需要修復電腦?
聘請專家
Alias:I-Worm.Fix2001, W32/Fix, W95/Backdoor.Fix2001, W95.Fix2001
Type:Worm 
Size:12,288 Bytes 
Origin: 
Date:01-01-2003 
Damage:Sent by email. 
VDF Version:6.xx.xx.xx 
Danger:Low 
Distribution:Low 

DistributionThe worm spreads using emails, with the following structure:

From:
"Administrator"

Subject:
"Internet problem year 2000"

Body:
Estimado Cliente:
Rogamos actualizar y/o verificar
su Sistema Operativo para el correcto
funcionamiento de Internet a partir del
A_o 2000. Si Ud. es usuario de Windows
95 / 98 puede hacerlo mediante el
Software provisto por Microsoft (C)
llamado-Fix2001- que se encuentra
adjunto en este E-Mail o bien puede ser
descargado del sitio WEB de Microsoft
(C) HTTP://WWW.MICROSOFT.COM Si Ud. es
usuario de otros Sistemas Operativos,
por favor, no deje de consultar con sus
respectivos soportes tecnicos.
Muchas Gracias.
Administrador.

English translation:
Internet Customer:
We will be glad if you verify your
Operative System(s) before Year 2000 to
avoid problems with your Internet
Connections. If you are aWindows 95 / 98
user, you can check your system using
the Fix2001 application that is attached
to this E-Mail or downloading it from
Microsoft (C) WEB Site:
HTTP://WWW.MICROSOFT.COM
If you are using another Operative System,
please don't wait until Year 2000, ask your
OS Technical Support.
Thanks.
Administrator

Attachment:
Fix2001.exe

Technical DetailsWhen activated, the worm installs itself on the local computer's Windows system directory under the same name as it was activated with. It changes the registry entry:

HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentversionRun
HKEY_LOCAL_MASHINESoftwareMicrosoftWindowsCurrentVersionRun Fix2001 = "FIX2001.EXE"

The first time it is activated, the worm shows the following message:

Y2K Ready!!
Your Internet Connection
is already Y2K, you don't
need to upgrade it.

The worm checks if there is a Windows Callback function named "AMORE_TE_AMO". This is created by the worm, for further spreading.

說明撰寫者 Crony Walker 開啟 2004年6月15日星期二

返回 . . . .
https:// 為了你的安全,此視窗已加密。