PCの修理が必要ですか?
専門家に頼む
????Worm/Minusia.A
????22/03/2006
??????
????????
?????
?????????
????????????
??????????????
VDF???????6.34.00.83

 ???? ????
   • E???
   • ???????????


??
   •  Symantec: W32.Renama.A@mm
   •  Kaspersky: Email-Worm.Win32.Minusi.a
   •  Sophos: W32/Minusia-A
   •  Bitdefender: Win32.Minusia.A


????????/OS?
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


???
   • ???????????
   • ?????????
   • ??????????????


???????????????????????????????????





   If in victim machine, in %WINDIR%\ exists a file with the following name, muhammad_is_my_prophet.txt, the worm would not infect the machine.
   

 ???? ??????????????????
   • %SYSDIR%\svchost.exe
   • %WINDIR%\safemode.exe
   • %SYSDIR%\ERSvc.exe
   • %WINDIR%\mmsg\mcAfee.Update.exe.exe
   • %WINDIR%\Config\Easy.Windows.Monitoring.exe.exe
   • %WINDIR%\Config\system.update.exe.exe
   • %WINDIR%\mmsg\mmsg\mmsg.exe.exe
   • %?????????????%\listname_of_terrorist.exe



???????????????

%WINDIR%\system_log.txt ?????????????????????????????
   • MUHAMMAD ADALAH MANUSIA .............!!!!!!
     MUHAMMAD BUKAN MALAIKAT, DEWA, ATAU BAHKAN TUHAN...!!!!!
     TAPI DIA ADALAH PANUTAN SETIAP UMMAT MANUSIA, KARENA DIA ADALAH NABIULLAH..!!!
     KAMI MENGHORMATI MUHAMMAD SEBAGAI NABI DAN PEMIMPIN KARENA TINDAKANNYA YANG 99% BENAR
     BUKAN SEBAGAI DEWA, MALAIKAT ATAU BAHKAN TUHAN....!!!!
     SEBAGAIMANA KAMI MENGHORMATI NABI ISA DAN NABI-NABI LAIN
     KENAPA...????
     KARENA MEREKA ADALAH MANUSIA JUGA
     JADI MOHON JANGAN MENCARI-CARI KESALAHAN DAN KENISTAANNYA
     YANG MUHAMMAD BERISTRI BANYAKLAH, MENGEKANG WANITA-LAH DAN LAIN-LAIN
     PAKAILAH LOGIKA, NISCAYA AKAN DAPAT KEBENARANNYA
     .......................................................
     JADI, MOHON JANGAN HINA NABI-NABI KAMI...!!!
     KARENA MAREKA ADALAH NABI-NABI KALIAN JUGA..!!!!
     _________________________________________________________________________________________
     
     AKU AKAN BERHENTI JIKA ANDA MENYATAKAN SIAPA NABI KALIAN.....
     AKU AKAN BERHENTI JIKA ANDA MENYATAKAN SIAPA NABI KALIAN.....
     AKU AKAN BERHENTI JIKA ANDA MENYATAKAN SIAPA NABI KALIAN.....
     
     IF YOU DON'T UNDERSTAND, PLEASE TRANSLATE IN YOU LANGUAGE

%WINDIR%\Registry1.dll ??????????????????????????????????
%WINDIR%\Registry1.dll ??????????????????????????????????

 ????? ??????????????????????????????????????????????????

  [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "mcAfee.Instan.Update"="%WINDIR%\mmsg\mcAfee.Update.exe.exe"
   • "KasperskiLab"="%WINDIR%\Config\Easy.Windows.Monitoring.exe.exe"
   • "MsnMsgr"="%PROGRAM FILES%\MSN Messenger\MsnMsgr.Exe .exe
   • "MSMSGS"="%PROGRAM FILES%\Messenger\msmsgs.exe .exe"

  [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   • "HotKeysCmds"="%WINDIR%\Config.system.update.exe.exe"



??????????????????????????????????????????

[HKLM\SYSTEM\ControlSet001\Services\srservice]
   • "Type"=dword:00000020
     "Start"=dword:00000002
     "ErrorControl"=dword:00000001
     "ImagePath"=%SYSDIR%\svchost.exe
     "DisplayName"="System Restore Service"
     "DependOnService"=RpcSs
     "DependOnGroup"=%hex?%
     "ObjectName"="LocalSystem"
     "Description"="Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties"

[HKLM\SYSTEM\ControlSet001\Services\srservice\Parameters]
   • "ServiceDll"=%SYSDIR%\srsvc.dll

[HKLM\SYSTEM\ControlSet001\Services\srservice\Security]
   • "Security"=%hex?%

[HKLM\SYSTEM\ControlSet001\Services\srservice\Enum]
   • "0"="Root\\LEGACY_SRSERVICE\\0000"
     "Count"=dword:00000001
     "NextInstance"=dword:00000001

[HKLM\SYSTEM\ControlSet001\Services\ERSvc]
   • "DependOnService"=RpcSs
     "Description"="Allows error reporting for services and applictions running in non-standard environments."
     "DisplayName"="Error Reporting Service"
     "ErrorControl"=dword:00000000
     "ImagePath"=%SYSDIR%\ERSvc.exe
     "ObjectName"="LocalSystem"
     "Start"=dword:00000002
     "Type"=dword:00000020

[HKLM\SYSTEM\ControlSet001\Services\ERSvc\Parameters]
   • %SystemRoot%\System32\ersvc.dll

[HKLM\SYSTEM\ControlSet001\Services\ERSvc\Security]
   • "Security"=%hex?%

[HKLM\SYSTEM\ControlSet001\Services\ERSvc\Enum]
   • "0"="Root\\LEGACY_ERSVC\\0000"
     "Count"=dword:00000001
     "NextInstance"=dword:00000001



???????????????????

[HKCU\Identities\%CLSID%\Software\Microsoft\Outlook Express\
   5.0\Mail]
   • "Warn on Mapi Send"=dword:00000000



???????????????????

[HKCU\Software\Policies\Microsoft\Windows\System]
   ????
   • "DisableCMD"=dword:00000001

Regedit??????????????????????????????
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System]
   ????
   • "DisableRegistryTools"=dword:00000001
   • "DisableTaskMgr"=dword:00000001

 E??? MAPI(Messaging Application Programming Interface)????????????????????????


??
??????
   • %????????%,your name is listed in terrorism organisation..!!!
   • %????????%,this file from me,%????????%,
   • %????????%,Namamu termasuk dalam daftar terrorist..!!



??
–  ??????????????????????
???????????????????

   • This attachment contain listname of terrorist..!!!
     hope you can be carrefull if you find one of them..!!!!
     or you can reply this email to me after you read the attachment
     thank's...!!!
     

   • jika anda nggak percaya atau kurang yakin, coba baca list attachment ini..!!!
     ini sangat urgent..!!!!
     saya harap dengan begini kita nggak ada salah paham
     thank's...!!!

   • if you are not sure, please read attachment bellow, and please reply to me..!!!
     this message is very urgent..!!!!
     hope we don't have miss understanding
     thank's...!!!


??????
???????????
   • %????????%.zip
   • %????????%.exe
   • listname_of_terrorist.exe

??????????????????????

?????????????????????????????

 ???????? ???????????????????????????????????????????


IP??????
?????IP????????????????2??8????????????????????????????

 ?????? ???????????????
   • cmd.exe; mmc.exe; msconfig.exe; MIRC.EXE; MIRC.exe; mirc.exe;
      EXCEL.EXE; EXCEL.exe; excel.exe; WINWORD.EXE; WINWORD.exe; winword.exe


 ??????? ???????????
??? 28/02/2006
??? 13:51:45

説明の挿入者 Andrei Ivanes の 2006年3月22日水曜日
説明の更新者 Andrei Ivanes の 2007年9月21日金曜日

戻る . . . .
https:// このウィンドウは暗号化されています。