需要修復電腦?
聘請專家
Alias:Navidad.E, I-Worm.Navidad.b, W32/Navidad, W95/Navidad.16896
Type:Worm 
Size: 
Origin: 
Date:00-00-0000 
Damage:Sent by email. 
VDF Version:  
Danger:Low 
Distribution:Medium 

DistributionThe worm uses MAPI to send emails and works with Microsoft Outlook. It searches all inbox messages and answers to all messages which have an attachment. The answer email has the same subject and body as the received email. Attachment: Emanuel.exe.

Technical DetailsWhen acivated, W32/Navidad shows an error message window.
If Windows NT/2000 is installed on the system, the worm makes the following registry entry:

HKEY_CURRENT_USER\Software\Emanuel

It modifies the following registry entry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Win32BaseServiceMOD C:\Windir\Systemdir\Wintask.exe

The worm copies itself in C:\Windir\Systemdir as Wintask.exe. It changes the registry entry:

HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\exefile\shell\open\command C:\Windir\Systemdir\wintask.exe "%1" %*"

Finally, it places an icon on the shortcut menu, with the message
"Come on lets party!!!".

If the icon is clicked, a window with the following button appears:
"Nunca presionar este boton" (meaning: Never press this button).

If this button is pressed, an error message appears:
"Emmanuel-God is with us!May god bless u.And Ash,Lk and LJ!!".

If this window is closed using the X button, instead of OK, the message "May GOd bless u;D" appears.
The window is closed by pressing OK.
說明撰寫者 Crony Walker 開啟 2004年6月15日星期二

返回 . . . .
https:// 為了你的安全,此視窗已加密。