Worm.Aimes.a简介_Worm.Aimes.a个人资料_Worm.Aimes.a微博_百科网
A-A+

Worm.Aimes.a简介_Worm.Aimes.a个人资料_Worm.Aimes.a微博

2016-11-27 19:02:28 科学百科 阅读 2 次

病毒名称/Worm.Aimes.a 编辑

Worm.Aimes.a
病毒别名:IM-Worm.Win32.Aimes.a【AVP】,IM-Worm.Win32.Aimes.a【RS】
处理时间:
威胁级别:★★
中文名称:
病毒类型:蠕虫
影响系统:Win9x / WinNT

病毒行为/Worm.Aimes.a 编辑


这是一个通过AOL Instant Messenger和电子邮件传播的蠕虫病毒。该病毒会禁止用户使用任务管理器和注册表编辑器,关闭Windows的自动更新功能,强行终止某些进程,从网络上下载病毒到本地机器,试图将自己拷贝到软盘驱动器A中,向AOL Instant Messenger联系人发送一条消息诱骗该联系人打开附件,从Outlook地址薄里面收集邮件地址并将病毒做为附件发送给这些邮件接收者,最后将机器设置成休眠状态。

1)病毒运行时释放下列文件:
%SystemRoot%Msvbdll.pif
%SystemRoot%msVBdll.exe
%ProgramFiles%SonyVAIO Action SetupMsVBdll32.exe
%UserProfile%Start MenuProgramsStartupmsVBdll.exe

2)添加启动项:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
"MsVBdll" = "%SystemRoot%MsVBdll.pif"

3)禁止通过Windows安全中心的防火墙、反病毒、更新通知
HKEY_CURRENT_USERSoftwareMicrosoftsecurity center
HKEY_LOCAL_MACHINESoftwareMicrosoftsecurity center
"FirewallDisableNotify" = "1"
"UpdatesDisableNotify" = "1"
"AntiVirusDisableNotify" = "1"

4)禁止使用任务管理器和注册表编辑器
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem
"DisableTaskMgr" = "1"
"DisableRegistryTools" = "1"

5)禁止Windows自动更新
HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindowsWindowsUpdateAU
"NoAutoUpdate" = "1"

6)删除以下键值
HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindowsCurrentVersionRun
"Windows" = "Auto Update.exe"

7)显示下面的某一个对话框

标题: "Blow Me"
内容: "Hello Windows has suffered from a serious error, it may never recover unless you perform oral sec on the cd drive"

标题: "Disgusting"
内容: "You are viewing this message because someone in the house is homosexual"

8)打开AOL Instant Messenger并向联系人发送消息"Hey whats up!! look what I did to my hair...lol!!"和附件%SystemRoot%picture.pif


9)从网上下载文件到C:Fix_SP2.zip

10)从Outlook地址薄里面收集邮件地址并将病毒做为附件发送给这些邮件接收者

邮件主题:Service Pack 2 BUG!!

邮件正文:
Dear user I have been informed that there was a BUG in Windows Service Pack 2 which was fixed I recommend you to download this Patch version which will fix the bug and keep your system safe.
You will find the Patch file in the attachment, feal free to send it to anyone.
I'll be in touch with you as soon as another bug is found.

Regards,
A.H

附件:C:Fix_SP2.zip

11)强行终止以下2个进程:
svchost.exe
lsass.exe

12)将机器设置为休眠状态,并试图将自己拷贝到A:homework.exe,如果驱动器A不可用,就显示"Run-time error '71': Disk not ready"。