Worm.Rudy12
病毒别名:Worm.P2P.Rudy.a[AVP]
处理时间:
威胁级别:★★
中文名称:鲁迪破解
病毒类型:蠕虫
影响系统:Win9x/WinNT/Win2K/WinXP/Win2003
病毒行为:
编写工具:
传染条件:
通过p2p共享传播。
发作条件:
系统修改:
A、将自身复制到"%System%Rubyexe"
B、在注册表主键HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun下添加键值:
"Ruby 12" = "%System%Rubyexe"
C、创建目录"%System%sysnet",向这个目录复制大量自身副本,文件名为:
A+ Certification Test.exe
Adobe Photoshop CS and ImageReady CS 8.0 Keygen.exe
Airport Tycoon II - NoCD.exe Crack.exe
All Adobe Products Keygen.exe
All Macromedia Products Keygen.exe
All Microsoft Products Keygen.exe
American Conquest - NoCD.exe Crack.exe
Apache AH-64 Air Assault - NoCD.exe Crack.exe
Battlefield 1942 The Road to Rome - NoCD.exe Crack.exe
Battlefield Vietnam - NoCD.exe Crack.exe
BitDefender Keygen.exe
Borland KeyGens.exe
Bridge Baron 13 NoCD.exe Crack.exe
BurnDvds.exe
Cisco Certification Test.exe
Command and Conquer Generals NoCD.exe Crack.exe
Counterstrike aim hack.exe
Counterstrike hacks.exe
Counter-Strike, Condition Zero - Activation Key.exe
Crack McAfee 7.exe
Crack Norton 3000.exe
Deus Ex - NoCD.exe Crack.exe
Diablo 2 map hack.exe
Diablo 2 no-cd hack.exe
Divx Pro 5.1 Serial.exe
Doom 3 - NoCD.exe Crack.exe
Dvd Plus Crack.exe
Dvd Ripper.exe
Dvd To Vcd.exe
Dvd Wizard Pro Crack.exe
Dvd Xcopy Crack.exe
DvdCopyOne Crack.exe
DvdToVcd Crack.exe
Easy Dvd creator Crack.exe
Easy Dvd Ripper.exe
Eonix Realm Of Hepmia - NoCD.exe Crack.exe
EZ Dvd Ripper.exe
Fetish Fighters - NoCD.exe Crack.exe
Forbidden Siren - NoCD.exe Crack.exe
Freelancer - NoCD.exe Crack.exe
Grom - NoCD.exe Crack.exe
Harry Potter and the Prisoner of Azkaban KeyGen and Serial.exe
Harry Potter und der Gefangene von Askaban NoCD.exe Crack.exe
I Was An Atomic Mutant - NoCD.exe Crack.exe
icqbomber.exe
IGI-2 Covert Strike - NoCD.exe Crack.exe
Impossible Creatures - NoCD.exe Crack.exe
Ipswich Town Official Management Game - NoCD.exe Crack.exe
Jamella磗 Diablo 2 hero editor.exe
Kazaa all Crack.exe
Microsoft Windows XP Professional Keygen.exe
MP3 encoder decoder V1.8.exe
MSCE Certification Test.exe
Nascar Racing 2003 Season NoCD.exe Crack.exe
Nero Burning Rom Crack.exe
Nero Burning ROM v6.3 Ultra - Enterprise edition key.exe
Nimo Codec Pack Updater.exe
Nod32 Crack.exe
Norton AntiVirus 2004 Pro Activation Key & Serial.exe
Norton AntiVirus 2005 Serial.exe
Norton Internet Security 2004 Keygen & Serial.exe
Norton Internet Security 2004 Pro Serial.exe
Norton Internet Security 2005 Pro Serial.exe
Office XP Universal Crack.exe
PANDA.AVers.lusers.exe
PANDA.lusers.exe
Private Nurse - NoCD.exe Crack.exe
Robot Arena Design And Destroy - NoCD.exe Crack.exe
Serious Sam - Gold Edition - NoCD.exe Crack.exe
Shadow of Memories - NoCD.exe Crack.exe
Shrek 2 Serial.exe Crack.exe
Sim City 4 - NoCD.exe Crack.exe
Slot City 3 NoCD.exe Crack.exe
SophosCrackAllVersion.exe
Spellforce - Breath of Winter Crack.exe
Spider-Man 2 Crack.exe
Starcraft + Broodwar 1.10 map hack.exe
Starcraft + Broodwar 1.10 no-cd hack.exe
Symantec Antivirus 2005 Serial.exe
Symantec Internet Secutiy 2005 Serial.exe
Test Drive - NoCD.exe Crack.exe
The Campaigns of La Grande Armee - NoCD.exe Crack.exe
The Emperors Mahjong - NoCD.exe Crack.exe
The Frozen Throne map hack.exe
Tom Clancys Splinter Cell - NoCD.exe Crack.exe
Tombstone 1882 - NoCD.exe Crack.exe
Unreal II The Awakening - NoCD.exe Crack.exe
Warcraft 3 Frozen Throne cd-cd hack.exe
Warcraft 3 Frozen Throne map hack.exe
Warcraft 3 map hack.exe
Warcraft 3 no-cd hack.exe
Warcraft 3 stat hack.exe
WinACE Crack.exe
Windows Nt Certification Test.exe
Windows Server 2003 Crack.exe
WinRAR 3 Crack.exe
WinZIP 9 Crack.exe
World Of Outlaws Sprint Car Racing 2002 - NoCD.exe Crack.exe
XBOX X-Fer Ripper and Transfer.exe
Xvid Codec Installer.exe
Zone Alarm 5.0 pro Serial.exe
D、在注册表主键
HKEY_CURRENT_USERSoftwareiMeshClientLocalContent
HKEY_CURRENT_USERSoftwareKazaaLocalContent
HKEY_CURRENT_USERSoftwareKazaaTransfer
下添加键值
"dir0" = "012345:C:WINNTSystem32sysnet"
通过这个键值,将病毒刚才创建的包含有大量病毒副本的文件夹设置为p2p软件的共享目录。
发作现象:
病毒运行的时候会弹出一个对话框,如图<20040917_Worm.Rudyjpg>
p2p软件中多了一个共享
特别说明:
这个软件通过P2P共享传播,它会在本机创建一个目录,里面的文件名为许多流行软件的破解程序、注册机。然后该软件会修改p2p软件的设置,在用户不知情的情况下,悄悄将病毒创建的目录共享出去。
所以,建议广大用户尽可能不要用p2p下载软件,不要到来历不明的地方下载软件,如果万不得以要这么做,对下载下来的文件一定要用毒霸进行查毒。