金山毒霸2009
金山清理专家
专杀工具
在线杀毒
密保
网盾
系统急救箱
ARP防火墙
病毒名:Worm.AutoRun.m.147456
本病毒所有命名:
影响系统:
Win9x,WinMe,Linux
简介:
病毒运行后会解密一段字典,用来猜测主机的密码,
行为分析:
这是一个木马下载器。它会破解电脑的管理员密码,破坏安全软件的正常运行,然后下载大量的木马程序到电脑中运行。由于该毒采用了AUTO技术,它的传播速度比较快。
:
影响系统:
Win9x,WinMe,Linux
简介:
病毒运行后会解密一段字典,用来猜测主机的密码,
行为分析:
这是一个木马下载器。它会破解电脑的管理员密码,破坏安全软件的正常运行,然后下载大量的木马程序到电脑中运行。由于该毒采用了AUTO技术,它的传播速度比较快。
描述:
病毒运行后会解密一段字典,用来猜测主机的密码,
字典内容如下:"123","1234","1234","12345","123456","1234567","12345678","123456789","1234567890","0123456789","pass","password","passwd","123pass","pass123","admin","Admin","admin123","Admin123","123qwe","administrator","administrators","sex","fuck","god","server","temp","temp123","test","test123","adsl","asdf","new","pwd","love","mylove","loveyou","home","login","xp","2000","2006","2007","2008","baby","baby123","abc","pw","wocao","wokao","wori","wogan","Guest","Administrator","Owner","Root"
病毒将自身复制到%sys32dir%w.exe中,以及每个磁盘驱动器下,名为w.exe,隐藏,建立Autorun.inf指向该文件。
添加大量的杀毒软件,安全软件的映像劫持。
创建线程,不停的检查是否存在安全软件,如果存在的话,发送关闭窗口信息到对应软件窗口,或者调用ntsd - c q -p 强制结束安全软件和杀毒软件
病毒会连接http://8****63.com下载一份txt的下载列表,按照列表下载大量的盗号软件,木马,后门
添加注册表启动,
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
指向:%sys32dir%w.exe
病毒运行后会解密一段字典,用来猜测主机的密码,
字典内容如下:"123","1234","1234","12345","123456","1234567","12345678","123456789","1234567890","0123456789","pass","password","passwd","123pass","pass123","admin","Admin","admin123","Admin123","123qwe","administrator","administrators","sex","fuck","god","server","temp","temp123","test","test123","adsl","asdf","new","pwd","love","mylove","loveyou","home","login","xp","2000","2006","2007","2008","baby","baby123","abc","pw","wocao","wokao","wori","wogan","Guest","Administrator","Owner","Root"
病毒将自身复制到%sys32dir%w.exe中,以及每个磁盘驱动器下,名为w.exe,隐藏,建立Autorun.inf指向该文件。
添加大量的杀毒软件,安全软件的映像劫持。
创建线程,不停的检查是否存在安全软件,如果存在的话,发送关闭窗口信息到对应软件窗口,或者调用ntsd - c q -p 强制结束安全软件和杀毒软件
病毒会连接http://8****63.com下载一份txt的下载列表,按照列表下载大量的盗号软件,木马,后门
添加注册表启动,
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
指向:%sys32dir%w.exe
回复
评论病毒
