嘉定都市网

标题: 最新消息~~发现新的邮件病毒,应该是新的吧`!!!!!!!! [打印本页]
作者: 椅子    时间: 2002-7-10 13:29
标题: 最新消息~~发现新的邮件病毒,应该是新的吧`!!!!!!!!
唉~~~~亏啊 ! 昨天晚上,小弟上QQ时,QQ提示有新邮件,我就跑到邮箱里去,看看,看见一个 以 E 为标题的邮件,于是打开一看, 一段在熟悉不过的,印度阿三的一些经典语句,还有附件,是一个
E 。MP3。BAT 的文件,一开始,我已经知道是病毒可是想试试效果如何 ! 结果,呵呵,大家也知道,他是一个蠕虫病毒,慢慢消耗你的系统资源只到没有,但是我也没白死,呵呵,记下了病毒文件


注册表里修改的键值:(对比)
HKEY_LOCAL_MACHINE\\Software\\CLASSES\\exefile\shell\\open\\command\\: ""%1" %*"
HKEY_LOCAL_MACHINE\\Software\\CLASSES\\exefile\\shell\\open\\command\\: ""c:\\recycled\\phvn" %1 %*"



HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StreamMRU\\MRUListEx: 35 00 00 00 8C 00 00 00 34 00 00 00 00 00 00 00 81 00 00 00 9F 00 00 00 79 00 00 00 37 00 00 00 25 00 00 00 7E 00 00 00 23 00 00 00 8D 00 00 00 3A 00 00 00 AE 00 00 00 AB 00 00 00 8B 00 00 00 29 00 00 00 A4 00 00 00 A3 00 00 00 90 00 00 00 8F 00 00 00 97 00 00 00 C2 00 00 00 08 00 00 00 58 00 00 00 A1 00 00 00 01 00 00 00 66 00 00 00 36 00 00 00 9C 00 00 00 89 00 00 00 12 00 00 00 88 00 00 00 74 00 00 00 06 00 00 00 3B 00 00 00 6D 00 00 00 95 00 00 00 94 00 00 00 91 00 00 00 93 00 00 00 6C 00 00 00 7B 00 00 00 92 00 00 00 30 00 00 00 32 00 00 00 51 00 00 00 48 00 00 00 07 00 00 00 7C 00 00 00 5D 00 00 00 80 00 00 00 7D 00 00 00 6F 00 00 00 47 00 00 00 70 00 00 00 60 00 00 00 61 00 00 00 87 00 00 00 57 00 00 00 86 00 00 00 71 00 00 00 76 00 00 00 72 00 00 00 2E 00 00 00 78 00 00 00 AC 00 00 00 82 00 00 00 63 00 00 00 69 00 00 00 6B 00 00 00 6A 00 00 00 73 00 00 00 75 00 00 00 5F 00 00 00 5A 00 00 00 6E 00 00 00 5C 00 00 00 BE 00 00 00 A8 00 00 00 43 00 00 00 31 00 00 00 3F 00 00 00 3C 00 00 00 AA 00 00 00 03 00 00 00 0F 00 00 00 18 00 00 00 45 00 00 00 42 00 00 00 40 00 00 00 A9 00 00 00 24 00 00 00 59 00 00 00 8E 00 00 00 56 00 00 00 49 00 00 00 33 00 00 00 64 00 00 00 65 00 00 00 41 00 00 00 55 00 00 00 4D 00 00 00 5E 00 00 00 13 00 00 00 05 00 00 00 54 00 00 00 53 00 00 00 52 00 00 00 50 00 00 00 4F 00 00 00 9B 00 00 00 4A 00 00 00 4E 00 00 00 9A 00 00 00 46 00 00 00 39 00 00 00 38 00 00 00 3D 00 00 00 77 00 00 00 3E 00 00 00 0A 00 00 00 2C 00 00 00 5B 00 00 00 B2 00 00 00 1A 00 00 00 2A 00 00 00 2F 00 00 00 A2 00 00 00 2B 00 00 00 2D 00 00 00 28 00 00 00 27 00 00 00 26 00 00 00 BF 00 00 00 C0 00 00 00 22 00 00 00 A5 00 00 00 21 00 00 00 1E 00 00 00 20 00 00 00 1F 00 00 00 68 00 00 00 17 00 00 00 19 00 00 00 44 00 00 00 1D 00 00 00 09 00 00 00 02 00 00 00 1C 00 00 00 1B 00 00 00 7F 00 00 00 7A 00 00 00 99 00 00 00 98 00 00 00 15 00 00 00 C5 00 00 00 16 00 00 00 0C 00 00 00 C3 00 00 00 14 00 00 00 11 00 00 00 0B 00 00 00 0E 00 00 00 0D 00 00 00 9E 00 00 00 9D 00 00 00 62 00 00 00 67 00 00 00 96 00 00 00 10 00 00 00 C1 00 00 00 04 00 00 00 C6 00 00 00 C7 00 00 00 C4 00 00 00 4C 00 00 00 BC 00 00 00 4B 00 00 00 BD 00 00 00 BA 00 00 00 83 00 00 00 BB 00 00 00 B5 00 00 00 B6 00 00 00 B9 00 00 00 A7 00 00 00 B7 00 00 00 B8 00 00 00 A0 00 00 00 B4 00 00 00 B3 00 00 00 B1 00 00 00 B0 00 00 00 AD 00 00 00 A6 00 00 00 85 00 00 00 84 00 00 00 8A 00 00 00 AF 00 00 00 FF FF FF FF

HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StreamMRU\\MRUListEx: 00 00 00 00 9F 00 00 00 35 00 00 00 8C 00 00 00 34 00 00 00 81 00 00 00 79 00 00 00 37 00 00 00 25 00 00 00 7E 00 00 00 23 00 00 00 8D 00 00 00 3A 00 00 00 AE 00 00 00 AB 00 00 00 8B 00 00 00 29 00 00 00 A4 00 00 00 A3 00 00 00 90 00 00 00 8F 00 00 00 97 00 00 00 C2 00 00 00 08 00 00 00 58 00 00 00 A1 00 00 00 01 00 00 00 66 00 00 00 36 00 00 00 9C 00 00 00 89 00 00 00 12 00 00 00 88 00 00 00 74 00 00 00 06 00 00 00 3B 00 00 00 6D 00 00 00 95 00 00 00 94 00 00 00 91 00 00 00 93 00 00 00 6C 00 00 00 7B 00 00 00 92 00 00 00 30 00 00 00 32 00 00 00 51 00 00 00 48 00 00 00 07 00 00 00 7C 00 00 00 5D 00 00 00 80 00 00 00 7D 00 00 00 6F 00 00 00 47 00 00 00 70 00 00 00 60 00 00 00 61 00 00 00 87 00 00 00 57 00 00 00 86 00 00 00 71 00 00 00 76 00 00 00 72 00 00 00 2E 00 00 00 78 00 00 00 AC 00 00 00 82 00 00 00 63 00 00 00 69 00 00 00 6B 00 00 00 6A 00 00 00 73 00 00 00 75 00 00 00 5F 00 00 00 5A 00 00 00 6E 00 00 00 5C 00 00 00 BE 00 00 00 A8 00 00 00 43 00 00 00 31 00 00 00 3F 00 00 00 3C 00 00 00 AA 00 00 00 03 00 00 00 0F 00 00 00 18 00 00 00 45 00 00 00 42 00 00 00 40 00 00 00 A9 00 00 00 24 00 00 00 59 00 00 00 8E 00 00 00 56 00 00 00 49 00 00 00 33 00 00 00 64 00 00 00 65 00 00 00 41 00 00 00 55 00 00 00 4D 00 00 00 5E 00 00 00 13 00 00 00 05 00 00 00 54 00 00 00 53 00 00 00 52 00 00 00 50 00 00 00 4F 00 00 00 9B 00 00 00 4A 00 00 00 4E 00 00 00 9A 00 00 00 46 00 00 00 39 00 00 00 38 00 00 00 3D 00 00 00 77 00 00 00 3E 00 00 00 0A 00 00 00 2C 00 00 00 5B 00 00 00 B2 00 00 00 1A 00 00 00 2A 00 00 00 2F 00 00 00 A2 00 00 00 2B 00 00 00 2D 00 00 00 28 00 00 00 27 00 00 00 26 00 00 00 BF 00 00 00 C0 00 00 00 22 00 00 00 A5 00 00 00 21 00 00 00 1E 00 00 00 20 00 00 00 1F 00 00 00 68 00 00 00 17 00 00 00 19 00 00 00 44 00 00 00 1D 00 00 00 09 00 00 00 02 00 00 00 1C 00 00 00 1B 00 00 00 7F 00 00 00 7A 00 00 00 99 00 00 00 98 00 00 00 15 00 00 00 C5 00 00 00 16 00 00 00 0C 00 00 00 C3 00 00 00 14 00 00 00 11 00 00 00 0B 00 00 00 0E 00 00 00 0D 00 00 00 9E 00 00 00 9D 00 00 00 62 00 00 00 67 00 00 00 96 00 00 00 10 00 00 00 C1 00 00 00 04 00 00 00 C6 00 00 00 C7 00 00 00 C4 00 00 00 4C 00 00 00 BC 00 00 00 4B 00 00 00 BD 00 00 00 BA 00 00 00 83 00 00 00 BB 00 00 00 B5 00 00 00 B6 00 00 00 B9 00 00 00 A7 00 00 00 B7 00 00 00 B8 00 00 00 A0 00 00 00 B4 00 00 00 B3 00 00 00 B1 00 00 00 B0 00 00 00 AD 00 00 00 A6 00 00 00 85 00 00 00 84 00 00 00 8A 00 00 00 AF 00 00 00 FF FF FF FF
HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections\\SavedLegacySettings: 3C 00 00 00 D9 32 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections\\SavedLegacySettings: 3C 00 00 00 DA 32 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

在 C盘添加的文件
C:\\WINDOWS\\phvn.txt
C:\\WINDOWS\\phvnphvn.dll
C:\\RECYCLED\\phvn.exe



下面大家知道该如何了,小心哦~!!

       

       

此贴由 椅子 在 2002-07-10 13:32:05 最后编辑


       

       

此贴由 椅子 在 2002-07-10 13:54:00 最后编辑

作者: 古木夕阳    时间: 2002-7-10 13:39
谢谢啦1!
作者: 山涧清泉    时间: 2002-7-10 14:32
谢谢了椅子,可不可以帮我看看我输入发的问题
作者: 鱼翅汤    时间: 2002-7-10 18:12
原文由 椅子 发表
明知山有虎,偏向虎山行,嘿,结果还把老虎给打倒了,不愧是椅子!!哈哈
作者: 雨後的天空    时间: 2002-7-10 20:07
椅子你可真是时间充裕,呵呵,象偶就懒多了,知道病毒就了事了
你还居然去查他的文件,佩服啦
现在一天用多少时间电脑啊
作者: 天天宝宝    时间: 2002-7-10 22:29
谢了!
我会记住!
作者: 心情故事    时间: 2002-7-11 11:54
椅子啊,你可以把这些病毒代码发给瑞星,或者江明,如果是新病毒的话,他们会奖励你一套杀毒软件的。: )
作者: 冰封的火    时间: 2002-7-11 13:32
原文由 椅子 发表
谢谢你,我已经记录下来了,以后会留心的。
不过,这个以后恐怕要等我的新硬盘买回来以后了……我的硬盘坏掉了,低格也没有用……
作者: 椅子    时间: 2002-7-11 13:38
原文由 冰封的火 发表

为何,是不是 启动时,有一种 很轻的  “飕””飕““飕“飕“飕“飕,的声音啊,无法启动系统,就算启动了速度也很慢,
这是坏道了,快换硬盘去
作者: 心情故事    时间: 2002-7-11 14:50
各位注意,不要跑题哦。
作者: snowman    时间: 2002-7-11 14:53
谢谢啦~~~~
作者: 七心六封印    时间: 2002-7-12 07:17
那是新的吗?你用瑞星、KV3000杀过吗?可以杀吗?
作者: 乱马1/2    时间: 2002-7-18 00:12
你怎么中的病毒啊?
说大家听听,省得我也中膘!
作者: 叶雨    时间: 2002-7-22 07:59
中毒后的症状,有可能我朋友中彩了
作者: 悄悄恰恰    时间: 2002-7-22 15:26
没遇到过,我从不打开陌生的附件



欢迎光临 嘉定都市网 (http://www.jiading.com.cn/) Powered by Discuz! X3.1