W32.Filukin.A@mm
admin
🕛 29.06.2005, 02:10
Обнаружен 27 июня.Последнее обновление 27 июня.
Тип: червь.
Длина кода: 45 кб.
Уязвимые системы: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP.
<more>
Описание:
Пытается закрыть все окна, содержащие строки:
Norton
AVP
AVP Monitor
Sygate Personal Firewall Pro
NOD32 Antivirus Program - [My Profile]
NOD32 Control Center
eTrust Antivirus - Local Scanner
F-Secure Anti-Virus
My Boo
Registry Monitor
Kaspersky Anti-Virus Monitor
HijackThis
Anti-Virus
BlackICE
BitDefender Sheild
BitDefender
My Friend$
Process Explorer - Sysinternals: www.sysinternals.com
Registry Monitor - Sysinternals: www.sysinternals.com
Norton AntiVirus Porfessional
Windows Security Center
Windows Firewall
Control Panel
Running
Turnz Offz Computerz
Logz offz Windowsz
Commandz Promptz
Kaspersky Anti-Virus personal
AVG E-Mail Server Edition - Advanced Interface
AVG E-mail Server Edition - Basic Interface
AVG E-mail Server Edition - Control Center
Pop3trap
Ad-Aware SE Personal
Spybot - Search & Destroy
Sophos Anti-Virus - SWEEP
Anti-Trojan - Infection Monitor
Norton AntiVirus
Registry Editor
Windows Task Manager
System Configuration Utility
Services
AntiViral Toolkit Pro
Kaspersky Anti-Virus Scanner
Ad-aware 6.0 Personal
System Restore
WinPatrol
Копирует себя в папки:
%Windir%Exit to DosPrompt.pif
%System%AutoRun.bat
[FOLDER NAME]MSKernell.bat
Добавляет значения
"NOYPI_KANG_ASTIG" = "%Windir%Exit to DosPrompt.pif"
"TANG_INA_MO" = "%System%AutoRun.bat"
в реестр HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
Копирует себя на все доступные диски под именами:
README.EXE
[RANDOM FILE NAME].eXe
Ищет e-mail адреса в файлах с расширением:
.htt
.htm
.html
.hta
.hte
.htx
.shtml
.stm
.asp
.xml
.doc
.rtf
.txt
.dbx
.php
.php3
.phtml
.jsp
.sql
.eml
.ini
.tbb
.tbi
Отправляет по найденным адресам себя в письмах с характеристиками:
Subject: FILIPINO'S SECRETS
Message Body: Hi! Look the Attach Document for more details about FILIPINOS...
Subject: LYRICS OF BAMBOO AND OTHER BOY BAND
Message Body: HOY! PINOY AKO! BUO AKING LOOB MAY AGIMAT AKO... FOR MORE LYRICS CHECK THE ATTACH FILE...
Subject: Philippines Government Top Secret
Message Body: The Government of the Philippines revealed the truth. For more information please read the Attach file...
Subject: New Virus Information
Message Body: Please read the attach file for more information about computer virus...
Subject: Ukinnam Virus Information
Message Body: If your computer has been infected by Ukinnam Virus. Open the attach file and follow the instruction to remove the virus...
Attachment:
DOCUMENT.DOC.exe
README.DOC.exe
INFO.DOC.exe
TAETAE.TXT.exe
DATA.DOC.exe
securityresponse.symantec.com/avc