PCの修理が必要ですか?
専門家に頼む
Alias:WORM_WINUR.A [Trend], W32/Winur.worm.a [McAfee], Worm.P2P.Winur [KAV]
Type:Worm 
Size:61,440 Bytes 
Origin: 
Date:00-00-0000 
Damage:Spreads over shared KaZaA and WinMX programs. 
VDF Version:  
Danger:Low 
Distribution:Medium 

DistributionWorm/Banuris.P2P tries to spread over shared KaZaA and WinMX programs.

Technical DetailsWhen activated, Worm/Banuris.P2P copies itself in two files
C:\klez_removal.exe
A:\Important - read this.doc %62 spaces% .exe
It creates the hidden directory C:\Winrun. Then it copies itself in this directory, as:
.exe
Adobe Photoshop cracker.exe
Age of Empire crack.exe
Age of Mythology cracker.exe
All Microsoft games cracker.exe
Anastacia game.exe
AOL hacker.exe
AOL password stealer.exe
Britney spears game.exe
Bugbear remover.exe
Christina Aguilera game.exe
Die another Day DVD full.exe
Die another day flash movie(1).exe
Die another day flash movie.exe
Dvd ripper.exe
EA games Keygen.exe
Esafe desktop protection crack.exe
Frontpage cracker.exe
Hotmail account hacker in 30 minutes.exe
Hotmail hacker.exe
Hotmailhacker v1.0.exe
ICQ hacker.exe
ICQ password stealer.exe
Jack the ripper v1.0.exe
Jackie chan dvd collection.exe
James Bond game - Die another day.exe
John the ripper v1.0.exe
Justin Timberlake Debute movie.exe
kazaa.exe
kazaa.url.exe
Klez fixtool.exe
Lord of the rings VCD.exe
Love calculator.exe
Mcafee virusscanner crack.exe
Microangelo cracker.exe
Most important hacker tool ever!.exe
msconfig.exe
MSN Messenger commercial cracker.exe
MSN Password stealer.exe
MXlinx 0.30 crack.exe
Nikki cox game and movie.exe
Norton antivirus cracker.exe
Office XP license cracker.exe
pornmovie (hardcore sex adult asian).exe
Red Alert cracker - All versions.exe
Rollercoaster tycoon cracker.exe
Shriek DVD crack patch.exe
Stop the war (intro).exe
Super 2000key keygen.exe
Theme park world cracker.exe
UnIcOrn Gift.exe
Warcraft 3 cracker.exe
Website hacker v1.0.exe
Windows Me crack.exe
Windows XP license cracker.exe
Yaha Fixtool.exe

It makes the registry entries:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run msconfig C:\winrun\msconfig.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices winrun c:\winrun\msconfig.exe So wird der Wurm bei jedem Systemstart erneut gestartet.

and also:
HKEY_LOCAL_MACHINE\Software\Microsoft\essengerService\Policies "IMWarning"="(M)Warning: The person who you are talking to is infected with a virus. Send him the removal tool that can be found in C:\klez_removal.exe(M)"
This creates a warning message in MSN Messanger, encouraging the user to send a copy of the worm to all Contacts.

It reduces the security level for KaZaA shared software, by modifying the registry entries:
HKEY_CURRENT_USER\Software\KAZAA\\AdvancedScanFolder 0x00000001 HKEY_USERS\.DEFAULT\Software\KAZAA\AdvancedScanFolder 0x00000001 HKEY_CURRENT_USER\Software\KAZAA\InstantMessagingIgnoreAll 0x00000001 HKEY_USERS\.DEFAULT\Software\KAZAA\InstantMessagingIgnoreAll 0x00000001 HKEY_CURRENT_USER\Software\KAZAA\UserDetailsAutoConnected 0x00000001 HKEY_USERS\.DEFAULT\Software\KAZAA\UserDetailsAutoConnected 0x00000001 HKEY_CURRENT_USER\Software\KAZAA\SettingsFolderWarning 0x00000000 HKEY_USERS\.DEFAULT\Software\KAZAA\Settings FolderWarning 0x00000000 HKEY_CURRENT_USER\Software\KAZAA\LocalContent dir0 13263:C:\Winrun DisableSharing 0x00000000
HKEY_CURRENT_USER\Software\KAZAA\LocalContentdir0 13263:C:\Winrun DisableSharing 0x00000000
HKEY_CURRENT_USER\Software\KAZAA\ResultsFilter
adult_filter_level 0x00000000 bogus_filter 0x00000000 fiwewall_fileter 0x00000000 virus_filter 0x00000000
HKEY_USERS\.DEFAULT\Software\KAZAA\ResultsFilter adult_filter_level 0x00000000 bogus_filter 0x00000000 fiwewall_fileter 0x00000000 virus_filter 0x00000000
HKEY_CURRENT_USER\Software\KAZAA\SettingsQuarantine %WinDIR%\%StartupPath% HKEY_USERS\.DEFAULT\Software\KAZAA\SettingsQuarantine %WinDIR%\%StartupPath%

The worm creates the following files:
C:\Autostart.bat
C:\Ntwrk32.dll
説明の挿入者 Crony Walker の 2004年6月15日火曜日

戻る . . . .
https:// このウィンドウは暗号化されています。