一、 病毒标签:
病毒名称: Worm/Otwycal.I
病毒类型: 下载者
文件名称 :
MSDOS.rar
文件大小 :
14909 byte
文件类型 :
RAR archive data, v1d, os
MD5 :
8dd8c81a9ae267337198fc58e62c69ce
SHA1 :
e5bbc8a67a6d8d0f568680e114c0fb257af4499b
公开范围: 完全公开
危害等级: C
开发工具: Microsoft Visual C++ 6.0
加壳类型: WinUpack 0.39 final -> By Dwing壳
命名对照:
Microsoft
1.3408
2008.04.11
2008-04-11
Worm:Win32/Autorun.NZ
11.900
二、 病毒描述:
该病毒为下载者,运行后将连接网络下载其他病毒破坏系统。
三、 行为分析:
运行以后释放驱动:
C:\zzz.sys
连接网络下载下列病毒:
http://58.53.128.36/a0.exe
http://58.53.128.36/a1.exe
http://58.53.128.36/a2.exe
http://58.53.128.36/a3.exe
http://58.53.128.36/a4.exe
http://58.53.128.36/a5.exe
http://58.53.128.36/a6.exe
http://58.53.128.36/a7.exe
http://58.53.128.36/a8.exe
http://58.53.128.36/a9.exe
http://58.53.128.36/a10.exe
http://58.53.128.36/a11.exe
http://58.53.128.36/a12.exe
http://58.53.128.36/a13.exe
http://58.53.128.36/a14.exe
http://58.53.128.36/a15.exe
http://58.53.128.36/a16.exe
http://58.53.128.36/a17.exe
http://58.53.128.36/a18.exe
http://58.53.128.36/a19.exe
http://58.53.128.36/a20.exe
http://58.53.128.36/a21.exe
http://58.53.128.36/a22.exe
http://58.53.128.36/a23.exe
http://58.53.128.36/a24.exe
http://58.53.128.36/a25.exe
http://58.53.128.36/a26.exe
http://58.53.128.36/a27.exe
http://58.53.128.36/a28.exe
http://58.53.128.36/a29.exe
http://58.53.128.36/oko.exe
http://58.53.128.36/der.exe
http://58.53.128.36/blx.exe
并进行ARP插入代码:
http://a.158dm.com/one/arp.js
解决方案:
删除文件:
C:\zzz.sys
用HOSTS屏蔽:
58.53.128.36
www.newjian.com
您的位置: 首页 >> downloader病毒 >> 阅读资讯:下载者 Worm/Otwycal.I