Ha bisogno di assistenza? Chieda alla community oppure consulti un esperto.
Vai ad Avira Answers
Alias:VBS/Anthrax
Type:Worm 
Size:
Origin: 
Date:10-22-2001 
Damage:Sent by email. 
VDF Version:6.23.00.00 
Danger:Low 
Distribution:Medium 

DistributionVBS/Lee-ATX spreads via Outlook, using the Outlook Address Book or via chta program mIRC and/or PIRCH. An email sent by the worm looks like this:

Subjekt:
Antrax Info

Body:
The email body can vary according to the version. The text can be the following:

- si no sabes que es el antrax o cuales son suss efectos aqui te mando una foto para que veas los efectos que tiene
Nota: la foto esta un poco fuerte
- Aqui te mando este documento para que sepas que es y cuales son effectos des „Antrax“
- como ahorita esta de moda hablar sobre el antrax aqui les mando una foto de un enfermo terminal


Attachment:

antraxinfo.vbs
antrax.jpg.vbs
antrax.doc.vbs


Technical DetailsVBS/Lee-ATX sends itself to all email addresses found in Outlook Address Book.
When the attachment is opened, first the worm copies itself in Windows system directory as ANTRAXINFO.VBS. Then, the worm modifies the registry, so that it is activated by Windows start:

HKML\Software\Microsoft\Windows\CurrentVersion\Run\antraxinfo =“wscript.exe C:\Windows\System\antraxinfo.vbs %“

The worm tries to send itself by email, using Outlook Address Book, to all entries found in it. After doing this, the worm makes the following registry entry:

HKCU\Software\Antrax\Mailed = “1“

If the worm finds the mIRC chat program on C:\MIRC or C:\MIRC32, it searches for MIRC.INI file in these directories and if found, creates SCRIPT.INI file and makes the registry entry:

HKCU\Software\Antrax\Mirqued = “1“

If the worm finds Pirch chat program on C:\PIRCH or C:\PIRCH32, it creates EVENTS.INI file, for ensuring that the ANTRAXINFO.VBS will be sent by Pirch when it is next launched. Then, the following registry entry is made:

HKCU\Software\Antrax\Pirched = “1“

If VBS/Lee-ATX is opened on January 26th, a message window appears:
Antrax Worm By wAsEk

All .VBS and .VBE files will be overwritten with the virus code.
Descrizione inserita da Crony Walker su martedì 15 giugno 2004

Indietro . . . .
https:// Questa finestra è criptata per tua sicurezza.