Worm.Lemb.b

病毒别名：Worm.P2P.Lemb.b [AVP],W32/Lemb.worm!p2p [McAfee],W32.SillyP2P[Norton]

处理时间：

威胁级别：★★★

中文名称：雷暴变种B

病毒类型：蠕虫

影响系统：Win9x/WinMe/WinNT/Win2000/WinXP/Win2003

病毒行为:

编写工具:

传染条件:网络共享

发作条件:用户误运行

系统修改:

1复制病毒自身到

WINDOWS

un32.exe

WINDOWSWinstart.bat

WINDOWSsystem32 askmgr.exe

WINDOWSsystem32

egedit.exe

该病毒没有判断操作系统,强制拷贝到上述目录,有可能会失败

2.将病毒以下列名字

Rosy.exe

Pipponoto.exe

Anastacia - Left Outside Alone.mp3.exe

The Rasmus - In The Shadows.mp3.exe

50 Cent - In da Club.mp3.exe

Vanessa Carltron - OrdinaryDay.mp3.exe

Haiducii - Dragostea Din Tei.mp3.exe

Black Eyed Peas - Hey Mama.mp3.exe

Raf - In tutti i miei giorni.mp3.exe

Vasco Rossi - Buoni e cattivi.mp3.exe

Lionel Richie - Just For You.mp3.exe

复制到下列路径:

progra~1WinMXShared

progra~1TeslaFiles

progra~1LimeWireShared

progra~1MorpheusMy Shared Folder

progra~1eMuleIncoming

progra~1eDonkey2000Incoming

progra~1BearshareShared

progra~1GroksterMy Grokster

progra~1ICQShared Folder

progra~1Kazaa Lite K++My Shared Folder

progra~1Kazaa LiteMy Shared Folder

progra~1KazaaMy Shared Folder

3.在文件WINDOWSBlem.txt中写入下列内容:

P2P Blem - Coded by Sarosoft

Gedzac Labs Group 2004 - http://www.gedzac.tk

Dedicated to my Love Rosy

Saro & Rosy Forever

Rosy Ti Amo

发作现象:病毒运行后会打开网站http://www.gedzac.tk

特别说明:

该病毒是利用

WinMX,Tesla,LimeWire,Morpheus,eMule,eDonkey2000,Bearshare,Grokster,ICQ,Kazaa Lite K++,Kazaa Lite,Kazaa

的共享网络来传播,诱骗用户下载并运行该病毒