A 复制自身到系统目录的botzor.exe
B 增加键值"WINDOWS SYSTEM" = "botzor.exe"到注册表的HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run和HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
使得病毒每次开机后自动执行
C 修改键值"Start" = "4"从注册表的
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess 关闭 Windows 2000/XP 的文件共享.
D 连接到黑客指定的主机 diabl0.turkcoders.net 的 TCP 端口 8080 等待黑客指令
E 利用微软即插即用服务漏洞传播(参见微软安全公告MS05-039 http://www.microsoft.com/technet/security/bulletin/ms05-039.mspx)
F 修改 host 文件增加以下内容
.... Made By .... Greetz to good friend ..... Based On ....
MSG to avs: the first av who detect this worm will be the first killed in the next 24hours!!!
G 禁止访问以下网站,破坏杀毒软件升级
www.symantec.com
securityresponse.symantec.com
symantec.com
www.sophos.com
sophos.com
www.McAfee.com
mcafee.com
liveupdate.symantecliveupdate.com
www.viruslist.com
viruslist.com
viruslist.com
f-secure.com
www.f-secure.com
kASPersky.com
kaspersky-labs.com
www.avp.com
www.kaspersky.com
avp.com
www.networkassociates.com
networkassociates.com
www.ca.com
ca.com
mast.mcafee.com
my-etrust.com
www.my-etrust.com
download.mcafee.com
dispatch.mcafee.com
secure.nai.com
nai.com
www.nai.com
update.symantec.com
updates.symantec.com
us.mcafee.com
liveupdate.symantec.com
customer.symantec.com
rads.mcafee.com
trendmicro.com
pandasoftware.com
www.pandasoftware.com
www.trendmicro.com
www.grisoft.com
www.microsoft.com
microsoft.com
www.virustotal.com
virustotal.com
www.amazon.com
www.amazon.co.uk
www.amazon.ca
www.amazon.fr
www.paypal.com
paypal.com
moneybookers.com
www.moneybookers.com
www.ebay.com
ebay.com
病毒的清除法: 使用光华反病毒软件,彻底删除。 病毒演示: 病毒FAQ: Windows下的PE病毒。
发现日期: 2005-8-15
文章整理:西部数码--专业提供域名注册、虚拟主机服务
http://www.west263.com
以上信息与文章正文是不可分割的一部分,如果您要转载本文章,请保留以上信息,谢谢!
