病毒大百科

这是一种通过邮件传播的蠕虫病毒，该病毒搜索被感染机器上的邮件地址把自己的拷贝发送出去，病毒运行时会弹出一个对话框来迷惑被感染用户.

1.生成文件:
%WINNT%\Flagex.Flg
%WINNT%\inetexplore.exe
%WINNT%\system\ActorsGallery.zip
%WINNT%\system\inetalert.exe
%WINNT%\system\InstallGallery.exe
%WINNT%\system\sysfile.dat
%WINNT%\system\zippwdinfo.dat

2.添加注册表起始项,使病毒开机运行:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
inetexplore
"%WINNT%\inetexplore.exe"

3.修改以下注册表键值,使病毒关联到exe:
HKCR\exefile\shell\open\command
@
"%WINNT%\system\inetalert.exe "%1" %*"

HKLM\SOFTWARE\Classes\exefile\shell\open\command
@
"%WINNT%\system\inetalert.exe "%1" %*"

4.生成互斥量:
OneCopyMutex

5.病毒在第一次运行的时候会弹出对话框,迷惑用户自己运行失败:

The installation has failed to start because
_agl43.dll was not found. Re-installing the
application may fix this problem.

6.发送在用户机器上搜索邮件地址并且把自己发送出去

邮件标题为:
Actors Sexy Pictures! (Axe Sexye Bazigarhaye Cinema)

内容为:
Hi my friend. This is a funny sexy actors pictures.
Enjoy it!!

Salam be tamamie baro bach inam ye collectione bahal
az axaye sexye bazigaraye cinamast. bebinid va faghat
Bekhandid!! ;)

附件文件名:
ActorsGallery.zip