Нужен совет? Обратитесь за помощью к сообществу или специалистам.
Перейти к Avira Answers
Alias:I-Worm.Fizzer, W32/Fizzer.dll, W95/Fizzer.Keylogger, W32.HLLW.Fizzer
Size:241,664 Bytes 
Damage:Sent by email, Backdoor component, Keylogger. 
VDF Version:  

DistributionThe worm collects email addresses from Windows Address Book, cookie files, Internet temporary files and from personal folders.
The email sent by the worm has the following structure:


I thought this was interesting... rather psychedelic... found this on the net, you might like it... discothque imbrue Damn it feels good to be gangsta. The way I feel - Remy Shand Paradigm Shift WASSUP! Know Thyself Hell I love you Please discard if you don't like or agree with our present leadership... little popup remover B cannot remember Yo, WASSUP, B? an interesting program... You might not appreciate this... I think you might find this amusing... LOL check this out... hehehe question... see you tomorrow. how are you? you need to lose weight. why? kind of simple, but fun nonetheless. check it out. Ist das nicht lustig? ;) Das Wetter ist gut. Gut geschlafen? erstmal unter die dusche .. Og.. :) Wer ist hier das Schaf? Morgen uggi ;)) moin uk-world hierzu kann ich nur anmerken das fix nen Bettnsser ist huhu Camper ;)) Sandy es freut mich sehr, da du heut so gut drauf bist ;) da kannst ja gleich einen kuchen auch noch backen ;D ohje ;) hmm sandy und backen ??? heidelbeerkuchen ;) jo Camper, das kann ich auch ;) die dich nur anschnautzen kann und sonst nix ;) Message: I sent this program (Sparky) from anonymous places on the net. The way to gain a good reputation is to endeavor to be what you desire to appear. There is only one good, knowledge, and one evil, ignorance. Watchin' the game, having a bud. Did you ever stop to think that viruses are good for the economy? Maybe the primary creators of the world's worst viruses are the companies that make the Anti-Virus software. Today is a good day to die... so, how are you? the attachment is only for you to look atyou must not show this to anyone... delete this as soon as you look at it... Let me know what you think of this... If you don't like it, just delete it. thought I'd let you know you don't have to if you don't want to. Attachment: Der Attachmentname ist zufllig ausgewht und besitzt folgende Dateierweiterung: .exe .pif .com .scr

Technical DetailsWhen activated, the worm is copied into:

It creates the following files:
%WinDIR%\ProgOp.exe (15,360 Bytes).
%WinDIR%\iservc.dll (7,680 Bytes), represents the keylogger component of the worm.
%WinDIR%\data1-2.cab, contains encoded email addresses, found on the infected system.

It makes the following autostart entry in the registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "SystemInit"="%WinDIR%\iservc.exe"

And it changes the following entry: HKEY_LOCAL_MACHINE\Software\CLASSES\txtfile\shell\open\command in: @="%WinDIR%\ProgOp.exe 0 7 '%WinDIR%\notepad.exe %1''%WinDIR%\initbak.dat''iservc.exe'

The worm tries to terminate the processes that contain the following strings:

A mutex named SparkyMutex will ensure that only one version of the worm is active in the system.
The worm tries to connect to the following IRC servers:

It infects the files from KaZaA download directory. The warm also tries to reach AOL Instant Messenger (AIM) Chatroom, using various names, for receiving hacker's instructions.
It uses a HTTP server on port 81. The worm also uses port 2018, 2019, 2020 and 2021 for backdoor functions.
Описание добавил Crony Walker в(о) вторник, 15 июня 2004 г.

Назад . . . .
https:// Это окно зашифровано для вашей безопасности.