基本介紹
- 中文名:魔鬼波
- 外文名:Worm.IRC.WargBot.a
- 處理時間:2006-08-14
- 威脅級別:★★★★
病毒介紹:,病毒行為:,
病毒介紹:
病毒別名:
病毒類型:蠕蟲 影響系統:Win 9x/ME,Win 2000/NT,Win XP,Win 2003
病毒行為:
1,生成檔案
%system%\wgareg.exe
2,添加服務,通過服務啟動
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wgareg
"ImagePath" = "%system%\wgareg.exe"
3,通過修改下列註冊表信息降低系統安全等級
software\policies\microsoft\windowsfirewall\standardprofile
"enablefirewall" = 0
software\policies\microsoft\windowsfirewall\domainprofile
"enablefirewall" = 0
software\microsoft\security center
"firewalldisableoverride" = 1
"firewalldisablenotify" = 1
"antivirusoverride" = 1
"antivirusdisablenotify" = 1
system\currentcontrolset\services\lanmanserver\parameters
"autosharewks" = 0
"autoshareserver" = 0
system\currentcontrolset\control\lsa
"restrictanonymoussam" = 1
"restrictanonymous" = 1
software\microsoft\ole
"enabledcom" = "n"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess
"Start" = 4
4,使用下列命令進行遠程控制
NiCK %.24s
USeR l l l l
PRiVMSG %.16s :%.480s
JOiN %.16s %.16s
USeRHOST %.16s
001
302
332
NiCK %.24s
433
