 rads.mcafee.com
64.233.167.104 trendmicro.com
64.233.167.104 grisoft.com
64.233.167.104 sandbox.norman.no
64.233.167.104 www.pandasoftware.com
64.233.167.104 uk.trendmicro-europe.com
6.结束安全软件和禁止运行一些系统程序(如:任务管理器,msconfig.exe等):
7.向MSN好友发送病毒文件,如下图:
8.通网络共享目录(如eMule)传播自身,可能的文件名如下:
Messenger Plus! 3.50.exe
MSN all version polygamy.exe
MSN nudge bomb.exe |
|
|
|
|
|
|
|
|
|
|
|
楼主 |
发表于 7-3-2005 07:09 PM
|
显示全部楼层
|
|
|
|
|
|
|
|
|
| |
 本周最热论坛帖子
|
变色卡
千斤顶
1897 
21
