Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > the virus to be related > Content
Hot Articles
Worm.Win32.AutoRun.eee a
Trojan-Downloader.Win32.
The resistance kills the
Everybody may kill the p
Careful ^hard disk devi
Trojan-PSW.Win32.QQPass.
Trojan-Dropper.Win32.Sma
Trojan-PSW.Win32.OnLineG
DeviceWall 5.0 extends U
Trojan-Dropper.Win32.Sma
Worm.Win32.AutoRun.eee a
Trojan-PSW.Win32.QQPass.
The machine dog presents
Trojan-PSW.Win32.OnLineG
The machine dog presents
Recommend Articles
Trojan-PSW.Win32.QQPass.
The machine dog presents
Everybody may kill the p
Trojan-Dropper.Win32.Sma
How does the Trojan Hors
The resistance kills the
Careful ^hard disk devi
Trojan-PSW.Win32.OnLineG
Jinshan virus early warn
Under Professor differen
Trojan-Downloader.Win32.
08 year the first half o
Win32.Troj.OnlineGamesT.
Worm.Win32.AutoRun.eee a
07.13 viral early warnin
New Articles
Accidental examines (cha
The river people science
The auspicious star on S
The river people science
The auspicious star on S
The river people science
The auspicious star on S
River people science and
The auspicious star on S
River people science and
The auspicious star on S
Viruses and data loss ar
Wireless Internet access
90% of loss of assets in
Employee misuse of the c
Worm.Win32.AutoRun.eee analysis
  Add date: 07/15/2008   Publishing date: 07/15/2008   Hits: 78
Total 10 pages, Current page:1, Jump to page:
 
Viral label:
Viral name: Worm.Win32.AutoRun.eee
Chinese name: U plate parasite variety
Viral type: Worm
Document MD5: E4EFBDEEEDF0294E380578767D7217F3
Public scope: Completely public
Harm rank: 4
Document length: 237,568 bytes
Infection system: Windows98 above edition
Development kit: Microsoft Visual Basic 5.0/6.0
Adds the shell type: Does not have

Viral description:
  This virus is a worm class. After viral movement, releases the document to the system directory, opens when automatically the viral movement in way
The folder, uses the U plate parasite technology to found autorun.inf and MS-DOS.com under each logical floppy disk root directory
The document, achieves the toxicant machine under the habit the viral document dissemination; Virus's initialization mode uses the diversification, even if virus in
In the registry start item is deleted, the virus may also start; The dualized file hideaway protection, establishes in the folder option
The hideaway system guard file option not available and the hideaway assigns the suffix famous document; The camouflage and the reflection kidnap the technology, the reflection to kidnap much
The system essential advancement document, camouflages the viral document the system updating file as well as the registry opens the procedure and so on; Viral document
Uses the folder icon and in the system backup folder the establishment and the viral corresponding name system file, lets the user think that it is
The normal system file, serves the purpose which misleads the public; Maintains the toxicant original condition, the separator close-down optimization establishment, causes
Results in the switch engine speed promotion, causes the user not to be able to feel because of the machine poison slowing system; The virus uses the advancement interlock technology, sickness
After the poison moves completely, founds many advancements, various advancements protect each other.

Behavioral analysis:
Local behavior:
1st, after document movement, will grow the following document:
    %DriveLetter% \ autorun.inf
    %Temp% \ ~DF7634.tmp
    %Temp% \ ~DF8840.tmp
    %Temp% \ ~DF9A47.tmp
    %DriveLetter% \ MS-DOS.com
    %Windir% \ Cursors \ Boom.vbs
    %Windir% \ Fonts \ Fonts.exe
    %Windir% \ Fonts \ tskmgr.exe
    %Windir% \ Media \ rndll32.pif
    %Windir% \ pchealth \ Global.exe
    %Windir% \ pchealth \ helpctr \ binaries \ HelpHost.com
    %Windir% \ system \ KEYBOARD.exe
    %System32% \ dllcache \ autorun.inf
    %System32% \ dllcache \ Default.exe
    %System32% \ dllcache \ Global.exe
    %System32% \ dllcache \ Recycler. {645FF040-5081-101B-9F08-
    00AA002F954E} \ Global.exe
    %System32% \ dllcache \ Recycler. {645FF040-5081-101B-9F08-
    00AA002F954E} \ svchost.exe
    %System32% \ dllcache \ Recycler. {645FF040-5081-101B-9F08-
    00AA002F954E} \ system.exe
    %System32% \ dllcache \ rndll32.exe


 
Other pages: : 1 * 2 * 3 * 4 * 5 * 6 * 7 * 8 * 9 * 10 * Next>>
Prev:Win32.Troj.OnlineGamesT.se.65536 virus analysis Next:07.13 viral early warnings: ^dead pig downloading ̄ fail-safe software, downloading massive wooden

Comment:

Category: Home > the virus to be related
Home