登入
歡迎您,
Language:
繁體中文
English
Deutsch
Français
Español
Italiano
Português
Русский
日本語
简体中文
繁體中文
欲瞭解有關我們公司和產品的更多資訊,
請訪問我們的全球網站
。
家庭及個人防護
企業資訊安全
技術支援
聯絡我們
Search
需要修復電腦?
聘請專家
摘要
病毒說明
統計資料
Alias:
Win32.Weird, W95.Weird
Type:
Worm
Size:
Origin:
Date:
00-00-0000
Damage:
W95/Weird.10240.a creates various files.
VDF Version:
Danger:
Low
Distribution:
Low
Technical Details
W95/Weird.10240.a inserts a hidden process, opens an IP address and waits for instructions. This hidden process resembles other Client/ Server Trojans, as NetBus, Backdoor and BackOrifice.
When the infected file is opened, the virus creates a 10KB file in C:\WinDIR containing the virus code. The name of this file is based on the computer name of the infected system. This file contains the server application.
Then, the virus creates a copy of Explorer.exe in C:\WinDIR. This file has the same name, but another extension, as for example Explorer.3. This new file is infected and it replaces Explorer.exe using an entry in WININIT.INI. When Windows is restarted, the infected version of Explorer is activated.
Supplementary information, for Windows 2000 users only:
It looks like the virus can not infect Windows 2000 systems. It can not create the 10KB file in \Winnt. But it makes a virus copy of Explorer.exe in \Windows. It still makes the entry in WININIT.INI, which supposedly replaces Explorer.exe with the infected file when Windows restarts. But it does not happen and the WININIT.INI remains unchanged.
說明撰寫者 Crony Walker 開啟 2004年6月15日星期二
返回
.
.
.
.
我的帳戶
https
://
為了你的安全,此視窗已加密。
登入
忘記密碼
重設密碼
我的個人檔案
產品
付款歷程記錄
通知
密碼重設
聯絡我們
登出
