需要修復電腦?
聘請專家
Alias:I-Worm.Tanatos.a, PWS-Hooker.dll, PWS. Hooker.Trojaner
Type:Worm 
Size:29,020 Bytes 
Origin: 
Date:00-00-0000 
Damage:Sent by email, Keylogger function. 
VDF Version:  
Danger:Low 
Distribution:Low 

DistributionThe worm searches for email addresses in all files of type "*.asp" and "*.ht*". It replies to the unread emails in Outlook. It also sends itself to all email addresses found on the system. The worm activates itself without the email to be opened. The email it sends, looks like this:

From:
" Anna"
"JUDY"
"Rita Tulliani"
"Tina"
"Kelly Andersen"
"Andy"
"Linda"
"Mon S"
"Joanna"
"JESSICA BENAVIDES"
" Administrator"
" Admin"
"Support"
"Monika Prado"
"Mary L. Adams"

Subject: usually "Re:"

Body: empty

Attachment:
Card.DOC.pif
docs.DOC.pif
fun.MP3.pif
HAMSTER.DOC.pif
Humor.MP3.scr
images.DOC.pif
info.DOC.scr
Me_nude.MP3.scr
New_Napster_Site.MP3.pif
news_doc.DOC.scr
Pics.DOC.scr
README.MP3.scr
S3MSONG.DOC.scr
SEARCHURL.MP3.pif
SETUP.DOC.scr
Sorry_about_yesterday.MP3.pif
stuff.MP3.pif
YOU_are_FAT!.MP3.scr

Technical DetailsWorm/BugBear.2 inserts a keylogger function into the system directory, named KDLL.DLL. This Trojan tries to collect personal information and to send it to the author by email.
When activated, the worm copies itself in Windows system directory as KERNEL32.EXE and makes the following registry entry, for automatic start:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ RunOnce\kernel32=kernel32.exe
說明撰寫者 Crony Walker 開啟 2004年6月15日星期二

返回 . . . .

© 2013 Avira Operations GmbH & Co. KG. 保留所有權利.

我的帳戶

https:// 為了你的安全,此視窗已加密。