需要修復電腦?
聘請專家
Alias:WORM_WINUR.A [Trend], W32/Winur.worm.a [McAfee], Worm.P2P.Winur [KAV]
Type:Worm 
Size:61,440 Bytes 
Origin: 
Date:00-00-0000 
Damage:Spreads over shared KaZaA and WinMX programs. 
VDF Version:  
Danger:Low 
Distribution:Low 

DistributionWorm/Banuris.P2P.1 tries to spread over shared KaZaA and WinMX programs.

Technical DetailsWhen activated, Worm/Banuris.P2P.1 is copied in two files:
C:\klez_removal.exe
A:\Important - read this.doc %62 spaces% .exe
It makes the hidden directory C:\Winrun and copies itself on this directory as:
.exe Adobe Photoshop cracker.exe Age of Empire crack.exe Age of Mythology cracker.exe All Microsoft games cracker.exe Anastacia game.exe AOL hacker.exe AOL password stealer.exe Britney spears game.exe Bugbear remover.exe Christina Aguilera game.exe Die another Day DVD full.exe Die another day flash movie(1).exe Die another day flash movie.exe Dvd ripper.exe EA games Keygen.exe Esafe desktop protection crack.exe Frontpage cracker.exe Hotmail account hacker in 30 minutes.exe Hotmail hacker.exe Hotmailhacker v1.0.exe ICQ hacker.exe ICQ password stealer.exe Jack the ripper v1.0.exe Jackie chan dvd collection.exe James Bond game - Die another day.exe John the ripper v1.0.exe Justin Timberlake Debute movie.exe kazaa.exe kazaa.url.exe Klez fixtool.exe Lord of the rings VCD.exe Love calculator.exe Mcafee virusscanner crack.exe Microangelo cracker.exe Most important hacker tool ever!.exe msconfig.exe MSN Messenger commercial cracker.exe MSN Password stealer.exe MXlinx 0.30 crack.exe Nikki cox game and movie.exe Norton antivirus cracker.exe Office XP license cracker.exe pornmovie (hardcore sex adult asian).exe Red Alert cracker - All versions.exe Rollercoaster tycoon cracker.exe Shriek DVD crack patch.exe Stop the war (intro).exe Super 2000key keygen.exe Theme park world cracker.exe UnIcOrn Gift.exe Warcraft 3 cracker.exe Website hacker v1.0.exe Windows Me crack.exe Windows XP license cracker.exe Yaha Fixtool.exe

It makes the registry entries:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run msconfig C:\winrun\msconfig.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices winrun c:\winrun\msconfig.exe So wird der Wurm bei jedem Systemstart erneut gestartet.

and also:
HKEY_LOCAL_MACHINE\Software\Microsoft\essengerService\Policies "IMWarning"="(M)Warning: The person who you are talking to is infected with a virus. Send him the removal tool that can be found in C:\klez_removal.exe(M)"
This creates a warning message in MSN Messanger, encouraging the user to send a copy of the worm to all Contacts.

It reduces the security level for KaZaA shared software, by modifying the registry entries:
HKEY_CURRENT_USER\Software\KAZAA\\AdvancedScanFolder 0x00000001 HKEY_USERS\.DEFAULT\Software\KAZAA\AdvancedScanFolder 0x00000001 HKEY_CURRENT_USER\Software\KAZAA\InstantMessagingIgnoreAll 0x00000001 HKEY_USERS\.DEFAULT\Software\KAZAA\InstantMessagingIgnoreAll 0x00000001 HKEY_CURRENT_USER\Software\KAZAA\UserDetailsAutoConnected 0x00000001 HKEY_USERS\.DEFAULT\Software\KAZAA\UserDetailsAutoConnected 0x00000001 HKEY_CURRENT_USER\Software\KAZAA\SettingsFolderWarning 0x00000000 HKEY_USERS\.DEFAULT\Software\KAZAA\SettingsFolderWarning 0x00000000 HKEY_CURRENT_USER\Software\KAZAA\LocalContent dir0 13263:C:\Winrun DisableSharing 0x00000000
HKEY_CURRENT_USER\Software\KAZAA\LocalContent dir0 13263:C:\Winrun DisableSharing 0x00000000
HKEY_CURRENT_USER\Software\KAZAA\ResultsFilter
adult_filter_level 0x00000000 bogus_filter 0x00000000 fiwewall_fileter 0x00000000 virus_filter 0x00000000
HKEY_USERS\.DEFAULT\Software\KAZAA\ResultsFilter adult_filter_level 0x00000000 bogus_filter 0x00000000 fiwewall_fileter 0x00000000 virus_filter 0x00000000
HKEY_CURRENT_USER\Software\KAZAA\SettingsQuarantine %WinDIR%\%StartupPath% HKEY_USERS\.DEFAULT\Software\KAZAA\SettingsQuarantine %WinDIR%\%StartupPath%

The worm also creates two files:
C:\Autostart.bat
C:\Ntwrk32.dll
說明撰寫者 Crony Walker 開啟 2004年6月15日星期二

返回 . . . .
https:// 為了你的安全,此視窗已加密。