Worm.Holar.a

2008-02-23 09:31:37来源:互联网 阅读 ()

新老客户大回馈,云服务器低至5折

病毒名称: Worm.Holar.a 类别: 蠕虫病毒 病毒资料: 破坏方法:

Visual Basic写的病毒,是一个通过自己的SMTP引擎或微软的Outlook传播的蠕虫。

一旦执行,病毒将:

1.显示一个虚假的消息。

2.可能创建一个文件夹:%WINDIR%\Sys32s,并复制自己为:ZaCker.exe 到此目录下。

同时复制自己到系统目录下:%SYSDIR%\MizZabbat32.exe.

可能创建如下文件:

%SYSDIR%\Syschk.exe: 这是病毒传播的组件。
%SYSDIR%\Smtp.Ocx: SMTP 库
%SYSDIR%\Runhelp.cab: 包含文件: runhelp.inf
%WINDIR%\Sys32s\Runhelp.cab
%WINDIR%\Web\Folder.htt

3.可能添加如下值:

"SystemChecker"="%SYSDIR%\Syschk.exe"

到注册表的启动项:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrenVersion\Run

这样病毒就可以随系统自启动。

可能添加值:

"Cya"

到注册表键值:

HKEY_CURRENT_USER 下

4.病毒从internet的暂存目录下、微软outlook地址薄、
Yahoo Messenger和下列扩展名的文件中搜索email地址:
.asf, .avi, .doc, .jpg, .mdb, .mpe, .mpeg, .mpg, .pps, .ram, .rar, or .xls.
病毒使用自己的 SMTP 引擎或 Outlook 发送带毒邮件到搜索到的地址。

病毒的邮件消息可能有如下内容:

hey
Check this out ;)
Hey
I thought you trusted me but ...
i haven't ever thought i should send u my briefcase to gain ur Trust .
Have it all :) bye
Hey Wussap?

Here is the Emmy ;) Dont tell Sam aBT it
Cya
Another one?
Heyyyy
I lost the other email , anyway i sent u all u need
Cya
Hey
i have just got it , plz tell me if u need more.
bye
Heyyyyyyyy Lola Wussaaap??
I forgot to tell u , the other file is with Sam:) bye
YO DUMP , IM SICK OF UR EMAILS , IF U LOSE IT
AGAIN I WONT GIVE IT TO U, SAVE IT
BYEEE
Hey wussap?
i lost Sara's Email plzz send this file to her :)
and tell her i can't be online tonight
Bye
heyyy
I can't be online tonight :(
anyway , i sent u something u r gonna love ;)
cya tomorrow
Hi
i just wanted to say sorry for last night
and .. i wish u accept this as an apology
bye dear
elegant ppl should satisfy thier taste with elegant things ;)
Wait for more :)
I've got your email , but you forgot to upload the attachments.
Don't be selfish , i sent you all the files i have, send me anything :(
bye
heyyyy
i tried many times to send u this email but ur account
was out of storage as i think
any way , make sure that i didn't and i won't forget u :)
Cya Forgotten :P
i thing the subject is enough to describe the attached file !
check it out and replay your opinion
Cya
Hiiiiiii
i've got this surprise from a friend :)
it really deserves a few minutes of your time.
Bye
Never mind !
Attatchments
See the attatched file
you seem to be mad @ me coz i didn't send u anything for along time,
i didn't forget u , but i was kinda busy , i've got all of ur emails
thanx :) and i hope u accept this one as an apology.

gift :)
Surprise!
Hi
i'm fine , thanx for aSKINg :)
and thanx for the nice attachements.
but unfortunately, i don't remember you
i will be waiting for u emaill to remind me of your self.
Hummm , i hope u accept this show as an apology.
bye
save it for hard times
Happy Times :)
Useful
Very funny
hey wuts up?
i found this amazing file in my Recycled , i know u love this kind of things ;)
cyaaa
you have to see this!
amazing!
病毒的清除法: 使用光华反病毒软件,彻底删除。 病毒演示: 病毒FAQ: Windows下的PE病毒。
发现日期: 2003-12-1

标签:

版权申明:本站文章部分自网络,如有侵权,请联系:west999com@outlook.com
特别注意:本站所有转载文章言论不代表本站观点,本站所提供的摄影照片,插画,设计作品,如需使用,请与原作者联系,版权归原作者所有

上一篇:Worm.Sdbot-go.g.enc

下一篇:Bat.muma