| 引用: |
【晚秋红枫的贴子】【回复“天下奇才”的帖子】
宝贝熊是什么病毒 能详细介绍一下吗?
........................... |
“宝贝熊(I-Worm.BabyBear)”病毒:“宝贝熊(I-Worm.BabyBear)”病毒:警惕程度★★★☆,蠕虫病毒,通过邮件传播,依赖系统: WIN9X/NT/2000/XP。
病毒运行时会释放几十个病毒体到C盘,文件名类似:C:\Windows\Welcome.exe、C:\jNotepad.exe、C:\Njotepad.exe等,然后病毒会假冒微软的名义,向外发送内容为:Dear Sir or Madame, We have detected that you have placed a Order for Msn8.Before we start your Service please confirm your order. To confirm your order please check the attachement. Thanks, Microsoft Corporation Support”的病毒邮件来阻塞网络,病毒发作时还会调用Rundll32.exe程序使系统重新启动。
破坏方法
1.释放自己的若干份拷贝到系统中
2.关闭机器
Rundll32.exe user,exitwindows
3.调用outlook发信,假冒微软的名誉。
信件正文参考:
Dear Sir or Madame, We have detected that you have placed a Order for Msn8.
Before we start your Service please confirm your order. To confirm your order please
check the attachement.
Thanks, Microsoft Corporation Support
释放拷贝文件参考:
C:\Windows\Welcome.exe
C:\jNotepad.exe
C:\Njotepad.exe
C:\Nojtepad.exe
C:\Notjepad.exe
C:\Notejpad.exe
C:\Notepjad.exe
C:\Notepajd.exe
C:\Notepadj.exe
C:\kNotepad.exe
C:\Noktepad.exe
C:\Notkepad.exe
C:\Notekpad.exe
C:\Notepkad.exe
C:\Notepakd.exe
C:\Notepadk.exe
C:\lNotepad.exe
C:\Nlotepad.exe
C:\Noltepad.exe
C:\Notlepad.exe
C:\Notelpad.exe
C:\Noteplad.exe
C:\Notepald.exe
C:\Notepadl.exe
C:\qNotepad.exe
C:\Nqotepad.exe
C:\Noqtepad.exe
C:\NotQepad.exe
C:\NoteQpad.exe
C:\NotepQad.exe
C:\NotepaQd.exe
C:\NotepadQ.exe
C:\WNotepad.exe
C:\NWotepad.exe
C:\NoWtepad.exe
C:\NotWepad.exe
C:\NoteWpad.exe
C:\NotepWad.exe
C:\NotepaWd.exe
C:\NotepadW.exe
C:\rNotepad.exe
C:\Nrotepad.exe
C:\Nortepad.exe
C:\Notrepad.exe
C:\Windows\Start Menu\Programs\Startup\Microsoft
Corporation.exe
C:\My Shared Folder\Norton Anti-Virus 2003 Cracked!.exe
C:\My Shared Folder\Msn 8 Full.exe
C:\My Shared Folder\Windows Xp Home Edition Key Gen.exe
C:\Nkotepad.exe
C:\My Shared Folder\Windows Xp Home Edition SP1 Serial.exe
C:\My Shared Folder\Avril vs. Madonna Video.exe
C:\My Shared Folder\Virtual Sex.exe
C:\My Shared Folder\file manager program.exe
C:\My Shared Folder\Modem Booster.exe
