当前位置:首页>安全专题>安全预警>文章内容
W32.Mytob.GT@mm病毒警报
出处:天网安全阵线 作者:佚名 责任编辑:ANSON 2005-07-08
性质:蠕虫病毒
文件大小53248字节
危害:低
传染速度:高
受影响系统:WINDOWS 95、98、2000、NT、XP & 2003
病毒症状:
1、在system32文件夹下生成Crc32stats.exe文件
2、在以下注册表项目新增键值"Crc32stats Dependencies" = "Crc32stats.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
3、修改以下注册表键值HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess
"Start" = "4"
传播:从以下文件中提取邮件地址并发送病毒文件:
.Adb .Asp .Cgi .Dbx .Htm .HTML .Jsp .Php .Sht .Tbb .Txt .Wab .Xml
信件的伪造发出者可能是以下名字:
adam /admin /alex /andrew /anna /bill /bob /brenda /brent /brian /claudia /dan /dave /david /debby /frank /fred /george /helen /jack /jane /jim /jimmy /joe /john /jose /josh /julie /kevin /leo /linda /maria /mary /matt /michael /mike /paul /peter /ray /robert /root /sales /sam /sandra /serg /smith /system /stan /steve /vuirusalert /ted /tom
邮件的主题可能是以下情况:
Your password has been updated
Your password has been successfully updated
You have successfully updated your password
Your new account password is approved
Your Account is Suspended
*DETECTED* Online User Violation
Your Account is Suspended For Security Reasons
Warning Message: Your services near to be closed.
Important Notification
Members Support
Security measures
Email Account Suspension
Notice of account limitation
预防:请迅速更新杀毒软件的病毒库,并配置合适的防火墙
注:该病毒警报译自Symantec JP
下一篇:Trojan.Riler.E病毒警报
本文网友评论共(0)条,显示最新5条 进入查看全部评论
