Worm.Beagle.fi

病毒名稱(中文):

病毒別名:

威脅級別:

★☆☆☆☆

病毒類型:

蠕蟲病毒

病毒長度:

69842

影響系統:

Win9xWinMeWinNTWin2000WinXPWin2003

病毒行爲:

這是一種通過郵件傳播的蠕蟲病毒,該病毒搜索被感染機器上的郵件地址把自己的拷貝發送出去,並且會嘗試下載新病毒變種。該病毒並且會生成驅動保護病毒,刪除大量的注冊表項,使被感染的機器無法進入安全模式。

1。生成文件:

%ApplicationData%\hidn\hidn.exe

%ApplicationData%\hidn\m_hook.sys

C:\error.gif

2.當病毒第一次運行的時候會生成一下鍵值:

HKCU\Software\FirstRuxzx

FirstRun

3.起始項裏面添加以下內容:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

drv_st_key

4.嘗試連接smtp.google.com判定網絡是否連通。

5.嘗試下載以下文件:

http://www.titanmotors.com/images/1/eml.php

http://veranmaisala.com/1/eml.php

http://wklight.nazwa.pl/1/eml.php

http://yongsan24.co.kr/1/eml.php

http://accesible.cl/1/eml.php

http://hotelesalba.com/1/eml.php

http://amdlady.com/1/eml.php

http://inca.dnetsolution.net/1/eml.php

http://www.auraura.com/1/eml.php

http://avataresgratis.com/1/eml.php

http://beyoglu.com.tr/1/eml.php

http://brandshock.com/1/eml.php

http://www.buydigital.co.kr/1/eml.php

http://camaramafra.sc.gov.br/1/eml.php

http://camposequipamentos.com.br/1/eml.php

http://cbradio.sos.pl/1/eml.php

http://c-d-c.com.au/1/eml.php

http://www.klanpl.com/1/eml.php

http://coparefrescos.stantonstreetgroup.com/1/eml.php

http://creainspire.com/1/eml.php

http://desenjoi.com.br/1/eml.php

http://www.inprofile.gr/1/eml.php

http://www.diem.cl/1/eml.php

http://www.discotecapuzzle.com/1/eml.php

http://ujscie.one.pl/777.gif

http://1point2.iae.nl/777.gif

http://appaloosa.no/777.gif

http://apromed.com/777.gif

http://arborfolia.com/777.gif

http://pawlacz.com/777.gif

http://areal-realt.ru/777.gif

http://bitel.ru/777.gif

http://yetii.no-ip.com/777.gif

http://art4u1.superhost.pl/777.gif

http://www.artbed.pl/777.gif

http://art-bizar.foxnet.pl/777.gif

http://www.jonogueira.com/777.gif

http://asdesign.cz/777.gif

http://ftp-dom.earthlink.net/777.gif

http://www.aureaorodeley.com/777.gif

http://www.autoekb.ru/777.gif

http://www.autovorota.ru/777.gif

http://avenue.ee/777.gif

http://www.avinpharma.ru/777.gif

http://ouarzazateservices.com/777.gif

http://stats-adf.altadis.com/777.gif

http://bartex-cit.com.pl/777.gif

http://bazarbekr.sk/777.gif

http://gnu.univ.gda.pl/777.gif

http://bid-usa.com/777.gif

http://biliskov.com/777.gif

http://biomedpel.cz/777.gif

http://blackbull.cz/777.gif

http://bohuminsko.cz/777.gif

http://bonsai-world.com.au/777.gif

http://bpsbillboards.com/777.gif

http://cadinformatics.com/777.gif

http://canecaecia.com/777.gif

http://www.castnetnultimedia.com/777.gif

http://compucel.com/777.gif

http://continentalcarbonindia.com/777.gif

http://ceramax.co.kr/777.gif

http://prime.gushi.org/777.gif

http://www.chapisteriadaniel.com/777.gif

http://charlesspaans.com/777.gif

http://chatsk.wz.cz/777.gif

http://www.chittychat.com/777.gif

http://checkalertusa.com/777.gif

http://cibernegocios.com.ar/777.gif

http://5050clothing.com/777.gif

http://cof666.shockonline.net/777.gif

http://comaxtechnologies.net/777.gif

http://concellodesandias.com/777.gif

http://www.cort.ru/777.gif

http://donchef.com/777.gif

http://www.crfj.com/777.gif

http://kremz.ru/777.gif

http://dev.jintek.com/777.gif

http://foxvcoin.com/777.gif

http://uwua132.org/777.gif

http://v-v-kopretiny.ic.cz/777.gif

http://erich-kaestner-schule-donaueschingen.de/777.gif

http://vanvakfi.com/777.gif

http://axelero.hu/777.gif

http://kisalfold.com/777.gif

http://vega-sps.com/777.gif

http://vidus.ru/777.gif

http://viralstrategies.com/777.gif

http://svatba.viskot.cz/777.gif

http://Vivamodelhobby.com/777.gif

http://vkinfotech.com/777.gif

http://vytukas.com/777.gif

http://waisenhaus-kenya.ch/777.gif

http://watsrisuphan.org/777.gif

http://www.ag.ohio-state.edu/777.gif

http://wbecanada.com/777.gif

http://calamarco.com/777.gif

http://vproinc.com/777.gif

http://grupdogus.de/777.gif

http://knickimbit.de/777.gif

http://dogoodesign.ch/777.gif

http://systemforex.de/777.gif

http://zebrachina.net/777.gif

http://www.walsch.de/777.gif

http://hotchillishop.de/777.gif

http://innovation.ojom.net/777.gif

http://massgroup.de/777.gif

http://web-comp.hu/777.gif

http://webfull.com/777.gif

http://welvo.com/777.gif

http://www.ag.ohio-state.edu/777.gif

http://poliklinika-vajnorska.sk/777.gif

http://wvpilots.org/777.gif

http://www.kersten.de/777.gif

http://www.kljbwadersloh.de/777.gif

http://www.voov.de/777.gif

http://www.wchat.cz/777.gif

http://www.wg-aufbau-bautzen.de/777.gif

http://www.wzhuate.com/777.gif

http://zsnabreznaknm.sk/777.gif

http://xotravel.ru/777.gif

http://ilikesimple.com/777.gif

http://yeniguntugla.com/777.gif

6.結束以下進程:

"ashAvast.exe"

"ashDisp.exe"

"ashEnhcd.exe"

"ashPopWz.exe"

"ashSimpl.exe"

"ashSkPck.exe"

"ashWebSv.exe"

"AUPDATE.EXE"

"Avconsol.exe"

"avgcc.exe"

"avgemc.exe"

"AVGNT.EXE"

"AVSCHED32.EXE"

"Avsynmgr.exe"

"AVWUPD32.EXE"

"bdmcon.exe"

"bdnews.exe"

"bdsubmit.exe"

"bdswitch.exe"

"cafix.exe"

"ccApp.exe"

"CCEVTMGR.EXE"

"CCSETMGR.EXE"

"ClamTray.exe"

"ClamWin.exe"

"CMGrdian.exe"

"drwadins.exe"

"drweb32w.exe"

"drwebscd.exe"

"drwebupw.exe"

"freshclam.exe"

"GUARDGUI.EXE"

"GuardNT.exe"

"INETUPD.EXE"

"InocIT.exe"

"InoUpTNG.exe"

"isafe.exe"

"KAV.exe"

"kavmm.exe"

"KAVPF.exe"

"LUALL.EXE"

"Luupdate.exe"

"Mcshield.exe"

"NAVAPSVC.EXE"

"nod32.exe"

"nod32kui.exe"

"NPFMNTOR.EXE"

"npfmsg.exe"

"Nvcod.exe"

"Nvcte.exe"

"Nvcut.exe"

"outpost.exe"

"pccguide.exe"

"PcCtlCom.exe"

"QHPF.EXE"

"Realmon.exe"

"regedit.exe"

"regedt32.exe"

"RuLaunch.exe"

"SNDSrvc.exe"

"SPBBCSvc.exe"

"spiderml.exe"

"symlcsvc.exe"

"Tmntsrv.exe"

"TmPfw.exe"

"tmproxy.exe"

"Up2Date.exe"

"upgrepl.exe"

"Vba32ECM.exe"

"Vba32ifs.exe"

"vba32ldr.exe"

"Vba32PP3.exe"

"Vshwin32.exe"

"VsStat.exe"

"zatutor.exe"

"zlclient.exe"

"zonealarm.exe"

"guardnt.sys"

"filtnt.sys"

avsvc.exe

bdmcon.exe

vsserv.exe

bdnews.exe

livesrv.exe

mcupdate.exe

frameworkservice.exe

upgrader.exe

apvxdwin.exe

LuComServer_2_5.EXE

lucomserver_2_6.exe

drwebupw.exe

nod32krn.exe

7.在被感染的機器上搜索以下的文件格式,查找郵件地址:

.wab

.txt

.msg

.htm

.shtm

.stm

.xml

.dbx

.mbx

.mdx

.eml

.nch

.mmf

.ods

.cfg

.asp

.php

.pl

.wsh

.adb

.tbb

.sht

.xls

.oft

.uin

.cgi

.mht

.dhtm

.jsp

8.不向含有以下字符的郵件地址發送郵件:

@hotmail

@msn

@microsoft

rating@

f-secur

news

update

anyone@

bugs@

contract@

feste

gold-certs@

help@

info@

nobody@

noone@

kasp

admin

icrosoft

support

ntivi

unix

bsd

linux

listserv

certific

sopho

@foo

@iana

free-av

@messagelab

winzip

google

winrar

samples

abuse

panda

cafee

spam

pgp

@avp.

noreply

local

root@

postmaster@

· 湖北宜昌三峽壩區水面驚現神秘動物

近日,湖北宜昌,一段視頻在當地熱傳:有網友在三峽壩區拍到神秘動物,體型碩大數米長...

· 什麽是語段?語段的類型以及和句群、段落的區別與聯系是什麽?

句群是最高級的語言單位。 段落(自然段)是章法單位...

· 十八部好看的賭石類小說

以下是十八部(排名不分先後)好看的賭石類小說的簡介,喜歡的朋友可以去搜索書名閱讀...

 
Worm.Beagle.gi
病毒名稱(中文): 病毒別名: 威脅級別: ★☆☆☆☆ 病毒類型: 蠕蟲病毒 病毒長度: 46150影響系統:Win9xWinMeWinNTWin2000WinXPWin2003病毒行爲: 這是一種通過郵件傳播的蠕蟲病毒,該病毒通過搜...查看完整版>>Worm.Beagle.gi
 
Worm.Beagle.u
病毒名稱(中文): 病毒別名: 威脅級別: ★☆☆☆☆ 病毒類型: 蠕蟲病毒 病毒長度: 35307影響系統:Win9xWinMeWinNTWin2000WinXPWin2003病毒行爲: 這是一個通過電子郵件傳播的蠕蟲病毒。 1,釋放下...查看完整版>>Worm.Beagle.u
 
Worm.Beagle.fu
病毒名稱(中文): 惡鷹fu 病毒別名: 威脅級別: ★★☆☆☆ 病毒類型: 蠕蟲病毒 病毒長度: 16384影響系統:Win9xWinMeWinNTWin2000WinXPWin2003病毒行爲: 這是一種通過郵件傳播的蠕蟲病毒,該病毒...查看完整版>>Worm.Beagle.fu
 
Worm.Beagle.gf
病毒名稱(中文): 病毒別名: 威脅級別: ★☆☆☆☆ 病毒類型: 蠕蟲病毒 病毒長度: 46010影響系統:Win9xWinMeWinNTWin2000WinXPWin2003病毒行爲: 這是一種通過郵件傳播的蠕蟲病毒,該病毒搜索被...查看完整版>>Worm.Beagle.gf
 
Worm.Beagle.cs
病毒名稱(中文): 惡鷹 病毒別名: 威脅級別: ★☆☆☆☆ 病毒類型: 蠕蟲病毒 病毒長度: 14340影響系統:Win9xWinMeWinNTWin2000WinXPWin2003病毒行爲: 該病毒是惡鷹病毒的一個加載器。該病毒運行...查看完整版>>Worm.Beagle.cs