W32.HLLW.Oror@mm

病毒名稱：W32.HLLW.Oror@mm

危害級別：中

傳播速度：低

1.此病毒傳送的電子郵件題目可能是下列各項中的一個：

Zdrasti..

Ohoo!!

Pisamce

Liubofta e kato Rai, no moje da boli kato Ad

TinKi WinKy!!

HeY :)

ZzZz :)

Vajno!!

Blondinkii:)

Hi BaBy :)

HeY..

aBcDeFgHiJkLmNoPqRsT..

Don't cry

Very Important

Miracle

LOVE is like HEAVEN but it can hurt like HELL.

Blondies Forever :)

Hi!!

WoWoWoWOWowo..

yoOo ;)

此病毒傳送的電子郵件附屬檔案可能是下列各項中的一個：

Love Zodiak.exe

TNT!CC gEN.exe

Panda Anti-Worm.exe

Blondies.exe

mTV Charts.exe

Setup.exe

Osama Your Mamma.exe

[TNT]!CC geN.exe

Sorry.exe

Magic.exe

Love.exe

Zodiak.exe

mTV.exe

Faith.exe

Kama Sutra.exe

Fun.exe

Smile.exe

Pamela.exe

Candy.exe

2.此網路蠕蟲病毒程式一旦被激活並開始運行，它將顯示如下假信息：

3.它能夠複製本身到系統資料夾並生成一個新檔案(在原檔案後加上2k,16,32)，如：

C:\%windir%\Rundll16.exe

此時，它還能夠產生鍵值(LoadCurrentProfile Rundll16.exe powprof.dll, LoadCurrentUserProfile)到註冊表編輯器:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run中，使得機器在一啟動時自動運行病毒程式。

4.它還能夠查找系統子資料夾C:\Program Files\Internet Explorer，並產生一個新檔案（在原檔案加上2k,16,32）,如：

C:\Program Files\Internet Explorer\Internet Explorer2k.exe

同時，它產生鍵值（Internet Explorer C:\Program Files\Internet explorer\Internet

Explorer2K.exe）到註冊表編輯器:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run中，使得機器在一啟動時自動運行病毒程式。

5.此蠕蟲病毒傳送它本身到全部的電子郵件地址，並利用它自己的SMTP引擎和默認的電子郵件程式擴展它自己，它傳送的電子郵件包含下列信息：

(1)題目：Zdrasti..

內容：

Hey, kak , ujas mi e toplo daji smqtam ei sq da si farlq edin dush che ne sa disha :) Skoro shti pratq onva det obeshtah, za sq mojesh da hvarlish edno oko na %s

(2)題目：Ohoo!!

內容：

Yoo, kak e havata, v momenta se 4ustvam mnoo qko i reshih da pisha na priqtelite :) nabarah edin mnoo zdrav site, %s - Cool a? Aide chakam otgovor :)

(3)題目：Pisamce

內容：

Neska mi se slu4iha kup neshta :) Oshte ot sutrinta adski mi varvi, shte vzema da pusna edin fish ~~P V takova dobro nastroenie sam 4e reshih da vi pisha. Pri teb kak e, Neshto novo ima li? Osven vsi4ko ti pratih i iznenadka, sled kato q instalirash si vij shti sa poqvi mnoo qka madama v Tray-a :) I naposledak poshtata mi stoi tajno prazna tai che ... :)) Doskoro

(4)題目：TinKi WinKy!!

內容：

Zdrasti, trqq da proveda edin razgovor s dosta hora, ama shi vidim koga sha stane tova, naistina imam da kazvam mnogo neshta .. Ako imash i ti neshto da mi kazvash, ne se kolebai, a napishi edno pisamce. Vqrvai v me4tite si i gledai napred :))

P.S. Pogledni attachmenta i vij dali shti dopadne :)) Kefi li te? Az mnoo mu sa radvah ;)) Bye

(5)題目：HeY :)

內容：

Tiriritam tiriram :)) zDraVeI, neshto novo?? :) Kak varvi lqtoto? Plaj, basein, kuponi :) Beshe mi skuchno i si vikam shto da ne napisha nqkoi drugo pismo :> Kakvoto i da stava da jivee lqtoto i nie pokrai nego ~~~PpPpPp. Vij iznendkata ~pP Aide i chakam..

(6)題目：HeY..

內容：

HeY.. Buddz what'z up :) How are you? I'm fine, 10x!! My friend Nina is here and we are.. You know :) Lalala !! I've just wanted to tell you. Btw check this site - %s, it's kewl :)) Cya

(7)題目：aBcDeFgHiJkLmNoPqRsT..

內容：

Hi, Don't forget about MAL"F" :) And don't tell anybody :Ppp have you seen this site? It's very interesting!! :) %s .. Leave this away, how are you? Send me sth cool, plzz :) bye! :)

(8)題目：Miracle

內容：

All I need is a miracle, all i need is love.. YeS. That's true i love you my friends :) If you are wondering why I am so happy - i'll tell you - I am enga.. oOps, later..Bye and uhh unzip the attachment. It's the best joke, i've ever seen. Bye, see ya :)

上述各題目的附屬檔案有可能是下列的一個：

Magic.exe

Love.exe

Zodiak.exe

mTV.exe

Faith.exe

Kama Sutra.exe

Fun.exe

Smile.exe

Pamela.exe

Candy.exe

而這個病毒也可能同時產生下列題目和附屬檔案：

(9)題目：Liubofta e kato Rai, no moje da boli kato Ad

內容：

Zdr, izpratih na vsichki edna programka, mnoo qka, btw to imeto si pokazva. Subject-a e ot tam i ima i drugi mnogo qki misli. Moje da pokaje nai-podhodqshtiq partnior v liubofta :)) Ujasno e kak liubofta moje da ubie vsichko v teb.. Za shtastie ne vinagi e taka :) Bye !!

附屬檔案：Love Zodiak.exe

(10)題目：ZzZz :)

內容：

Zdrasti, kak q karash :) az sam dobre, makar che naposledak imam malko problemi. Tvarde mnogo mi se strupa navednaj, mai i rakata mi e s4upena.. Kvo da se pravi, takav e jivota.. Vchera namerih nqkav generator na kreditni karti i mai bachka, samo edin go probvah ama stana, vij dali pri teb sha raboti i umnata :) I ne zabravqi che "Liuboftaa e po cennaa ot vsi4ko" :)) Chao ti

附屬檔案：TNT!CC gEN.exe

(11)題目：Vajno!!

內容：

Ima nov opasen virus v neta! Razprostranqva se predimno po IRC i ICQ. Vnimavai da ne se zarazish, zashtoto iztriva Mp3-ki, Filmi i Dokumenti. Izpratih ti patch, koqto shte te zashtiti ot zarazqvane. Iskah da napisha po-dulgo pismo, no nqmah vreme, sorka :( Naposledak imam adski mnogo rabota nalqvo nadqsno :)) Inache kak varvi? Aide doskoro i watch out :)))

附屬檔案：Panda Anti-Worm.exe

(12)題目：Blondinkii:)

內容：

Namerih edna mnoo qka programka i neznam zashto, no mi napomni za teb :)

Kakvo pravi blondinka kato rodi bliznaci? - Chudi se koi e vtoriq tatko :)

Kakva e razlikata mejdu 10 ovce i 3 blondinki? Otgovor: 7

Kak mojesh da razsmeesh blondinka v petak? - Kato i razkajesh vic vav vtornik :)

Zdrasti! kak si :) Kefqt li ta vicovete? Shegichka de :) Pratih ti q. Razkazva ti qki vicove za blondinki na 5 minuti :) Posmqh se za baq vreme napred :))) Bye, doskoro, i po chesto v chata, chao :}

附屬檔案：Blondies.exe

(13)題目：Hi BaBy :)

內容：

Hi baby, kak e :) ko si praikash? az si slusham muzichka - ATC i Mortal Kombat Soundtrack -

Varhovni sa, napravo izbuhnah :))) Drapnah si gi ot neta s taq programka - ima 200

kubriliona klasacii :) Naposledak muzikata e edno ot malkoto mi udovolstviq

P.S. Obezatelno si drapni ATC - Why oh why.mp3 :))

Chao, doskoro!!

附屬檔案：mTV Charts.exe

(14)題目： Don't cry

內容：

It won't be easy, you think it's strange, when I try to explain how i feel and I still want your love after all I have done. You won't believe me.. I had to let it happen, i had to change.. Hey, just kiddin' :) Madonna - "Don't cry" I've just wanted to .. Infact I don't know nothing i don't want to know anything :))) Do you like the funny program :) I'm waiting for the reply :>> Bye

附屬檔案：(Candy.exe)

(15)題目：Very Important

內容：

There is a very dangerous virus circulating in the net. It's called RoRo and it's using IRC to infect computers. This virus deletes movies, music and corrupt your windows installation. To prevent from infecting, install McAfee Anti-Script 2002. It's a 30-days demo.. So, how are you? Good, Bad? I'm oK. I wanted to write you a longer letter, but i didn't have enough time.. sorry. Bye

附屬檔案： Setup.exe

(16)題目：LOVE is like HEAVEN but it can hurt like HELL.

內容：

I've just found this program, and, I don't know why... but it reminded me of you. I read this there. There are cool ideas, especially about lOvE. i like it, but let's talk about you? Are you oK? Are you in love :))) I'm waiting for the replyyy :)) bye ~pPpP

附屬檔案： Love Zodiak.exe

(17)題目：Blondies Forever :)

內容：

Hiya :) I've just wannted to send you these jokes

- What do blondes wear behind their ears to attract men? Their ankles!!

- Why did god invent the female orgasm? So blondes know when to stop screwing!!

- What's the difference between a blonde and aeroplane? Not everyone's been in a aeroplane!

- What is a blond with hair black colored? Artificial intelligence!

附屬檔案： Blondies.exe

(18)題目：Hi!!

內容：

Hi baby :)) Whatz Uppp :)) I'm feelin extra power cause i got high in the sky :) sMiLe

:oP~pPPPpp Where are you? What are you doing? I send you a c00l flAsh :) See you soon :)) Bye Bye

附屬檔案： Osama Your Mamma.exe

(19)題目：WoWoWoWOWowo..

內容：

Hi again.. You can't guess what i've found.. Finally i've found a working Credit Card

generator!! I'm the richest man in the net :)) Don't tell or send it to anybody! How are you? What're you doing?Bye..

附屬檔案： Sorry.exe

(20)題目：yoOo ;)

內容：

YoOo :)) What a nice day, what a nice time :) What a nice world :)) Do you have any ATC's mp3z? eXtreemly cool :) I've found them with this program, it's like Napster, but it's legal :))

P.S. Download ATC - Why oh why.mp3 !!! Bye ~~~~ppPpP ;)

附屬檔案： mTV Charts.exe

6.此蠕蟲病毒複製到網路已分享檔案夾會產生下列各項檔案：

Kama Sutra.exe

GiRlZ FoReVeR (Wow).exe

Nikita v1.1 (Zip).exe

Pamela Anderson (Porno Installation).exe

Britney Spears Naked.exe

Teen Sex Cam.exe

Kurnikova Screensaver (6+).exe

CrEdIt CaRdZ gEn.exe

SeX.eXe

Faith.exe

解決方案：

1.及時升級防毒軟體，之後認真在整個硬碟上查殺此病毒，徹底清除掉查到的W32.HLLW.Oror@mm蠕蟲病毒。

2. 到註冊表編輯器:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run中將鍵值：

LoadCurrentProfile Rundll16.exe powprof.dll,LoadCurrentUserProfile和Internet Explorer C:\Program Files\Internet explorer\Internet Explorer2K.exe清除。