多姿
“多姿(Worm.Dozer.a)”病毒:警惕程度★★★☆,蠕虫病毒,通过邮件传播,依赖系统: WIN9X/NT/2000/XP。
该病毒会伪装成微软的补丁来诱骗用户点击,当病毒运行后会将自身拷贝到系统目录下为:MSCSGS.EXE、MSCEXEC.EXE、MSCSGS32.EXE,并修改注册表进行自启动,用户可以据此来判断电脑是否中毒。病毒还会通过邮件系统向外发送大量的带毒邮件来阻塞网络,并且终止几十家反病毒软件的运行。以下是病毒邮件的详细信息:
病毒邮件使用的虚假邮件发送地址为:
winpatch@microsoft.com
services@microsoft.com
msnsupport@microsoft.com
helpdesk@microsoft.com
security@microsoft.com
windowsupdate@microsoft.com等
病毒邮件的标题为:
Windows Update
MSN Messenger Update
MSN Messenger vulnerability等
邮件内容为:
Attention All Microsoft Users: A patch has been issued to correct a
vulnerability in MSN Messenger which can be performed by a malicious
user in order to gain unauthorized access to compromised computers.
Windows users who have MSN Messenger 4.x and higher versions are
affected by this vulnerability and must download and install the
patch labeled
附件为:Msn_inst.exe
反病毒专家建议:建立良好的安全习惯,不打开可疑邮件和可疑网站;关闭或删除系统中不需要的服务;很多病毒利用漏洞传播,一定要及时给系统打补丁;安装专业的防毒软件进行实时监控,平时上网的时候一定要打开防病毒软件的实时监控功能。