W32.Filukin.A@mm

admin

🕛 29.06.2005, 02:10

Обнаружен 27 июня.
Последнее обновление 27 июня.
Тип: червь.
Длина кода: 45 кб.
Уязвимые системы: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP.
<more>
Описание:
Пытается закрыть все окна, содержащие строки:
Norton
AVP
AVP Monitor
Sygate Personal Firewall Pro
NOD32 Antivirus Program - [My Profile]
NOD32 Control Center
eTrust Antivirus - Local Scanner
F-Secure Anti-Virus
My Boo
Registry Monitor
Kaspersky Anti-Virus Monitor
HijackThis
Anti-Virus
BlackICE
BitDefender Sheild
BitDefender
My Friend$
Process Explorer - Sysinternals: www.sysinternals.com
Registry Monitor - Sysinternals: www.sysinternals.com
Norton AntiVirus Porfessional
Windows Security Center
Windows Firewall
Control Panel
Running
Turnz Offz Computerz
Logz offz Windowsz
Commandz Promptz
Kaspersky Anti-Virus personal
AVG E-Mail Server Edition - Advanced Interface
AVG E-mail Server Edition - Basic Interface
AVG E-mail Server Edition - Control Center
Pop3trap
Ad-Aware SE Personal
Spybot - Search & Destroy
Sophos Anti-Virus - SWEEP
Anti-Trojan - Infection Monitor
Norton AntiVirus
Registry Editor
Windows Task Manager
System Configuration Utility
Services
AntiViral Toolkit Pro
Kaspersky Anti-Virus Scanner
Ad-aware 6.0 Personal
System Restore
WinPatrol

Копирует себя в папки:
%Windir%Exit to DosPrompt.pif
%System%AutoRun.bat
[FOLDER NAME]MSKernell.bat

Добавляет значения
"NOYPI_KANG_ASTIG" = "%Windir%Exit to DosPrompt.pif"
"TANG_INA_MO" = "%System%AutoRun.bat"
в реестр HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun

Копирует себя на все доступные диски под именами:
README.EXE
[RANDOM FILE NAME].eXe

Ищет e-mail адреса в файлах с расширением:
.htt
.htm
.html
.hta
.hte
.htx
.shtml
.stm
.asp
.xml
.doc
.rtf
.txt
.dbx
.php
.php3
.phtml
.jsp
.sql
.eml
.ini
.tbb
.tbi

Отправляет по найденным адресам себя в письмах с характеристиками:
Subject: FILIPINO'S SECRETS
Message Body: Hi! Look the Attach Document for more details about FILIPINOS...

Subject: LYRICS OF BAMBOO AND OTHER BOY BAND
Message Body: HOY! PINOY AKO! BUO AKING LOOB MAY AGIMAT AKO... FOR MORE LYRICS CHECK THE ATTACH FILE...

Subject: Philippines Government Top Secret
Message Body: The Government of the Philippines revealed the truth. For more information please read the Attach file...

Subject: New Virus Information
Message Body: Please read the attach file for more information about computer virus...

Subject: Ukinnam Virus Information
Message Body: If your computer has been infected by Ukinnam Virus. Open the attach file and follow the instruction to remove the virus...

Attachment:
DOCUMENT.DOC.exe
README.DOC.exe
INFO.DOC.exe
TAETAE.TXT.exe
DATA.DOC.exe

securityresponse.symantec.com/avc