Worm.Rudy12

编写工具:

传染条件:
通过p2p共享传播。

发作条件:

系统修改:
A、将自身复制到"%System%Rubyexe"
B、在注册表主键HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun下添加键值：
"Ruby12"="%System%Rubyexe"
C、创建目录"%System%sysnet",向这个目录复制大量自身副本，文件名为：
A+CertificationTest.exe
AdobePhotoshopCSandImageReadyCS8.0Keygen.exe
AirportTycoonII-NoCD.exeCrack.exe
AllAdobeProductsKeygen.exe
AllMacromediaProductsKeygen.exe
AllMicrosoftProductsKeygen.exe
AmericanConquest-NoCD.exeCrack.exe
ApacheAH-64AirAssault-NoCD.exeCrack.exe
Battlefield1942TheRoadtoRome-NoCD.exeCrack.exe
BattlefieldVietnam-NoCD.exeCrack.exe
BitDefenderKeygen.exe
BorlandKeyGens.exe
BridgeBaron13NoCD.exeCrack.exe
BurnDvds.exe
CiscoCertificationTest.exe
CommandandConquerGeneralsNoCD.exeCrack.exe
Counterstrikeaimhack.exe
Counterstrikehacks.exe
Counter-Strike,ConditionZero-ActivationKey.exe
CrackMcAfee7.exe
CrackNorton3000.exe
DeusEx-NoCD.exeCrack.exe
Diablo2maphack.exe
Diablo2no-cdhack.exe
DivxPro5.1Serial.exe
Doom3-NoCD.exeCrack.exe
DvdPlusCrack.exe
DvdRipper.exe
DvdToVcd.exe
DvdWizardProCrack.exe
DvdXcopyCrack.exe
DvdCopyOneCrack.exe
DvdToVcdCrack.exe
EasyDvdcreatorCrack.exe
EasyDvdRipper.exe
EonixRealmOfHepmia-NoCD.exeCrack.exe
EZDvdRipper.exe
FetishFighters-NoCD.exeCrack.exe
ForbiddenSiren-NoCD.exeCrack.exe
Freelancer-NoCD.exeCrack.exe
Grom-NoCD.exeCrack.exe
HarryPotterandthePrisonerofAzkabanKeyGenandSerial.exe
HarryPotterundderGefangenevonAskabanNoCD.exeCrack.exe
IWasAnAtomicMutant-NoCD.exeCrack.exe
icqbomber.exe
IGI-2CovertStrike-NoCD.exeCrack.exe
ImpossibleCreatures-NoCD.exeCrack.exe
IpswichTownOfficialManagementGame-NoCD.exeCrack.exe
Jamella大Diablo2heroeditor.exe
KazaaallCrack.exe
MicrosoftWindowsXPProfessionalKeygen.exe
MP3encoderdecoderV1.8.exe
MSCECertificationTest.exe
NascarRacing2003SeasonNoCD.exeCrack.exe
NeroBurningRomCrack.exe
NeroBurningROMv6.3Ultra-Enterpriseeditionkey.exe
NimoCodecPackUpdater.exe
Nod32Crack.exe
NortonAntiVirus2004ProActivationKey&Serial.exe
NortonAntiVirus2005Serial.exe
NortonInternetSecurity2004Keygen&Serial.exe
NortonInternetSecurity2004ProSerial.exe
NortonInternetSecurity2005ProSerial.exe
OfficeXPUniversalCrack.exe
PANDA.AVers.lusers.exe
PANDA.lusers.exe
PrivateNurse-NoCD.exeCrack.exe
RobotArenaDesignAndDestroy-NoCD.exeCrack.exe
SeriousSam-GoldEdition-NoCD.exeCrack.exe
ShadowofMemories-NoCD.exeCrack.exe
Shrek2Serial.exeCrack.exe
SimCity4-NoCD.exeCrack.exe
SlotCity3NoCD.exeCrack.exe
SophosCrackAllVersion.exe
Spellforce-BreathofWinterCrack.exe
Spider-Man2Crack.exe
Starcraft+Broodwar1.10maphack.exe
Starcraft+Broodwar1.10no-cdhack.exe
SymantecAntivirus2005Serial.exe
SymantecInternetSecutiy2005Serial.exe
TestDrive-NoCD.exeCrack.exe
TheCampaignsofLaGrandeArmee-NoCD.exeCrack.exe
TheEmperorsMahjong-NoCD.exeCrack.exe
TheFrozenThronemaphack.exe
TomClancysSplinterCell-NoCD.exeCrack.exe
Tombstone1882-NoCD.exeCrack.exe
UnrealIITheAwakening-NoCD.exeCrack.exe
Warcraft3FrozenThronecd-cdhack.exe
Warcraft3FrozenThronemaphack.exe
Warcraft3maphack.exe
Warcraft3no-cdhack.exe
Warcraft3stathack.exe
WinACECrack.exe
WindowsNtCertificationTest.exe
WindowsServer2003Crack.exe
WinRAR3Crack.exe
WinZIP9Crack.exe
WorldOfOutlawsSprintCarRacing2002-NoCD.exeCrack.exe
XBOXX-FerRipperandTransfer.exe
XvidCodecInstaller.exe
ZoneAlarm5.0proSerial.exe
D、在注册表主键
HKEY_CURRENT_USERSoftwareiMeshClientLocalContent
HKEY_CURRENT_USERSoftwareKazaaLocalContent
HKEY_CURRENT_USERSoftwareKazaaTransfer
下添加键值
"dir0"="012345:C:WINNTSystem32sysnet"
通过这个键值，将病毒刚才创建的包含有大量病毒副本的文件夹设置为p2p软件的共享目录。

发作现象:
病毒运行的时候会弹出一个对话框，如图<20040917_Worm.Rudyjpg>
p2p软件中多了一个共享

非凡说明:
这个软件通过P2P共享传播，它会在本机创建一个目录，里面的文件名为许多流行软件的破解程序、注册机。然后该软件会修改p2p软件的设置，在用户不知情的情况下，静静将病毒创建的目录共享出去。
所以，建议广大用户尽可能不要用p2p下载软件，不要到来历不明的地方下载软件，假如万不得以要这么做，对下载下来的文件一定要用毒霸进行查毒。