Worm.Bobax.m简介_Worm.Bobax.m个人资料_Worm.Bobax.m微博_百科网
A-A+

Worm.Bobax.m简介_Worm.Bobax.m个人资料_Worm.Bobax.m微博

2016-11-29 06:20:12 科学百科 阅读 2 次

病毒简介/Worm.Bobax.m 编辑

病毒别名:
处理时间:2005-08-05
威胁级别:★
中文名称:
病毒类型:蠕虫
影响:Win 9x/ME,Win 2000/NT,Win XP,Win 2003

病毒行为/Worm.Bobax.m 编辑



1,隐蔽性强
1) 首先生成%temp%???.exe,并执行???.exe,自身退出
2) ???.exe生成%temp%???.tmp,并注入到explorer.exe,???.exe退出
3) ???.tmp拷贝病毒到%system32%thhellsedujsfl.exe
4) 删除临时文件 ???.exe、???.tmp
5) 病毒运行时,首先生成临时文件%temp%???.tmp,注入???.tmp到explorer.exe,自身退出。

2,生成文件
%system32%thhellsedujsfl.exe
%temp%???.tmp

3,添加启动项
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
fovflsoigxfmx = "%system%thhellsedujsfl.exe"

4,随机邮件内容
1) Osama Bin Laden Captured.
Attached some pics that i found
2) Saddam Hussein - Attempted Escape, Shot dead.
Attached some pics that i found
3) Testing
4) Secret!

1) Hey, Remember this?
2) Hello, Long time! Check this out!
3) Hey, I was going through my album, and look what I found..
4) Hey, Check this out :-)

1) +++ Attachment: No Virus found
+++ Panda AntiVirus - You are protected
+++ http://www.hudong.com/wiki/www.pandasoftware.com
2) +++ Attachment: No Virus found
+++ Norman AntiVirus - You are protected
+++ http://www.hudong.com/wiki/www.norman.com
3) +++ Attachment: No Virus found
+++ F-Secure AntiVirus - You are protected
+++ http://www.hudong.com/wiki/www.f-secure.com
4) +++ Attachment: No Virus found
+++ Norton AntiVirus - You are protected
+++ http://www.hudong.com/wiki/www.symantec.com
附件名可能:
1) Cool
2) pics.1
3) funny.1
4) bush.1
5) joke.1
6) secret.2

1) .pif
2) .scr
3) .exe