Vermian virus Worm_Funny.A analyses a report (2)
Lucky star " MSN cheater " vermian virus analysis reports
Lucky star turns over virus expert to remind say, when the doubtful document that obtains good friend of QQ, MSN to be sent when the user, the software reducing toxin that must use newest version first undertakes reducing toxin, version the lucky star software of 16.47.30 above can keep clear of thoroughly this virus. In addition, lucky star still was released free " MSN cheater " virus kills a tool only, reach " QQ virus " kill a tool only.
One, virus is evaluated
1. Virus Chinese name: MSN cheater
2. Virus English name: Worm.MSN.funny
3. Virus type: Vermian virus
4. Virus risk grade: ★ of ★ ★ ★
5. Virus spreads a way: Tool of QQ/MSN instant communication
6. Virus depends on a system: Windows 9X/NT/2000/XP
2, the destruction of virus
1. Below Windows 2000/XP system, virus can revise systematic file HOSTS, screen 937 websites, the meeting when making the user lands these websites turns to Www. **78p.comwww. **78p.com, cause an user to cannot get online normally browse.
2. Below Windows 98 system, virus can replace systematic file Rundll32.exe, the likelihood causes a system to cannot close machine, break down then.
3. Use insanity of MSN, QQ to send ad message, coax user lands Www. **78p.comwww. **78p.com website.
4. Send to good friend of MSN, QQ " FUNNY.EXE " file, transmission oneself.
3, technical analysis
1. This virus uses Visual Basic language to write, had added case with ASPack2.12.
2. After moving, virus can duplicate him to WINDOWS catalog to fall, virus file name is " Rundll32.exe " , copy oneself a few to arrive below systematic catalog again, file v/arc a person's status is not IEXPLORER.EXE, explorer.exe.
3. Revise register a watch to come true to be started oneself randomly.
4. After virus moves, a few processes can move at the same time, form double process to protect, manage in the task implement in very difficult end.
5. Send to good friend of QQ, MSN " bar of a new-blown, get together in the evening, here has introductory Http://www. **78p.com, write down so that give me the telephone call " , "Friend, notice to rest more, can loosen to here loosen oh Www. **78p.comhttp://www. **78p.com " , "We also come common how, see MM, http://www. **78p.com, enough flavour! Ah! " , "Japanese is in Nanjing the ironclad proof of the massacre! Boycott day goods Http://www stoutly. **78p.com " , "10 the biggest to Chinese menace countries! List Http://www. **78p.com " , "I had seen the most beautiful video MM (does not look can not regret) , http://www. **78p.com " , "" Chinese farmer is investigated " page page tears of blood, alarm in the center of turn from Netease, http://www. **78p.com " .
Previous12 Next