Worm.Holar.a.enc_病毒数据库

病毒名称: Worm.Holar.a.enc 类别：蠕虫病毒病毒资料：      破坏方法：

    Visual Basic写的病毒，是一个通过自己的SMTP引擎或微软的Outlook传播的蠕虫。

    一旦执行，病毒将：

    1.显示一个虚假的消息。

    2.可能创建一个文件夹：％WINDIR％\Sys32s,并复制自己为：ZaCker.exe 到此目录下。

    同时复制自己到系统目录下：％SYSDIR％\MizZabbat32.exe.

    可能创建如下文件：

    ％SYSDIR％\Syschk.exe：这是病毒传播的组件。
    ％SYSDIR％\Smtp.Ocx： SMTP 库
    ％SYSDIR％\Runhelp.cab：包含文件： runhelp.inf
    ％WINDIR％\Sys32s\Runhelp.cab
    ％WINDIR％\Web\Folder.htt

    3.可能添加如下值：

    "SystemChecker"="％SYSDIR％\Syschk.exe"

    到注册表的启动项：

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrenVersion\Run

    这样病毒就可以随系统自启动。

    可能添加值：

    "Cya"

    到注册表键值：

    HKEY_CURRENT_USER 下

    4.病毒从internet的暂存目录下、微软outlook地址薄、
    Yahoo Messenger和下列扩展名的文件中搜索email地址：
    .asf, .avi, .doc, .jpg, .mdb, .mpe, .mpeg, .mpg, .pps, .ram, .rar, or .xls.
    病毒使用自己的 SMTP 引擎或 Outlook 发送带毒邮件到搜索到的地址。

    病毒的邮件消息可能有如下内容：

    hey
    Check this out ;)
    Hey
    I thought you trusted me but ...
    i haven't ever thought i should send u my briefcase to gain ur Trust .
    Have it all :) bye
    Hey Wussap?

    Here is the Emmy ;) Dont tell Sam aBT it
    Cya
    Another one?
    Heyyyy
    I lost the other email , anyway i sent u all u need
    Cya
    Hey
    i have just got it , plz tell me if u need more.
    bye
    Heyyyyyyyy Lola Wussaaap??
    I forgot to tell u , the other file is with Sam:) bye
    YO DUMP , IM SICK OF UR EMAILS , IF U LOSE IT
    AGAIN I WONT GIVE IT TO U, SAVE IT
    BYEEE
    Hey wussap?
    i lost Sara's Email plzz send this file to her :)
    and tell her i can't be online tonight
    Bye
    heyyy
    I can't be online tonight :(
    anyway , i sent u something u r gonna love ;)
    cya tomorrow
    Hi
    i just wanted to say sorry for last night
    and .. i wish u accept this as an apology
    bye dear
    elegant ppl should satisfy thier taste with elegant things ;)
    Wait for more :)
    I've got your email , but you forgot to upload the attachments.
    Don't be selfish , i sent you all the files i have, send me anything :(
    bye
    heyyyy
    i tried many times to send u this email but ur account
    was out of storage as i think
    any way , make sure that i didn't and i won't forget u :)
    Cya Forgotten :P
    i thing the subject is enough to describe the attached file !
    check it out and replay your opinion
    Cya
    Hiiiiiii
    i've got this surprise from a friend :)
    it really deserves a few minutes of your time.
    Bye
    Never mind !
    Attatchments
    See the attatched file
    you seem to be mad @ me coz i didn't send u anything for along time,
    i didn't forget u , but i was kinda busy , i've got all of ur emails
    thanx :) and i hope u accept this one as an apology.

    gift :)
    Surprise!
    Hi
    i'm fine , thanx for aSKINg :)
    and thanx for the nice attachements.
    but unfortunately, i don't remember you
    i will be waiting for u emaill to remind me of your self.
    Hummm , i hope u accept this show as an apology.
    bye
    save it for hard times
    Happy Times :)
    Useful
    Very funny
    hey wuts up?
    i found this amazing file in my Recycled , i know u love this kind of things ;)
    cyaaa
    you have to see this!
    amazing!
病毒的清除法：使用光华反病毒软件，彻底删除。病毒演示：病毒FAQ：      Windows下的PE病毒。
发现日期： 2003-12-1