Win32.Troj.Cozit.a
【病毒名称】:Win32.Troj.Cozit.a
【处理时间】:2002-10-17
【威胁级别】:★★
【病毒类型】:木马
【影响系统】:Win9x / WinNT
【病毒行为】:
该病毒通过KaZaA P2P网络传播,用Borland C++编写且使用UPX压缩。它复制自身到Windows目录,同时修改注册表,使得其在Windows启动时自动运行。
1.病毒将自己复制到Windows目录下以Svchost.exe名字存在。
2.如果注册表键:HKEY_CURRENT_USERSoftwareKazaaLocalContent 存在,病毒会复制自身到KaZaA下载文件夹下,文件名如下:
Unreal 3 Patch.exe
UnrealTournament2003 Demo.exe
UnrealTournament2003 Patch.exe
UnrealTournament2003 Bugfix.exe
UnrealTournament2003 Crack.exe
UnrealTournament2003 Cheat.exe
Unreal 3 Crack.exe
Unreal 3 Bugfix.exe
Unreal 3 Cheat.exe
UT2003 Demo.exe
UT2003 Patch.exe
UT2003 Bugfix.exe
UT Patch.exe
Free Sex.exe
Sex Poker.exe
Wc3 Keygen.exe
Free Porn.exe
Wet Teen.exe
Pamela Andersson Sex.exe
X-Files.exe
Serials.exe
Teens.exe
Naughty Pictures.exe
WinZip.exe
AOL Hacker.exe
AOL Cracker.exe
Hotmail Hacker.exe
Hotmail Cracker.exe
Hacker.exe
Spiderman.exe
Lolitas.exe
DC Hacker.exe
DC Cracker.exe
DC Cheater.exe
DC++ Cracker.exe
DC++ Cheater.exe
DC++ Hacker.exe
DC++ Faker.exe
DC++ Fakeshare.exe
ICQ Hacker.exe
ICQ Cracker.exe
ICQ Nuker.exe
Nuker.exe
WinNuke.exe
Backdoor.exe
Trojan.exe
AD Remover.exe
Jet Li.avi.exe
DivX 5 Codecs.exe
SVCD Codecs.exe
Divx Player.exe
ICMP Nuke.exe
WinZip crack.exe
Naked Girls.exe
KaZaA.exe
Optimize your bandwidth.exe
Getright.exe
Serialz.exe
ScreenSaver.exe
Crack.exe
Jennifer Lopez Sex.exe
Warcraft 3 Patch.exe
Warcraft 3 Bugfix.exe
Warcraft 3 Cheat.exe
Warcraft 3 Serial.exe
Counter-Strike Keygen.exe
Counter-Strike Patch.exe
Counter-Strike Cheats.exe
Getright Keygen.exe
Warcraft 3 Keygen.exe
然后,病毒将注册表键值:
HKEY_CURRENT_USERSoftwareKazaaLocalContentDisableSharing
设置为0,使得下载目录被共享。
3.在12月1日,病毒更改title栏前台窗口显示的信息为:
"Lucky You [Mooze] Is Not In Bad Mood Today Coz It's Soon Christmas".
(原本为:"[Mooze] By [Mooze / Spawned Vikings]")