Precisa de ajuda? Peça à comunidade ou contrate um perito.
Acesse a Avira Answers
Size:23.552 Bytes 
Damage:Sent by email. 
VDF Version: 

DistributionMaldal.I sends itself by email using Microsoft Outlook. The email contains:

From: %sender's email address%

Zakia Zakaria & Najati :P
Take a picture for your self (Don't be mad its only a joke)
Re:Fwd:Romantic Day
Fwd: Let's Dance & forget pains
Fwd: WoOoOoOow
Fwd: Are you looking for FUN !!!?
Fwd: The rights of women !!!
Fwd: [sex-is] HoT MoVies
Fwd: [SpanishGirlsGroup] Hola ...
Fwd: [LsbianLovers-group] Lick my asshole
Fwd: [Muzicana-Group] Download what you want
Fwd: [PussyLand-egroup] How sweet...
Fwd: [DrFun-egroup] Let's Laugh
Fwd: [FuNnY-egroup]Hehehehehe damn
Fwd: [SexyGurls-egroup] Raping a little girl
Fwd: [Scr-News-egroup] Have u ever seen BLOOD
Fwd: [Yabdoo-egroup]For HaCkers Lovers
Fwd: [Jews-egroup] Sharoon Owns The World
Fwd: [FunMaiL-group]Bush under bin laden's cock !!!
Fwd: [Teen-egroup] Three Ways For Love
Fwd: [RomanticLife-group] Learn How To Love ...
Fwd: [Gays-egroup]Oh Shittttt
Fwd: [JewsFood-egroup] Dogs Meat !!!
Fwd: [PianoMoZart-egroup] Wow Romantic
Fwd: [PussyPiss-egroup] Piss On my face :O
Fwd: [Finance-group] Do you wanna be a rich man?
Fwd: [lovedreams-egroup] love speaks from the heart ...
Fwd: [TeroNews-Group] Too Late ... Bin Laden has been killed
Fwd: [Pc.CLup-Group] Learn how to deal with DOS
Fwd:[Anal-sex-team] OOOH Faster
Fwd:[RapingTeen-eGroup] Oh My God !!!
Fwd:The demand of sex ... where does it lead us to ?
Fwd:Wow , We are the same !
Fwd:Is there any true love ?
Fwd:Have u ever seen your face?! (Funny)
Fwd:Against the power of women
Fwd:Fwd:If you care about your wife
Fwd:Say 'I Love You' in 300 languages
Fwd:Send it to every body you love ;)
Fwd:Loneliness ...
Fwd:Remember our survivors
Fwd:Tonight is... The Night Of Sex
Fwd:Change your life with Dr.Jobreee

%random name%

Technical DetailsWhen the worm is activated, a window is displayed:
"Sorry! You are not registered.
Please contact us..."

It immediately copies itself in Windows and in Windows System directory as ZaCker.pif.

A third copy is made in Windows directory as Hide.pif.

The following registry entry is made: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]NAV DefAlert=C:\WINDOWS\SYSTEM\ZaCker.pif

A couple of minutes later, the worm begins to copy itself in all directories found. Including mapped drives. These copies have the same name as their directory. For example:

Every one of these files is registered for autostart. For exp:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] TEMP=c:\%WinDIR%\temp\temp.pif oder [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] SYSTEM=c:\%WinDIR%\%SystemDIR%\system.pif

Now, the worm sends itself using Microsoft Outlook to Address Book entries.
The worm also displays the following message:
"ZaCker is N

After restarting Windows, all copies of the worm are activated and they delete all unprotected files in their directory.
Descrição enviada por Crony Walker em terça-feira, 15 de junho de 2004

Voltar . . . .