Worm.Nocana.e
2008-02-23 09:22:15来源:互联网 阅读 ()
启动方式:
注册表启动,相关的注册表键值为:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion
\RunServices\Services
"%SYSDIR%\CURFILE"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion
\Run\ALM
"%SYSDIR%\CURFILE"
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion
\Run\Under20
"%SYSDIR%\CURFILE"
传播方式:
病毒通过P2P文件共享和邮件附件进行传播。
病毒行为:
1.VB写的病毒,能够终止许多诸如avp等反病毒软件包含如下内容:
Out of my heart?
Nelly Furtado!
New! Dragon Ball Fx
TIPs: HOW TO DEFACE A WEBSERVER?
What New in The ScreenSaver!
FoxNews Reporter: There are no Solution for SARS?
Get Your Free XXX PassWord!
Gotcha baby!
Crack for Nokia LogoManager 1.3
Help me plz?
TechTV: New Anti Virus Software
News: US Government try to make wars with Tehran.
Re: are you married?(3)
Seagate Baracuda 80GB for $???*Small And DestrUCive!
Alert! New Variant Anacon.D has been detected!
221,Free SMS Via NACO SMS!
Patch for Microsoft Windows XP 64bit
Your FTP Password: iuahdf7d8hfFGet Free SMTP Server at Click Here!
Hello dear,I'm gonna missed you babe, hope we can see again!
In Love,*Rekcahlem ~<>~ Anacon
I babe, Still missing me! I have send to you a special gift I made it my own.
Just for you. Check it out the attachment.
Your Love,Rekcahlem
http://vx.***.org/~melhacker/anaconIV.exe\bgII.exe(.: Anacon IV Worm :.
reat to see you again babe! This is file you want las week.
Please don't distribute it to other.
Regard,V.C.Attention!
please do not eat pork! The SARS virus may come from the pig.
So becareful. For more information check the attachment.
Regard, WTO
You may not see the message because the message has been convert to the attachment. Please open an attachment to see the message.
附件就是病毒。
3.通过p2p传播时会复制自身到p2p软件的目录下,文件名一般为:
The Lost Jungle.mpg.exe
The Matrix Reloaded Trailer.jpg.exe
Replacement Killer 2.avi.exe
Trailer DOOM III.exe
WinZip9Beta.exe
WhatIsGoingOn.exe
NokiaPolyPhonic.exe
TNT.exe
Dont Eat Pork SARS in there.exe
About SARS Solution.doc.exe
TIPS HOW TO CRACK SYMANTEC SERVER.txt.exe
VISE MINDVISION.exe
Uninstal.exe
WindowsSecurity Patch.exe
Hide Your Mount.exe
Patch - jdbgmgr.exe
NEW POWERTOY FOR WINXP.exe
Generate a Random PAssword.exe
OfficeXP.exe
Ripley Believe It Or Not.exe
Anacon The Great.exe
New Variant.exe
SMTP OCX.exe
DialUp.pif
Lost YourPassword.txt.exe
Hack In 5 Minute.exe
Get Lost.exe
h Yeah Babe.exe
Sucker.exe
MSWINSCK.OCX.EXE
Downloader.exe
HeavyMetal.mp3.exe
JackAndGinnie.exe
RosalindaAyamorfxanacon.com
GetMorePower.exe
Hacker HandBook.exe
Dincracker eZine.exe
La Intrusa.exe
Porta.exe
4.病毒启动后弹出一个消息框:标题为:Anacon IV WOrm
消息为:.: Anacon IV Worm :.
THanX FOr SupPorted:
...
发作时格式化D盘,删除C盘根目录下所有文件
5.病毒会建立一个bat文件将下列目录文件改名:
C:\Inetpub\wwwroot\
D:\Inetpub\wwwroot
index.htm -> ANA_Index.htm
default.htm -> ANA_Default.htm
index.Html -> ANA_Index.html
default.html -> ANA_Default.html
index.ASP -> ANA_Index.asp
default.asp -> ANA_Default.asp
6.病毒还带有一个后门,通过这个后门,病毒可以:
开关光驱,开关剪贴板,记录键盘,显示隐藏TaskBar,关闭CTRL-ALT-DEL,隐藏驱动器,偷取密码, 盗ICQ的UIN,终止进程、盗取系统信息等
病毒的清除法: 使用光华反病毒软件,彻底删除。 病毒演示: 病毒FAQ: Windows下的PE病毒。VB写的蠕虫
发现日期: 2003-6-6
标签:
版权申明:本站文章部分自网络,如有侵权,请联系:west999com@outlook.com
特别注意:本站所有转载文章言论不代表本站观点,本站所提供的摄影照片,插画,设计作品,如需使用,请与原作者联系,版权归原作者所有
上一篇:Worm.Erah
IDC资讯: 主机资讯 注册资讯 托管资讯 vps资讯 网站建设
网站运营: 建站经验 策划盈利 搜索优化 网站推广 免费资源
网络编程: Asp.Net编程 Asp编程 Php编程 Xml编程 Access Mssql Mysql 其它
服务器技术: Web服务器 Ftp服务器 Mail服务器 Dns服务器 安全防护
软件技巧: 其它软件 Word Excel Powerpoint Ghost Vista QQ空间 QQ FlashGet 迅雷
网页制作: FrontPages Dreamweaver Javascript css photoshop fireworks Flash