Worm.DellCom

王朝百科·作者佚名  2009-12-26  
宽屏版  字体: |||超大  

Worm.DellCom

病毒别名:Worm.P2P.gen [AVP]

处理时间:

威胁级别:★

中文名称:

病毒类型:蠕虫

影响系统:Win9x/WinMe/WinNT/Win2000/WinXP/Win2003

病毒行为:

编写工具:

传染条件:通过网络高速传播

发作条件:

系统修改:

A、在系统目录下添加以下文件:

%System%DellCom.exe

%System%DellCom.exe-up.txt

以及一个文件夹:

%System%kazaabackupfiles

在该文件夹下包含如下文件:

vicecity.exe

gtafull.exe

gta crack.exe

Harry_PotteR_TETRIS.exe

crazy taxi 2.exe

doom3 beta.exe

quake 3 mods.exe

half-life.exe

RA21006EN.exe

hl1110.exe

osp-Quake3-1[1].01_full.exe

q3pointrelease_131.exe

osp-wolf-0.21.exe

Wolf_Update_141_full.exe

Diablo Dupe Hack.exe

Diablo Map Hack.exe

Starcraft Map hack.exe

half life bunny hop.exe

Half life wall hack.exe

Half life skin hack.exe

Hacktoolz.exe

PeeLover_game.exe

Lord_of_the_rings_screensaver.exe

Harry_Potter_screensaver.exe

Enrique Iglesias ScreenSaver.exe

Ja Rule ScreenSaver.exe

Pamela_Anderson vs Tommy_lee screensaver.exe

Trillian_pro_plugins.exe

Trillian Pro.exe

ICQ_Message_bot.exe

Yahoo!_Message_Bot.exe

Paltalk_pwd_hacker.exe

Paltalk_AntiBouncer.exe

Credit_Card_Gen_5.50.exe

Windows_xp_Media_center_hacker.exe

Hotmail_pwd_hacker.exe

Yahoo!_hacker.exe

XXX_Passwords.exe

WinXP_KeyGen.exe

WinMX_Backdoor_Hack.exe

Windows_XP_Keygen.exe

Windows_XP_Backdoor_Hack.exe

Windows_Hacker.exe

Windows_98_Hacker.exe

WinACE_With_Crack.exe

Warcraft_3_Keygen.exe

Warcraft_3_Crack.exe

Mirc crack.exe

mIRC_Backdoor_hack.exe

Nero Full Version.exe

lolita-dialer.exe

lolita.exe

Aol_passwordcrack.exe

XXX_Password_Generator.exe

popup_stopper.exe

KazaaLite.exe

Kmd_171.exe

Kazaa_Advertisement_Remover.exe

Kazaa_Ad_Remover.exe

IRC_Hacker.exe

ICQ_Password_Stealer.exe

ICQ_Hack.exe

ICQ_AIM_Password_Stealer.exe

Nero Crack.exe

Hot_Sex.exe

Hentai.exe

Aol_Punter.exehacking_Tools.exe

Aol_Password Steal.exe

Aol_Hacker.exe

Aim_Punter.exe

Aim_Password_Stealer.exe

Aim_Hacker.exe

B、在注册表主键:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun

下添加如下键值:

"DellComp" = "DELLCOM.exe"

在注册表主键:

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun

下添加如下键值:

"DellComp" = "DellCom.exe"

添加子键:

HKEY_CURRENT_USERSOFTWAREKAZAALocalContent

并在其下添加如下键值:

"Dir0" = "012345:%System%kazaabackupfiles"

C、该病毒运行后,还会删除第一次运行时的文件。

发作现象:

特别说明:

 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
 
© 2005- 王朝百科 版权所有