病毒预警:光华反病毒资讯(05月05日-05月11日) |
| 更新时间:2008-5-11 0:40:02 |
责任编辑:流火 |
|
|
光华反病毒研究中心近日进行病毒特征码更新,请用户尽快到光华网站www.viruschina.com下载升级包,以下是几个重要病毒的简介:
一、W32病毒:W32.Zatyudi.A 危害级别:★★★☆☆
根据光华反病毒研究中心专家介绍,W32.Zatyudi.A 是个 W32 病毒,长度 57,603 字节,感染 Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000 系统。它通过邮件传播,关闭杀毒软件,当收到、打开此病毒时,有以下危害:
A 创建以下文件
C:\WINDOWS\system32\[8-DIGIT HEXADECIMAL NUMBER]\services.exe
C:\WINDOWS\system32\[8-DIGIT HEXADECIMAL NUMBER]\services.dat
C:\WINDOWS\winlogon.exe
B 创建注册表项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"NTservices" = "C:\WINDOWS\system32\[8-DIGIT HEXADECIMAL NUMBER]\services.exe -update"
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell" = "Explorer.exe C:\WINDOWS\winlogon.exe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\"AlternateShell" = "winlogon.exe -safemode"
HKEY_USERS\.DEFAULT\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell" = "Explorer.exe C:\WINDOWS\winlogon.exe"
使得病毒开机时自动执行
C 使用以下扩展名的文件通过邮件发送自身
.exe
.scr
.com
.pif
.cmd
.wab
.asp
.dbx
.eml
.htm
.html
.jsp
.msg
.php
.shtm
.shtml
.txt
.xml
.js
.xml
.aspx
D 避免发送给含有以下字符的地址
@microsoft
rating@
anti
secur
news
update
kasp
admin
icrosoft
support
ntivi
unix
bsd
nux
listserv
certific
sopho
avas
@foo
@iana
desk
free-av
@messagelab
winzip
google
winrar
samples
abuse
panda
cafee
spam
pgp
@avp.
noreply
local
root@
.org
@sys
premium
titanium
viruz
virus
support
orman
aladin
groups
anyone@
bugs@
contract@
feste
gold-certs@
help@
info@
nobody@
noone@
@sun
master
project
ternal
fbi
gmx
crack
hack
code
ware
trojan
clean
spy
movsd
masm
@pc
source
h4ck
compu
sales
catch
mantec
defen
viri
kill
cisco
labs
trust
sweep
winrar
winzip
submit
l0pht
phreak
E 收集邮件地址保存在C:\Recycled.[8-DIGIT HEXADECIMAL NUMBER]\yudizat.zat
F 使用以下的文件名,复制自身到移动硬盘和网络共享的随机位置
Bank mini Games.exe
Apache_server_831.exe
Internet Explorer Vista.exe
Nation Instinct.exe
Crack Windows vista final release.exe
Gorilaz complete album lyrics.exe
Winamp Deluxe pro.exe
Bank Mini Games complete 2007.exe
Nero final version 8.exe
PHP nuke hack 3.exe
Guitar XP studio.exe
war games.exe
Splinter Cell.exe
e-Gold auto hack v2.1.exe
New yahoo messenger vista.exe
Update windows media player 10.exe
full complete codec pack.exe
XP Update.exe
Hawai Beach screen saver.exe
Britney Screensaver (live).exe
Defacer tool.exe
Trojan removal
eBay userID.exe
full AVG update 2007 pack.exe
eBay password.exe
Yahoo! password.exe
Soccer Manager 2007.exe
DeepFreeze Pro full.exe
Deep_freeze enterprise.exe
Games Cheats DataBase.exe
Californian Food v3.exe
Complete password cracker tool.exe
GameHouse Collection.exe
G 随机创建以下zip文件,包含命名为SETUP.exe的病毒文件,放置到本地共享及移动盘上
Entertainment.zip
don’t touch this!.zip
my briefcase.zip
Photo Album Packed.zip
Deep_freeze_pro8.zip
Always in memory.rar
Billing_13_professional.zip
AVP_N_license.zip
XP anti hacker.zip
H 连接以下地址,通知黑客已感染计算机地址
69.73.169.9
216.177.77.9
I 试图从以下地址下载文件
http://www.imageshack.us/images_[已删除]
http://www.ghostspell.com/freak[已删除]
http://www.wilkipedia.com/logo[已删除]
http://www.geocities.com/paleztinezgr/hack[已删除]
http://www.globalframe.com/global_[已删除]
http://www.vbstuff.com/yudizat/sour[已删除]
http://www.geocities.com/huseindam1/hack[已删除]
http://www.geocities.com/rinkdal3/hack[已删除]
http://www.zone-h.com/defacer/view[已删除]
http://yz_black.cjb.net/yz_black/blac[已删除]
http://yz_red.cjb.net/yz_red/red[已删除]
http://yz_green.cjb.net/yz_green/gree[已删除]
http://yz_yellow.cjb.net/yz_yellow/yello[已删除]
http://yz_white.cjb.net/yz_white/whit[已删除]
http://yz_gray.cjb.net/yz_gray/gray[已删除]
http://yz_violet.cjb.net/yz_violet/viole[已删除]
http://yz_silver.cjb.net/yz_silver/silve[已删除]
http://yz_hot.cjb.net/yz_hot/hot[已删除]
http://yz_cool.cjb.net/yz_cool/cool[已删除]
http://yz_freeze.cjb.net/yz_freeze/freez[已删除]
http://yz_slow.cjb.net/yz_slow/slow[已删除]
http://yz_fast.cjb.net/yz_fast/fast[已删除]
http://yz_strong.cjb.net/yz_strong/stron[已删除]
http://yz_happy.cjb.net/yz_happy/happ[已删除]
http://yz_sad.cjb.net/yz_sad/sad[已删除]
http://yz_cry.cjb.net/yz_cry/cry[已删除]
http://www.wg581.cn/confi[已删除]
J 结束含有以下字符的进程、窗口、描述的程序
SysMech
PDFIND
avtask
mav
process
ccapp
avgemc
snaps
rstrui
syslove
sstray
thread
mcvsescn
poproxy
xpshare
systray
ashmaisv
aswupdsv
nvc
cclaw
njeeves
nipsvc
update
vptray
opscan
nopdb
ccapp
ctfmon
zlh
avgupsvc
removal
virus
AGENTSVR
ANTI
MONITOR
APLICA32
APVXDWIN
ATCON
GUARD
ATRO55EN
WATCH
AUTODOWN
AUTOTRACE
AUTOUPDATE
AVCONSOL
AVGSERV9
AVLTMAIN
AVPUPD
AVSYNMGR
AVWUPD32
AVXQUAR
AVprotect9x
BD_PROFESSIONAL
BIDEF
BIDSERVER
BIPCP
BIPCPEVALSETUP
BISP
BLACKD
BLACKICE
BOOTWARN
BORG2
BS120
CDP
CFGWIZ
CFIADMIN
CFIAUDIT
CFINET
CFINET32
CLEAN
CLEAN32
CLEANER
CLEANER3
CLEANPC
CMGRDIAN
CMON016
CPD
CPF9X206
CWNB181
CWNTDWMO
config
killbox
hijackthis
DEFWATCH
DEPUTY
DPF
DPFSETUP
DRWATSON
DRWEBUPW
ENT
ESCANH95
ESCANHNT
ESCANV95
EXANTIVIRUS-CNET
FAST
FIREWALL
FLOWPROTECTOR
FP-WIN_TRIAL
FRW
FSAV
FSAV530STBYB
GBMENU
GBPOLL
GUARD
GUARDDOG
HACKTRACERSETUP
HTLOG
HWPE
IAMAPP
IAMSERV
ICLOAD95
ICLOADNT
ICMON
ICMON32
sysmech6
sysmech5
ICSSUPPNT
ICSUPP95
ICSUPPNT
IFW2000
IPARMOR
IRIS
JAMMER
KAVLITE40ENG
KAVPERS40ENG
KERIO-PF-213-EN-WIN
KERIO-WRL-421-EN-WIN
KERIO-WRP-421-EN-WIN
KILLPROCESSSETUP161
LDPRO
LOCALNET
LOCKDOWN
LOCKDOWN2000
LSETUP
LUALL
LUCOMSERVER
LUINIT
MCAGENT
MCUPDATE
MFW2EN
MFWENG3.02D30
MGUI
MINILOG
MOOLIVE
MRFLUX
CONFIG32
MSINFO32
MSSMMC32
MU0311AD
NAV80TRY
NAVAPW32
NAVDX
NAVSTUB
NAVW32
NC2000
NCINST4
admin
NDD32
1 2 下一页 | | |
| |
安全中国首页 > 新闻中心 > 日月光华新闻