RISING 瑞星
首页 » 病毒频道 » 瑞星病毒库升级报告 » 正文 rss
 资讯  病毒

15.03版新增突发病毒Bugbear等164个可查杀病毒

来源:瑞星公司 时间:2002-10-03 13:10:00

本周15.03版新增164个可查杀病毒,主要包括木马(22)和Office宏病毒(124)等。

WINDOWS下的蠕虫程序(3)

1.Worm.Bugbear-A

破坏方法:该病毒是被压缩过的运行在Windows平台下的可执行程序,大小为50688字节。病毒运行后,把自己复制到system目录下,文件名为随机的4个字母,扩展名为.EXE,释放出来的一个动态链接库文件,大小为5632字节,文件名为随机的6个字母,扩展名为.DLL,这个DLL用于钩子函数,以截获用户的密码。
    通过查注册表得到系统的“开始菜单”-->“程序”-->“启动”的路径。并复制自己到该目录下,文件名为随机的3个字母,扩展名为.EXE。并注册表里"SoftwareMicrosoftWindowsCurrentVersionRunOnce"下加入一项,保证系统重启时被执行。然后启动4个线程。

线程1:
   一直在遍历进程(一次后睡30秒),试图结束常见的反病毒软件的程序,列表如下:
ZONEALARM.EXE
WFINDV32.EXE
WEBSCANX.EXE
VSSTAT.EXE
VSHWIN32.EXE
VSECOMR.EXE
VSCAN40.EXE
VETTRAY.EXE
VET95.EXE
TDS2-NT.EXE
TDS2-98.EXE
TCA.EXE
TBSCAN.EXE
SWEEP95.EXE
SPHINX.EXE
SMC.EXE
SERV95.EXE
SCRSCAN.EXE
SCANPM.EXE
SCAN95.EXE
SCAN32.EXE
SAFEWEB.EXE
RESCUE.EXE
RAV7WIN.EXE
RAV7.EXE
PERSFW.EXE
PCFWALLICON.EXE
PCCWIN98.EXE
PAVW.EXE
PAVSCHED.EXE
PAVCL.EXE
PADMIN.EXE
OUTPOST.EXE
NVC95.EXE
NUPGRADE.EXE
NORMIST.EXE
NMAIN.EXE
NISUM.EXE
NAVWNT.EXE
NAVW32.EXE
NAVNT.EXE
NAVLU32.EXE
NAVAPW32.EXE
N32SCANW.EXE
MPFTRAY.EXE
MOOLIVE.EXE
LUALL.EXE
LOOKOUT.EXE
LOCKDOWN2000.EXE
JEDI.EXE
IOMON98.EXE
IFACE.EXE
ICSUPPNT.EXE
ICSUPP95.EXE
ICMON.EXE
ICLOADNT.EXE
ICLOAD95.EXE
IBMAVSP.EXE
IBMASN.EXE
IAMSERV.EXE
IAMAPP.EXE
FRW.EXE
FPROT.EXE
FP-WIN.EXE
FINDVIRU.EXE
F-STOPW.EXE
F-PROT95.EXE
F-PROT.EXE
F-AGNT95.EXE
ESPWATCH.EXE
ESAFE.EXE
ECENGINE.EXE
DVP95_0.EXE
DVP95.EXE
CLEANER3.EXE
CLEANER.EXE
CLAW95CF.EXE
CLAW95.EXE
CFINET32.EXE
CFINET.EXE
CFIAUDIT.EXE
CFIADMIN.EXE
BLACKICE.EXE
BLACKD.EXE
AVWUPD32.EXE
AVWIN95.EXE
AVSCHED32.EXE
AVPUPD.EXE
AVPTC32.EXE
AVPM.EXE
AVPDOS32.EXE
AVPCC.EXE
AVP32.EXE
AVP.EXE
AVNT.EXE
AVKSERV.EXE
AVGCTRL.EXE
AVE32.EXE
AVCONSOL.EXE
AUTODOWN.EXE
APVXDWIN.EXE
ANTI-TROJAN.EXE
ACKWIN32.EXE
_AVPM.EXE
_AVPCC.EXE
_AVP32.EXE

线程2:
    局域网传染,遍历所有的网络资源,找到后尝试这些动作。
把自己复制到\xxxxx$CDocuments and Settingsxxxx「开始」菜单程序启动(机器名)
(用户名)

线程3:
    向外发送邮件。邮件没有正文,附件为病毒自身,邮件的标题是下列字符串的一种:
Hello!
update
Payment notices
Just a reminder
Correction of errors
history screen
Announcement
various
Introduction
Interesting...
I need help about script!!!
Please Help...
Report
Membership Confirmation
Get a FREE gift!
Today Only
New Contests
Lost & Found
bad news
fantastic
click on this!
Market Update Report
empty account
My eBay ads
25 merchants and rising
CALL FOR INFORMATION!
new reading
Sponsors needed
SCAM alert!!!
Warning!
its easy
free shipping!
Daily Email Reminder
Tools For Your Online Business
New bonus in your cash account
Your Gift
$150 FREE Bonus!
Your News Alert
Get 8 FREE issues - no risk!
Greets!

附件的文件名是被染毒机器上的某个文件名,可能含有如下字符串:
Readme
Setup
Card
Docs
News
Image
Images
Pics
Resume
Photo
Video
Music
Song
Data
附件的文件名有两个扩展名,最后一个扩展名是 EXE,SCR 或 PIF. 

线程4:
    开了个端口:36794,通过SMTP向外发送用户的一些机密信息,如用户名,用户密码等。

2.Worm.Bugbear-A.dll
破坏方法:Worm.Bugbear-A释放出的动态库,用于窃取用户的机密信息。

3.Worm.Nimda.e.bad

WINDOWS下的木马程序(22)

4.Trojan.netspy.internat.enc
破坏方法:将自己拷贝到系统目录下命名为internat.exe,rigisterserviceprocess保留记录到winlog.dll中。

5.Trojan.Mailff
破坏方法:此病毒启动后将自己拷贝到系统目录下并改名为system32.exe,修改注册表的run项,自启动。

6.Trojan.Startpage.e
破坏方法:启动后将自己拷贝到系统目录下,修改注册表,自启动。

7.Trojan.Startpage.harm
破坏方法:木马释放出来的,运行后将桌面禁止。

8.Trojan.binghe2002f.client
破坏方法:木马程序的客户端。

9.Trojan.Screencut
破坏方法:在系统上留后门。

10.Trojan.PSW.Horse.d
11.Trojan.PSW.MMTask.b
12.Trojan.PSW.Pec.b
13.Trojan.PSW.Ravenpass.a
14.Trojan.PSW.Speedup
15.Trojan.PSW.Tapiconf
16.Trojan.psw.thg.c
17.Trojan.binghe2002f
18.Trojan.CqBeye.enc
19.Trojan.CqBeye
20.Trojan.dk.26.Client
21.Trojan.dk.26
22.Binder.Mutibinder
23.Trojan.WebCT2
24.Trojan.psw.isphack
25.Trojan.psw.pmail.a

Office宏病毒(124)

26.Macro.Excel.Quarantine
27.Macro.Excel97.Laroux.jo.b
28.Macro.Excel97.Perfid
29.Macro.Excel97.Police.a
30.Macro.Excel97.Reten
31.Macro.Excel97.Roh
32.Macro.Excel97.Rust.b
33.Macro.Excel97.SpellChecker
34.Macro.Excel97.Squared
35.Macro.Excel97.Sugar.f
36.Macro.Excel97.Tabej.c
37.Macro.Excel97.Tjoro
38.Macro.Excel97.Trojan.V2.XS
39.Macro.Excel97.Vcx.j
40.Macro.Project.Eikrad
41.Macro.Word.AntiWazzu.o
42.Macro.Word.AntiWazzu
43.Macro.Word.Azrael.a.o
44.Macro.Word.Azrael.a
45.Macro.Word.Azrael.b
46.Macro.Word.Bond.b
47.Macro.Word.Bond
48.Macro.Word.Box.h
49.Macro.Word.CBA.b
50.Macro.Word.CBA
51.Macro.Word.Chaka.a
52.Macro.Word.Chaka.b
53.Macro.Word.Chaka
54.Macro.Word.Concept.ay
55.Macro.Word.CoolZero.o
56.Macro.Word.CoolZero.Word97
57.Macro.Word.Counter.o
58.Macro.Word.Crypt.o
59.Macro.Word.Delword.o
60.Macro.Word.Dietzel.o
61.Macro.Word.GreenBay
62.Macro.Word.KillPort.b
63.Macro.Word.KillPort
64.Macro.Word.Tamago
65.Macro.Word.TWNO.ad
66.Macro.Word97.Aos
67.Macro.Word97.Appder.ag
68.Macro.Word97.Autodestructor
69.Macro.Word97.Bawl.b
70.Macro.Word97.Beauty.a
71.Macro.Word97.Beauty.b
72.Macro.Word97.Destino
73.Macro.Word97.Dig
74.Macro.Word97.Dihlo
75.Macro.Word97.Dile
76.Macro.Word97.Dmv.f
77.Macro.Word97.Dmv
78.Macro.Word97.Evolution.b
79.Macro.Word97.Evolution.c
80.Macro.Word97.Farewell
81.Macro.Word97.Goober.e
82.Macro.Word97.GoodLuck-based
83.Macro.Word97.Grac.b
84.Macro.Word97.Gullible
85.Macro.Word97.Hat
86.Macro.Word97.Havix
87.Macro.Word97.Head
88.Macro.Word97.HeadHunter
89.Macro.Word97.Minimal.am
90.Macro.Word97.Minimal.ao
91.Macro.Word97.Minimal.ap
92.Macro.Word97.Minimal.aq
93.Macro.Word97.Minimal.ar
94.Macro.Word97.Minimal.as
95.Macro.Word97.Minimal.at
96.Macro.Word97.Minimal.au
97.Macro.Word97.Minimal.av
98.Macro.Word97.Minimal.aw
99.Macro.Word97.Minimal.ax
100.Macro.Word97.Minimal.ay
101.Macro.Word97.Minimal.az
102.Macro.Word97.Minimal.b
103.Macro.Word97.Minimal.ba
104.Macro.Word97.Minimal.bb
105.Macro.Word97.Minimal.bc
106.Macro.Word97.Minimal.bt
107.Macro.Word97.Minimal.bu
108.Macro.Word97.Minimal.d
109.Macro.Word97.Minimal.ha
110.Macro.Word97.Minimal.i
111.Macro.Word97.Minimal.n
112.Macro.Word97.Minimal.p
113.Macro.Word97.Minimal.r
114.Macro.Word97.Minimal.vw
115.Macro.Word97.Minimal.z
116.Macro.Word97.Mirat.b
117.Macro.Word97.Mirat.e
118.Macro.Word97.Mirat.f
119.Macro.Word97.Mirat
120.Macro.Word97.Mischief
121.Macro.Word97.Missionary
122.Macro.Word97.Mlsoun
123.Macro.Word97.Mmkv
124.Macro.Word97.Model.e
125.Macro.Word97.Mono
126.Macro.Word97.Mtrue.d
127.Macro.Word97.Mtrue
128.Macro.Word97.Multi
129.Macro.Word97.Multino.b
130.Macro.Word97.MultiVirus.2
131.Macro.Word97.MultiVirus.3
132.Macro.Word97.MultiVirus.5
133.Macro.Word97.Murke.d
134.Macro.Word97.Mush
135.Macro.Word97.Mxfiles.g
136.Macro.Word97.Myco.a
137.Macro.Word97.Tiger
138.Macro.Word97.Tips.b
139.Macro.Word97.Tips
140.Macro.Word97.Titasic.b
141.Macro.Word97.Titasic.d
142.Macro.Word97.Titasic.j
143.Macro.Word97.Titasic.k
144.Macro.Word97.Titasic.m
145.Macro.Word97.Titasic.n
146.Macro.Word97.Titasic.o
147.Macro.Word97.Titasic
148.Macro.Word97.Zmk.r
149.Macro.Word97.Mxfiles

WINDOWS下的黑客工具(8)

150.Hack.aspcode
破坏方法:iis asp缓冲溢出攻击程序。

151.Hack.OicqHack
破坏方法:使用穷举,字典试探OICQ密码。

152.Hack.pwGrabber.a
破坏方法:黑客工具,用于窃取oicq的密码。

153.Hack.FakePing
破坏方法:用icmp攻击别人的工具。

154.Hack.wzs
破坏方法:搜索局域网内的共享的工具。

155.Hack.Fluxay
156.Hack.HAll
157.Hack.HSer

DOS下的COM病毒(3)

158.DosCom.Virus.Grunt.529
159.DosCom.Virus.Gu.1500.o
160.DosCom.Virus.sxplorer
依赖系统: DOS。

WINDOWS下的PE病毒(2)

161.Win32.Velost.1186
破坏方法:无破坏。
传播途径:执行是感染。
发作现象:无发作现象。

162.Win32.Weird.d
破坏方法:无破坏。
传播途径:执行文件时传染。
发作现象:无发作现象。

脚本病毒(2)

163.Bat.adious.boyGirl
164.Script.igmp

相关文章

推荐阅读