MSN中了不名毒

2007-08-14 8:49 am
MSN中了不名毒
開了fd send來的擋

,開了MSN大約5-25分鐘 便自動send病毒擋給人 點算好??

那個病毒擋Del了還有 再開電腦也有 求救求救

回答 (4)

2007-08-14 8:52 am
✔ 最佳答案
我之前也中過了~~

你最好盡快剷走左個msn,之後scan多次有冇病毒起部電腦度,冇o既你就可以再install 返msn架啦~~

下次記住問清楚係咩file 先好收啦~~
2007-08-14 5:14 pm
小心最新msn病毒 "img1756.zip&am p;am p;am p;am p;qu ot; 千萬別下載開啟..災難開始!
“性感相冊”病毒介紹:
“性 感相冊”是一個利用MSN即時聊天工具進行傳播的蠕蟲。“性感相冊”運行後,在Windows目錄下創建病毒檔。修改註冊表,實現開機自啟動。通過 MSN即時聊天工具向MSN上的好友發送大小為479382位元組的photos.zip病毒包,該壓縮包裏面包含名為photos album- 2007-5-26 .scr病毒檔,同時會隨機向好友發送以下語句:
its only my photos!
Here are my private pictures for you
Here are my pictures from my vacation
My friend took nice photos of me.you Should see em loL!
Nice new photos of me and my friends and stuff and when i was young lol...
Nice new photos of me!! :p
Check out my sexy boobs :D
&a mp;a mp;a mp;a mp;n bsp;病毒以此來引誘用戶點擊,當用戶接收該ZIP壓縮包後,如果雙擊運行裏面的檔,就會成為一個新的病毒傳播源。中毒電腦將會連接遠端的IRC伺服器,接收駭客遠端控制,成為僵屍網路。
&a mp;a mp;a mp;a mp;n bsp;其變種MSN"性感相冊"變種g病毒運行後,將創建下列文件:
%WinDir%\System32\libcintles3.dll,2600 0位元組
%WinDir%\System32\msn.exe,116736位元組
&a mp;a mp;a mp;a mp;n bsp;其中,msn.exe檔為病毒主體,加NTKrnl的殼,libcintles3.dll檔會注入到Explorer.exe系統進程中,以 穿透防火牆,連接遠端IRC伺服器,接收駭客指令,使中毒電腦成為駭客手中的“肉雞”。該病毒會自動搜索msn上的好友,向對方發送 album71.zip、photo_album37.zip、photo12.zip?等帶毒壓縮包,同時還利用社會工程學原理向對方發送中文拼音消息 引誘對方接收病毒檔:
KAN WO DE& amp; amp; amp; amp; nbsp;ZHAOPIAN:P
NI HE WO!!!....QING K AN:P
&a mp;a mp;a mp;a mp;n bsp;如果用戶的安全意識較低,運行壓縮包內的帶毒檔,病毒就會通過msn的名單瘋狂的傳播病毒,用戶的電腦也就會成為一個新的病毒傳播源。
解決方案:
1.MSN用戶不要輕易接受來歷不明的檔,尤其是副檔名為*.exe,*.com,*.bat,*. scr,*.zip,*.rar?等格式的檔,遇到有人發來以上格式的檔請直接拒絕即可。
2.每天定時升級KV2007殺毒軟體,並開啟所有監控功能。
3.江民KV2007已經緊急升級了病毒庫,kv用戶及時升級殺毒軟體即可有效地攔截此病毒。
4.沒有安裝KV2007殺毒軟體的用戶,可以免費下載江民MSN"性感相冊"蠕蟲專殺工具對該病毒進行查殺。
性感相冊”蠕蟲專殺工具 軟體名稱:“msn性感相冊”蠕蟲專殺工具
軟體大小:113KB 作業系統:Win2003/XP/2000/NT/9 x/ME

技術支援:[email protected]

圖片參考:http://dl.jiangmin.com/download/images/down.jpg
2007-08-14 9:55 am
你應該中了此毒 我都有中:

你可以 delete 個 file 然後full scan 再 live update virus list


Also Known As: WORM_SDBOT.EXT [Trend], W32/Imagine-A [Sophos], MSNPoopy.A.worm [Panda Software], W32/Checkout!91d0b88a [McAfee]
Type: Worm
Infection Length: 27,136 bytes
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP

Once executed, the worm creates a mutex named 'JFAngaY' so that only one instance of the threat runs on the compromised computer.

It then drops and executes the following file, in order to stop the Security Center and winvnc4 service:
%SystemRoot%\a.bat

The worm then copies itself as the following file:
%Windows%\svchost.exe

It goes on to create the following registry entry so that it runs every time Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"Microsoft Genuine Logon" = "svchost.exe"

The worm then drops a zipped copy of itself as the following file:
%Windows%\img1756.zip

After dropping itself to the compromised computer, it connects to vpn.basecore.info on port 1863 to receive further commands. The worm can then be directed to perform the following actions:

* Update itself
* Download additional files
* Spread using MSN Messenger
* Delete itself

In order to spread over MSN, the worm sends the dropped zip file with one of the following messages to mislead users into downloading a zipped attachment of itself.

* look @ my cute new puppy :-D
* look @ this picture of me, when I was a kid
* I just took this picture with my webcam, like it?
* check it, i shaved my head
* have u seen my new hair?
* what the *****, did you see this?
* hey man, did you take this picture?



Recommendations
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":

Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server. These services are avenues of attack. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates.
If a blended threat exploits one or more network services, disable, or block access to, those services until a patch is applied.
Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services (for example, all Windows-based computers should have the current Service Pack installed.). Additionally, please apply any security updates that are mentioned in this writeup, in trusted Security Bulletins, or on vendor Web sites.
Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.
Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files.
Isolate infected computers quickly to prevent further compromising your organization. Perform a forensic analysis and restore the computers using trusted media.
Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.

Writeup By: Sean Kiernan
2007-08-14 8:52 am
buy one again
參考: me


收錄日期: 2021-04-13 18:11:51
原文連結 [永久失效]:
https://hk.answers.yahoo.com/question/index?qid=20070814000051KK00276

檢視 Wayback Machine 備份