Worm@W32.Beagle.35
Worm@W32.Beagle.35 駭蟲會終止其他病毒或防毒軟體,也會防止寄送含有某些字串的email addresses
Beagle.35 會開啟後門 TCP port 81 並透過自己的SMTP大量發送病毒信件,此隻駭蟲也會刪除登錄檔中,包含某些字串的值,使其無法常駐,如 Antivirus、service、ICQ Net 等。 基本介紹
病毒名稱
Worm@W32.Beagle.35
病毒別名
Win32.Bagle.AR [Computer Associates], W32/Bagle.bd@MM [McAfee]
病毒型態
Worm , E-Mail
病毒發現日期
2004/11/01
影響平台
Windows 95/98/ME , Windows NT/2000/XP/2003
風險評估
散播程度:中
破壞程度:低
Worm@W32.Beagle.35信件格式:
發信者:
主旨: < 下列任一個 > Re: Re: Hello Re: Hi Re: Thank you! Re: Thanks :)
內文: :))
附加檔案: < 下列任一個 > Price price Joke副檔名可能是.com,.cpl,.exe,or .scr。
Worm@W32.Beagle.35 行為描述:
註:在Win95/98/me %System% 預設值為 C:\windows\System
在WinNT/2000/XP/2003 %System% 系統預設值為 C:\WinNT\System32
駭蟲通常會終止下列的程序,通常和其他病毒或防毒軟體有關:
mcagent.exe
mcvsshld.exe
mcshield.exe
mcvsescn.exe
mcvsrte.exe
DefWatch.exe
Rtvscan.exe
ccEvtMgr.exe
NISUM.EXE
ccPxySvc.exe
navapsvc.exe
NPROTECT.EXE
nopdb.exe
ccApp.exe
Avsynmgr.exe
VsStat.exe
Vshwin32.exe
alogserv.exe
RuLaunch.exe
Avconsol.exe
PavFires.exe
FIREWALL.EXE
ATUPDATER.EXE
LUALL.EXE
DRWEBUPW.EXE
AUTODOWN.EXE
NUPGRADE.EXE
OUTPOST.EXE
ICSSUPPNT.EXE
ICSUPP95.EXE
ESCANH95.EXE
AVXQUAR.EXE
ESCANHNT.EXE
ATUPDATER.EXE
AUPDATE.EXE
AUTOTRACE.EXE
AUTOUPDATE.EXE
AVXQUAR.EXE
AVWUPD32.EXE
AVPUPD.EXE
CFIAUDIT.EXE
UPDATE.EXE
NUPGRADE.EXE
MCUPDATE.EXE
pavsrv50.exe
AVENGINE.EXE
APVXDWIN.EXE
pavProxy.exe
navapw32.exe
navapsvc.exe
ccProxy.exe
navapsvc.exe
NPROTECT.EXE
SAVScan.exe
SNDSrvc.exe
symlcsvc.exe
LUCOMS~1.EXE
blackd.exe
bawindo.exe
FrameworkService.exe
VsTskMgr.exe
SHSTAT.EXE
UpdaterUI.exe
駭蟲會從下列其中一個下載檔案,儲存在%System%\re_file.exe,並且執行它:
www.bottombouncer.com
www.anthonyflanagan.com
www.bradster.com
www.traverse.com
www.ims-i.com
www.realgps.com
www.aviation-center.de
www.gci-bln.de
www.pankration.com
www.jansenboiler.com
www.corpsite.com
www.everett.wednet.edu
www.onepositiveplace.org
www.raecoinc.com
www.wwwebad.com
www.corpsite.com
www.wwwebmaster.com
www.dragcar.com
www.oohlala-kirkland.com
www.calderwoodinn.com
www.buddyboymusic.com
www.smacgreetings.com
www.tkd2xcell.com
www.curtmarsh.com
www.dontbeaweekendparent.com
www.soloconsulting.com
www.lasermach.com
www.generationnow.net
www.flashcorp.com
www.kencorbett.com
www.FritoPie.NET
www.leonhendrix.com
www.transportation.gov.bh
www.jhaforpresident.7p.com
www.DarrkSydebaby.com
www.cntv.info
www.sugardas.lt
www.adhdtests.com
www.argontech.net
www.customloyal.com
www.ohiolimo.com
www.topko.sk
www.alupass.lu
www.sigi.lu
www.redlightpictures.com
www.irinaswelt.de
www.bueroservice-it.de
www.kranenberg.de
www.the-fabulous-lions.de
www.mongolische-renner.de
www.capri-frames.de
www.aimcenter.net
www.boneheadmusic.com
www.fludir.is
www.sljinc.com
www.tivogoddess.com
www.fcpages.com
www.andara.com
www.freeservers.com
www.programmierung2000.de
www.asianfestival.nl
www.aviation-center.de
www.gci-bln.de
www.mass-i.kiev.ua
www.jasnet.pl
www.atlantisteste.hpg.com.br
www.fludir.is
www.rieraquadros.com.br
www.metal.pl
www.handsforhealth.com
www.angelartsanctuary.com
www.firstnightoceancounty.org
www.chinasenfa.com
www.ulpiano.org
www.gamp.pl
www.vikingpc.pl
www.woundedshepherds.com
www.cpc.adv.br
www.velocityprint.com
www.esperanzaparalafamilia.com
www.celula.com.mx
www.mexis.com
www.wecompete.com
www.vbw.info
www.gfn.org
www.aegee.org
www.deadrobot.com
www.cscliberec.cz
www.ecofotos.com.br
www.amanit.ru
www.bga-gsm.ru
www.innnewport.com
www.knicks.nl
www.srg-neuburg.de
www.mepmh.de
www.mepbisu.de
www.kradtraining.de
www.polizeimotorrad.de
www.sea.bz.it
www.uslungiarue.it
www.gcnet.ru
www.aimcenter.net
www.vandermost.de
www.szantomierz.art.pl
www.immonaut.sk
www.eurostavba.sk
www.spadochron.pl
www.pyrlandia-boogie.pl
www.kps4parents.com
www.pipni.cz
www.selu.edu
www.travelchronic.de
www.fleigutaetscher.ch
www.irakli.org
www.oboe-online.com
www.pe-sh.com
www.idb-group.net
www.ceskyhosting.cz
www.hartacorporation.com
www.glass.la
www.24-7-transportation.com
www.fepese.ufsc.br
www.ellarouge.com.au
www.bbsh.org
www.boneheadmusic.com
www.sljinc.com
www.tivogoddess.com
www.fcpages.com
www.szantomierz.art.pl
www.elenalazar.com
www.ssmifc.ca
www.reliance-yachts.com
www.worest.com.ar
www.kps4parents.com
www.coolfreepages.com
www.scanex-medical.fi
www.jimvann.com
www.orari.net
www.himpsi.org
www.mtfdesign.com
www.jldr.ca
www.relocationflorida.com
www.rentalstation.com
www.approved1stmortgage.com
www.velezcourtesymanagement.com
www.sunassetholdings.com
www.compsolutionstore.com
www.uhcc.com
www.justrepublicans.com
www.pfadfinder-leobersdorf.com
www.featech.com
www.vinirforge.com
www.magicbottle.com.tw
www.giantrevenue.com
www.couponcapital.net
www.crystalrose.ca
駭蟲會用下列名稱,複製自己到包含有"shar"字串的資料夾裡:
Microsoft Office 2003 Crack, Working!.exe
Microsoft Windows XP, WinXP Crack, working Keygen.exe
Microsoft Office XP working Crack, Keygen.exe
Porno, sex, oral, anal cool, awesome!!.exe
Porno Screensaver.scr
Serials.txt.exe
KAV 5.0
Kaspersky Antivirus 5.0
Porno pics arhive, xxx.exe
Windows Sourcecode update.doc.exe
Ahead Nero 7.exe
Windown Longhorn Beta Leak.exe
Opera 8 New!.exe
XXX hardcore images.exe
WinAmp 6 New!.exe
WinAmp 5 Pro Keygen Crack Update.exe
Adobe Photoshop 9 full.exe
Matrix 3 Revolution English Subtitles.exe
ACDSee 9.exe
駭蟲會停止和使下列services失效:
"SharedAccess" - Internet Connection Sharing
"wscsvc" - MS security center
駭蟲會開啟後門 TCP port 81。
駭蟲會搜尋下列副檔名裡的email addresses:
.wab
.txt
.msg
.htm
.shtm
.stm
.xml
.dbx
.mbx
.mdx
.eml
.nch
.mmf
.ods
.cfg
.asp
.php
.pl
.wsh
.adb
.tbb
.sht
.xls
.oft
.uin
.cgi
.mht
.dhtm
.jsp
駭蟲會防止寄送,包含下列字串的email addresses:
@hotmail
@msn
@microsoft
rating@
f-secur
news
update
anyone@
bugs@
contract@
feste
gold-certs@
help@
info@
nobody@
noone@
kasp
admin
icrosoft
support
ntivi
unix
bsd
linux
listserv
certific
sopho
@foo
@iana
free-av
@messagelab
winzip
google
winrar
samples
abuse
panda
cafee
spam
pgp
@avp.
noreply
local
root@
postmaster@
透過自己的SMTP大量發送病毒信件。
透過病毒執行後,將駭蟲本身複製到%System%
wingo.exewingo.exeopen wingo.exeopenopen wingo.exeopenopenopen wingo.exeopenopenopenopen
修改登錄檔,如此開機即會啟動駭蟲。
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
名稱=wingo 值=%System%\wingo.exe
刪除下列登錄檔中的值,使其無法常駐。
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
My AV Zone Labs Client Ex 9XHtProtect Antivirus Special Firewall Service service Tiny AV ICQNet HtProtect NetDy Jammer2nd FirewallSvr MsInfo SysMonXP EasyAV PandaAVEngine Norton Antivirus AV KasperskyAVEng SkynetsRevenge ICQ Net
駭蟲會刪除登錄檔中,包含下列字串的值,使其無法常駐。
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
My AV
Zone Labs Client Ex
9XHtProtect
Antivirus
Special Firewall Service
service
Tiny AV
ICQNet
HtProtect
NetDy
Jammer2nd
FirewallSvr
MsInfo
SysMonXP
EasyAV
PandaAVEngine
Norton Antivirus AV
KasperskyAVEng
SkynetsRevenge
ICQ Net
http://web.nutn.edu.tw/608/virus/virus-128.htm
1 則留言:
263聊天室
富婆包養網
同城情愛聊天室
洛陽桔子交友網
一夜晴同城約炮網
大胸美女視頻床友吧
哈爾濱同城交友約炮網
情交友網
桂平床友交友
聊城小市場吧
369脫水吧
369貼吧
都市情人約炮網
台灣視訊美女
6699台灣視訊
美女視訊VIP在線播放
好身材的美女視訊
上海同志聊天室
mollis上海聊天室
夜色上海同志聊天室
新疆交友聊天室
上海同城聊天室
021夜色上海聊天室
上海單身聊天室
上海聊天室哪個好
網絡聊天室第九視頻
九聊視頻聊天語音聊天
九聊視頻聊天室下載
天上人間視頻交友
同城異性視頻交友網
巴厘島異性溫泉視頻
異性休閒保健按摩視頻
女人做異性溫泉的視頻
女性享受異性溫泉視頻
男人女人親熱視頻
1905電影網在線觀看
1905電影網
1905電影在線觀看
倫理電影在線觀看
3D電影在線觀看免費
土豆網電影
土豆網在線觀看
三千世界電影網
嗨電影網官網
愛上擼綜合網
愛上擼綜合
愛上擼成人網
擼擼擼中文網
樂擼綜合網
色人居成人網
張貼留言