病毒介绍:
W32.Campurf@mm邮件蠕虫病毒运用微软VB语言编写的,经UPX的压缩处理。其通过Microsoft Outlook进行传播感染,并向Microsoft Outlook地址簿中的所有联系人发送病毒邮件,它也可以结束一些反病毒程序和防火墙程序的进程。此病毒的感染长度为18432字节。此病毒感染安装有Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me操作系统的计算机,而不会感染安装有Macintosh, OS/2, UNIX, Linux操作系统的计算机。
1. 此病毒查找注册表键值:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders。
2.此病毒复制本身到:
\Runfc.exe
\FatCat.exe。
3.此病毒也会添加键值:
fc \runfc.exe
到注册表编辑器:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run中,使得机器启动时病毒就会自动运行。
4.它复制本身到文件Fc.exe中。
5.此病毒能够恢复键值:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer。
6.此病毒也能够复制它本身到下面的多个文件中:
Ghostreacon.avi
Happynewyear.jpg
Run in the sky.mov
Rice and curry.mp3
Bugbear solution.mpg
What and who.gif
Flash animation.swf
Estimate.mp4
Hackers description.doc
HOW TO BLOCK AN EMAIL THAT CONTAIN A VIRUS.txt
7.此病毒能够IE的默认页从注册表:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main中设为:
http:\ \vx.netlux.org\~melhacker\fc.exe。
8.此病毒将删除文件:
C:\Windows\System.dat
C:\Windows\User.dat
C:\Windows\System.da0
C:\Windows\User.da0
9.此病毒将结束如下的反病毒程序和防火墙程序的进程:
VControl.EXE
Zonealarm.exe
Wfindv32.exe
Webscanx.exe
Vsstat.exe
Vshwin32.exe
Vsecomr.exe
Vscan40.exe
Vettray.exe
Vet95.exe
Tds2-Nt.exe
Tds2-98.exe
Tca.exe
Tbscan.exe
Sweep95.exe
Sphinx.exe
Smc.exe
Serv95.exe
Scrscan.exe
Scanpm.exe
Scan95.exe
Scan32.exe
Safeweb.exe
Rescue.exe
Rav7win.exe
Rav7.exe
Persfw.exe
Pcfwallicon.exe
Pccwin98.exe
Pavw.exe
Pavsched.exe
Pavcl.exe
Padmin.exe
Avnt.exe
Outpost.exe
Nvc95.exe
Nupgrade.exe
Normist.exe
Nmain.exe
Nisum.exe
Navwnt.exe
Navw32.exe
Navnt.exe
Navlu32.exe
Navapw32.exe
N32scanw.exe
Mpftray.exe
Moolive.exe
Luall.exe
Lookout.exe
Lockdown2000.exe
Jedi.exe
Iomon98.exe
Iface.exe
Icsuppnt.exe
Icsupp95.exe
Icmon.exe
Icloadnt.exe
Icload95.exe
Ibmavsp.exe
Ibmasn.exe
Iamserv.exe
Iamapp.exe
Frw.exe
Fprot.exe
Avp.exe
Fp-Win.exe
Findviru.exe
f-Stopw.exe
f-Prot95.exe
f-Prot.exe
f-Agnt95.exe
Espwatch.exe
Esafe.exe
Ecengine.exe
Dvp95_0.exe
Dvp95.exe
Cleaner3.exe
Cleaner.exe
Claw95cf.exe
Claw95.exe
Cfinet32.exe
Cfinet.exe
Cfiaudit.exe
Cfiadmin.exe
Blackice.exe
Blackd.exe
Avwupd32.exe
Avwin95.exe
Avsched32.exe
Avpupd.exe
Avptc32.exe
Avpm.exe
Avpdos32.exe
Avpcc.exe
Avp32.exe
Avkserv.exe
Avgctrl.exe
Ave32.exe
Avconsol.exe
Autodown.exe
Apvxdwin.exe
Anti -Trojan.exe
Ackwin32.exe
_Avpm.exe
_Avpcc.exe
_Avp32.exe
10.此病毒发送的电子邮件具有如下的特征:
题目:Some One Looking for you!
正文:How to get a money in one days bussiness? The answer is inside the attachment.
附件:Fc.exe
附件大小:18432字节。
|
|
