i-worm/torvil.a
I-Worm/Torvil.a通过MicrosoftOutlook、OutlookExpress和文件共享网络进行传播。
基本信息
- 外文名
I-Worm/Torvil.a
- 病毒类型
网络蠕虫
- 危害等级
*
- 影响平台
Win9X/2000/XP/NT/Me/2003
基本内容
传播过程及特征:
1.复制自身:
%Windir%\Spoolxx.exe
%windir%\SMSSxx.exe
%windir%\svchost.exe
2.修改注册表:
[KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Service Host" = "%windir%\spoolxx.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\OneLevelDeeper]
"Service Host" = "%windir%\spoolxx.exe"
[KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Service Host" = "%windir%\svchost.exe"
[SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell" = "explorer.exe spoolxx.exe"
3.复制自身到ed2k-it、Xolox、Kazaa等文件共享软件程序的 共享文件夹以及%windir%\mstorvil.{21EC2020-3AEA-1069-A2DD-08002B30309D}文件夹下,文件名为:
ACDSee32 v2.41 Cracker.exe
Adobe Encore DVD 1.0 Cracker.exe
BearShare Pro v4.0.1 Cracker.exe