PCの修理が必要ですか?
専門家に頼む
Alias:Worm.Explore.Zip, Zipped Files, Troj.Explore.Zip
Type:Worm 
Size:210.432 Bytes 
Origin: 
Date:06-11-1999 
Damage:Spreads using Outlook, Exchange or NetScape Mail  
VDF Version:6.20.00.00 
Danger:High 
Distribution:Medium 

DistributionThe email structure:
Subject: re:[subject of the un-answered message]
Body: Hi [Name of recipient] ! I received your Email and I shall send you a reply ASAP. Till then, take a look at the attached zipped docs. Bye or sincerely [Name of the sender]
Attachment: zipped_files.exe

Technical DetailsWhen the infected attachment is opened, an error message appears on the screen.
The virus is already active and "at work". It copies itself as "Explore.exe" or "setup.exe" in System directory: %windir%\%SystemDir% (usually c:\windows\system) on Windows 9x, or %windir%\%SystemDir% (usually c:\winnt\system32) on Windows NT.
Then, it modifies WIN.INI on Windows9x, or the registry on Windows NT. Thus, the virus is activated by every system start-up. The worm can also reply to incoming emails.
It uses two "killer threads". One of them "processes" the emails, the other "empties" the files with extension: .doc, .c, .cpp, .h, .asm, .xls, .ppt. It empties the files using the Windows function "CreateFile" with 0 Byte. These "shrunk" files can not be restored, because the content is "lost". To "empty" the files, a strong harddisk activity is needed. The virus also "empties" files from mapped drives all the way to "Z:" drive ("WnetEnumResource"). The virus payload is active as long as the virus itself is in memory.
説明の挿入者 Crony Walker の 2004年6月15日火曜日

戻る . . . .
https:// このウィンドウは暗号化されています。