Besoin d’aide ? Fais appel à la communauté ou embauche un spécialiste.
Aller à Avira Answers
Alias:
Type:Worm 
Size:25.088 Bytes 
Origin: 
Date:12-01-2000 
Damage:Sent by email. 
VDF Version:6.23.00.00 
Danger:Low 
Distribution:High 

DistributionIt searches all traffic on the network or Internet for email addresses. The email has the following structure:

From: Hahaha %hahaha@sexyfun.net%

Subject: Snowhite and the Seven Dwarfs – The REAL story Branca de Neve prono! Enanito si, pero con Sque pedazo Les 7 coquir nains

Body: Today, Snowhite was turning 18. The 7 Drawfs always where very educated and polite with Snowwhite. When thy go out work at mornign, they promissed a ..... C‘ etait un jour avant son dix huitiem anniversaire. Les 7 nains, qui avaient aidé ‚blanche neige‘ toutes ves années aprés qu’elle se soit enfuit.....

Attachment: sexy virgins.scr joke.exe atchim.exe dunga.scr midgets.exe blancheneige.exe enano.exe enano porno.exe blanca de nieve.scr enanito fisgon.exe sexynain.scr blanche.scr nains.exe branca de neve.scr anáo pronó.scr famous.exe celebrity rape.exe leather.exe sex.exe hottest.exe cum.exe cumshot.exe Anna.exe Raquel Darian.exe Xena.exe Xuxa.exe Suzete.exe horny.exe anal.exe gay.exe oral.exe pleasure.exe sexy.exe hot.exe asian.exe lesbians.exe teens.exe virgins.exe boys.exe girls.exe messy.exe kinky.exe fist-fucking.exe amateurs.exe cheerleader.exe SM.exe sado.exe suck.exe orgy.exe black.exe blonde.exe sodomized.exe hardcore.exe slut.exe doggy.exe

Technical DetailsIf Windows uses WSOCK32.DLL and the worm can not change it, it makes a copy of the file, modifies the copy and using WININIT.INI, it will cause the replacement of the original with the altered file by the next system start.


Next, the worm creates a random file in Windows directory, containing its code and makes the registry entries: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]{Default} = %WinDIR%\WormName [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]{Default} = %WinDIR%\WormName

If WSOCK32.DLL is infected, the worm searches the network and the Internet through it. HYBRIS is known to have converted its own Plugins to send itself to the server.
Description insérée par Crony Walker le mardi 15 juin 2004

Retour . . . .
https:// Cet écran est crypté pour votre sécurité.