您的位置:首页 -> 资讯中心 -> 安全相关 -> 病毒预警:光华反病毒资讯(07月09日-07月15日)

病毒预警:光华反病毒资讯(07月09日-07月15日)


加入时间:2007-7-10 中国下载吧


    光华反病毒研究中心近日进行病毒特征码更新,请用户尽快到光华网站http://www.viruschina.com下载升级包,以下是几个重要病毒的简介:
     
    一、邮件病毒:W32.Netsky.BG@mm 危害级别:★★★★★
     
    根据光华反病毒研究中心专家介绍,W32.Netsky.BG@mm 是一个邮件病毒,长度 200,704 或 204,800 或 208,896 字节,感染 Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP 系统。它通过可执行文件传播,发送病毒邮件,并感染网络共享目录。当收到、打开此病毒时,有以下危害:
     
    A 创建系统互斥量 ~~~Bloodred~~~owns~~~you~~~xoxo~~~2004 使得病毒仅执行一份
    B 在系统目录下生成文件
    bloodred.exe
    % Windows_kernel32.exe
    C 创建注册表项 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
    "Microsoft Kernel" = "%Windir%\system32\Windows_kernel32.exe"
    使得病毒每次开机后自动执行
    D 生成以下病毒文件
    系统目录base64exe.sys
    系统目录base64zip.sys
    Win目录\bloodred.zip
    临时目录\inf4D2.tmp
    E 生成文件 system32\frun.txt
    F 有时显示以下出错对话框
    标题: Error
    内容: Windows encountered an error reading the file
    G 收集从c盘到x盘以下扩展名文件中的邮件地址
    .adb
    .asp
    .dbx
    .doc
    .htm
    .html
    .jsp
    .jsp
    .rtf
    .txt
    .xml
    H 使用自带的smtp引擎发送以下特性的病毒邮件
     
    发件人(以下之一):
    administration@[邮件服务器]
    management@[邮件服务器]
    server@[邮件服务器]
    service@[邮件服务器]
    userhelp@[邮件服务器]
    邮件服务器指的是发件人服务器例如sina.com 或 263.com
     
    主题(以下之一):
    Email Account Information
    Server Error
    URGENT PLEASE READ!
    Urgent Update!
    User Info
    User Information
     
    内容(以下之一):
    There is urgent information in the attachment regarding your Email account
    Your Email account information has been removed from the system due to inactivity. To renew your account information refer to the attachment
    We regret to inform you that your account has been hijacked and used for illegal purposes. The attachment has more information about what has happened.
    Our Email system has received reports of your account flooding email servers. There is more information on this matter in the attachment
    Due to recent internet attacks, your Email account security is being upgraded. The attachment contains more details"
    Our server is experiencing some latency in our email service. The attachment contains details on how your account will be affected.
     
    附件(以下之一):
    Account_Information
    Details
    Gift
    Information
    Update
    Word_Document
     
    附件扩展名(以下之一):
    .cmd
    .pif
    .scr
     
    I 病毒还将自身打包成zip文件发送
    J 病毒避免发送到如下服务器的邮箱
    @avp
    @fsecure
    @hotmail
    @microsoft
    @mm
    @msn
    @noreply
    @norman
    @norton
    @panda
    @sopho
    @symantec
    @virusli
    K 病毒感染c盘下的所有exe可执行文件
    L 病毒复制自身到所有网络可写共享目录和从c盘到x盘中含有"shar"字符串的目录,复制的文件名称为以下之一:
    Adobe Photoshop Full Version.exe
    Battlefield 1942.exe
    Brianna banks and jenna jameson.mpeg[24 SPACES].exe
    Britney spears naked.jpeg[43 SPACES].exe
    Cisco source code.zip[23 SPACES].exe
    DVD Xcopy xpress.exe
    Kazaa Lite.zip[34 SPACES].exe
    NETSKY SOURCE CODE.zip[35 SPACES].exe
    Norton AntiVirus 2004.exe
    Opera Registered version.exe
    Snood new version.exe
    Teen Porn.mpeg[45 SPACES].exe
    Visual Studio.NET.zip[51 SPACES].exe
    WINDOWS SOURCE CODE.zip[28 SPACES].exe
    WinAmp 6.exe
    WinRAR.exe
    Windows Longhorn Beta.exe
    Windows crack.zip[46 SPACES].exe
    jenna jameson screensaver.scr
    M 病毒打开后门在TCP端口2345,等待黑客发送命令和病毒文件,收到的病毒文件保存在:
    Win目录\system32\[3 到12 随机小写字母].exe
    N 病毒在2004年11月15日后发送分布式拒绝服务攻击到www.kazaa.com
    O 病毒监控任务管理器,一旦发现立即关闭
    P 病毒关闭对以下地址的访问,使得很多杀毒软件无法访问和更新
    www.norton.com
    norton.com
    yahoo.com
    www.yahoo.com
    microsoft.com
    www.microsoft.com
    windowsupdate.com
    www.windowsupdate.com
    www.mcafee.com
    mcafee.com
    www.nai.com
    nai.com
    www.ca.com
    ca.com
    liveupdate.symantec.com
    www.sophos.com
    www.google.com
    google.com
    Q 病毒关闭以下程序(很多杀毒软件)
    AGENTSVR.EXE
    ANTI-TROJAN.EXE
    ANTIVIRUS.EXE
    ANTS.EXE
    APIMONITOR.EXE
    APLICA32.EXE
    APVXDWIN.EXE
    ATCON.EXE
    ATGUARD.EXE
    ATRO55EN.EXE
    ATUPDATER.EXE
    ATWATCH.EXE
    Au.exe
    AUPDATE.EXE
    AUTODOWN.EXE
    AUTOTRACE.EXE
    AUTOUPDATE.EXE
    AVCONSOL.EXE
    AVGSERV9.EXE
    AVLTMAIN.EXE
    AVprotect9x.exe
    AVPUPD.EXE
    avserve2.exe
    AVSYNMGR.EXE
    AVWUPD32.EXE
    AVXQUAR.EXE
    BD_PROFESSIONAL.EXE
    BIDEF.EXE
    BIDSERVER.EXE
    BIPCP.EXE
    BIPCPEVALSETUP.EXE
    BISP.EXE
    BLACKD.EXE
    BLACKICE.EXE
    BOOTWARN.EXE
    BORG2.EXE
    BS120.EXE
    CCAPP.exe
    CDP.EXE
    CFGWIZ.EXE
    CFIADMIN.EXE
    CFIAUDIT.EXE
    CFINET.EXE
    CFINET32.EXE
    CLEAN.EXE
    CLEANER.EXE
    CLEANER3.EXE
    CLEANPC.EXE
    CMGRDIAN.EXE
    CMON016.EXE
    CPD.EXE
    CPF9X206.EXE
    CPFNT206.EXE
    CV.EXE
    CWNB181.EXE
    CWNTDWMO.EXE
    D3dupdate.exe
    DEFWATCH.EXE
    DEPUTY.EXE
    DPF.EXE
    DPFSETUP.EXE
    DRWATSON.EXE
    DRWEBUPW.EXE
    ENT.EXE
    ESCANH95.EXE
    ESCANHNT.EXE
    ESCANV95.EXE
    EXANTIVIRUS-CNET.EXE
    FAST.EXE
    FIREWALL.EXE
    FLOWPROTECTOR.EXE
    FP-WIN_TRIAL.EXE
    FRW.EXE
    FSAV.EXE
    FSAV530STBYB.EXE
    FSAV530WTBYB.EXE
    FSAV95.EXE
    GBMENU.EXE
    GBPOLL.EXE
    GUARD.EXE
    HACKTRACERSETUP.EXE
    HTLOG.EXE
    HWPE.EXE
    IAMAPP.EXE
    IAMSERV.EXE
    ICLOAD95.EXE
    ICLOADNT.EXE
    ICMON.EXE
    ICSSUPPNT.EXE
    ICSUPP95.EXE
    ICSUPPNT.EXE
    IFW2000.EXE
    IPARMOR.EXE
    IRIS.EXE
    JAMMER.EXE
    KAVLITE40ENG.EXE
    KAVPERS40ENG.EXE
    KERIO-PF-213-EN-WIN.EXE
    KERIO-WRL-421-EN-WIN.EXE
    KERIO-WRP-421-EN-WIN.EXE
    KILLPROCESSSETUP161.EXE
    LDPRO.EXE
    LOCALNET.EXE
    LOCKDOWN.EXE
    LOCKDOWN2000.EXE
    LSETUP.EXE
    LUALL.EXE
    LUCOMSERVER.EXE
    LUINIT.EXE
    MCAGENT.EXE
    MCUPDATE.EXE
    MFW2EN.EXE
    MFWENG3.02D30.EXE
    MGUI.EXE
    MINILOG.EXE
    MOOLIVE.EXE
    MRFLUX.EXE
    MSCONFIG.EXE
    MSINFO32.EXE
    MSSMMC32.EXE
    MU0311AD.EXE
    NAV80TRY.EXE
    NAVAPW32.EXE
    NAVDX.EXE
    NAVSTUB.EXE
    NAVW32.EXE
    NC2000.EXE
    NCINST4.EXE
    NDD32.EXE
    NEOMONITOR.EXE
    NETARMOR.EXE
    NETINFO.EXE
    NETMON.EXE
    NETSCANPRO.EXE
    NETSPYHUNTER-1.2.EXE
    NETSTAT.EXE
    NISSERV.EXE
    NISUM.EXE
    NMAIN.EXE
    NORTON_INTERNET_SECU_3.0_407.EXE
    NPF40_TW_98_NT_ME_2K.EXE
    NPFMESSENGER.EXE
    NPROTECT.EXE
    NSCHED32.EXE
    NTVDM.EXE
    NUPGRADE.EXE
    NVARCH16.EXE
    NWINST4.EXE
    NWTOOL16.EXE
    OSTRONET.EXE
    OUTPOST.EXE
    OUTPOSTINSTALL.EXE
    OUTPOSTPROINSTALL.EXE
    PADMIN.EXE
    PANIXK.EXE
    PAVPROXY.EXE
    PCC2002S902.EXE
    PCC2K_76_1436.EXE
    PCCIOMON.EXE
    PCDSETUP.EXE
    PCFWALLICON.EXE
    PCIP10117_0.EXE
    PDSETUP.EXE
    PERISCOPE.EXE
    PERSFW.EXE
    PF2.EXE
    PFWADMIN.EXE
    PINGSCAN.EXE
    PLATIN.EXE
    POPROXY.EXE
    POPSCAN.EXE
    PORTDETECTIVE.EXE
    PPINUPDT.EXE
    PPTBC.EXE
    PPVSTOP.EXE
    PROCEXPLORERV1.0.EXE
    PROPORT.EXE
    PROTECTX.EXE
    PSPF.EXE
    PURGE.EXE
    PVIEW95.EXE
    QCONSOLE.EXE
    QSERVER.EXE
    RAV8WIN32ENG.EXE
    RESCUE.EXE
    RESCUE32.EXE
    RRGUARD.EXE
    RSHELL.EXE
    RTVSCN95.EXE
    RULAUNCH.EXE
    SAFEWEB.EXE
    SBSERV.EXE
    SD.EXE
    SETUP_FLOWPROTECTOR_US.EXE
    SETUPVAMEEVAL.EXE
    SFC.EXE
    SGSSFW32.EXE
    SHELLSPYINSTALL.EXE
    SHN.EXE
    SMC.EXE
    SOFI.EXE
    SPF.EXE
    SPHINX.EXE
    SPYXX.EXE
    SS3EDIT.EXE
    ST2.EXE
    SUPFTRL.EXE
    SUPPORTER5.EXE
    SYMPROXYSVC.EXE
    SYSEDIT.EXE
    TASKMON.EXE
    TAUMON.EXE
    TAUSCAN.EXE
    TC.EXE
    TCA.EXE
    TCM.EXE
    TDS2-98.EXE
    TDS2-NT.EXE
    TDS-3.EXE
    TFAK5.EXE
    TGBOB.EXE
    TITANIN.EXE
    TITANINXP.EXE
    TRACERT.EXE
    TRJSCAN.EXE
    TRJSETUP.EXE
    TROJANTRAP3.EXE
    UNDOBOOT.EXE
    UPDATE.EXE
    VBCMSERV.EXE
    VBCONS.EXE
    VBUST.EXE
    VBWIN9X.EXE
    VBWINNTW.EXE
    VCSETUP.EXE
    VFSETUP.EXE
    VIRUSMDPERSONALFIREWALL.EXE
    VNLAN300.EXE
    VNPC3000.EXE
    VPC42.EXE
    VPFW30S.EXE
    VPTRAY.EXE
    VSCENU6.02D30.EXE
    VSECOMR.EXE
    VSHWIN32.EXE
    VSISETUP.EXE
    VSMAIN.EXE
    VSMON.EXE
    VSSTAT.EXE
    VSWIN9XE.EXE
    VSWINNTSE.EXE
    VSWINPERSE.EXE
    W32DSM89.EXE
    W9X.EXE
    WATCHDOG.EXE
    WEBSCANX.EXE
    WGFE95.EXE
    WHOSWATCHINGME.EXE
    WINRECON.EXE
    WNT.EXE
    WRADMIN.EXE
    WRCTRL.EXE
    WSBGATE.EXE
    WYVERNWORKSFIREWALL.EXE
    XPF202EN.EXE
    ZAPRO.EXE
    ZAPSETUP3001.EXE
    ZATUTOR.EXE
    ZAUINST.EXE
    ZONALM2601.EXE
    ZONEALARM.EXE
    R 病毒创建以下系统信号量,使得系统对很多其他病毒具有免疫能力(还做好事)
    'D'r'o'p'p'e'd'S'k'y'N'e't'
    (S)(k)(y)(N)(e)(t)
    89845848594808308439858307378280987074387498739847
    AdmMoodownJKIS003
    AdmSkynetJKIS003
    Bgl_*L*o*o*s*e*
    Jobaka3
    Jobaka3l
    JumpallsNlsTillt
    KO[SkyNet.cz]SystemsMutex
    LK[SkyNet.cz]SystemsMutex
    MI[SkyNet.cz]SystemsMutex
    MuXxXxTENYKSDesignedAsTheFollowerOfSkynet-D
    NetDy_Mutex_Psycho
    NetDy_Mutex_Psycho
    Netsky AV Guard
    Protect_USUkUyUnUeUtU_Mutex
    Rabbo
    Rabbo_Mutex
    S-k-y-n-e-t--A-n-t-i-v-i-r-u-s-T-e-a-m
    SkYnEt_AVP
    SkyNet-Sasser
    SkynetNotice
    SkynetSasserVersionWithPingFast
    SyncMutex_USUkUyUnUeUtU
    SyncMutex_USUkUyUnUeUtUU
    [SkyNet.cz]SystemsMutex
    _-=oOOSOkOyONOeOtOo=-_
    _-oO]xX|-S-k-y-N-e-t-|Xx[Oo-_
    _-oOaxX|-+S+-+k+-+y+-+N+-+e+-+t+-|XxKOo-_
    ____--->>>>U<<<<--____
     
    光华反病毒软件已经对这种病毒进行了处理,请用户升级后,使用光华反病毒软件清除。
     
    二 W32病毒 W32.Cassel 危害级别:★★☆☆☆
     
    根据光华反病毒研究中心专家介绍,W32.Cassel 是一个W32病毒,长度 208,923 字节,感染 Windows 98, Windows 95, Windows XP, Windows Me, Windows NT, Windows Server 2003, Windows 2000 系统。它复制自身到移动盘,打开后门。当收到、打开此病毒时,主要有以下危害:
     
    A 复制自身到
    系统目录\Lcass.exe
    B 创建注册表项
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\
    "Lcass" = "%System%\Lcass.exe"
    使得病毒每次开机后自动执行
    C 生成文件 系统目录\mswinsck.ocx
    D 复制自身到移动盘
    [盘符]\RECYCLER\Lcass.exe
    [盘符]:\autorun.inf
    E 在HTTP 的端口 88 打开后门,等待黑客访问
    F 连接到 tzhen.3322.org,发送计算机名、ip地址、后门端口号等其他收集到的信息
     
    北京日月光华软件公司网站(http://www.viruschina.com)每日进行病毒特征码更新,光华反病毒研究中心专家提醒您:请尽快到光华安全网站在线订购光华反病毒软件来防范病毒的入侵,时刻保护您的电脑安全。光华反病毒软件用户升级到7月9日的病毒库(免费下载地址为:http://www.viruschina.com/html/update.htm)就可以完全查杀这些病毒。
热门文章
本周
本月
全部