高素梅 Gao Su-mei
---- 相信大家都已听到I love ---- I believe we have heard I love
you这个E-Mail病毒的消息啦,它已在多个国家大行其道,不少知名的大公司也中了招。 you this news E-Mail Virus friends, it has become very popular in many countries, many well-known large companies in the move. 据说国内也有很多人中了毒。 There are also a lot of people said that the poison. 当然啦,如果收到一封I love Of course, if you receive one I love
You的E-Mail,大家自然都想看看啦,谁让你等网人都这么年轻、还都有浪漫之心呢(^_^)? You's E-Mail, we naturally want to see you, why did not you and other network people are so young, it also has a romantic heart (^_^)? 应该承认,这个病毒的名子起得好,抓住了人 Should be recognized that the virus's name from the well, to seize the person
类的心理。 Psychology class. 如果改名为I love You very much、Marry you、Marry me等等,真不知还得毒倒多少人? If you renamed the I love You very much, Marry you, Marry me, and so, I really do not know how many people have poison down?
---- “I love ---- "I love
you”是一个用VBScript编写,可通过E-Mail散布的病毒(有点和以前的梅丽莎相似),而受感染的电脑平台以Win95/98/2000为主。其实I you "is written in VBScript, can be spread via E-Mail Virus (somewhat similar and the former Melissa), while the infected computer-based platform to Win95/98/2000 fact I
love love
you病毒的威力并不太大,比不上以前的CIH,要杀除也不难,而网上也有不少同类的病毒“任你下载”,但不知为何会惹来这么多的报导,据说经媒体广泛报导I you the power of the virus is not great, not as before CIH, except it is not difficult to kill, but online there are many similar viruses "either you download", but I do not know why so many reports give rise to, is said by extensive media coverage I
love you后,那些网络保安公司的股价立刻飙升,谁知这其中有什么关系? love you, those network security company's stock immediately soared, who knows of which have anything to do? ^_^ ^ _ ^
你的“中招过程” Your "poisoned the process."
---- 只要你打开这封充满爱意的E-Mail的attachment,就会立刻“中招”。 ---- As long as you open to this loving E-Mail of the attachment, it will immediately "caught." I love I love
you的script文件会自动执行,自行复制到以下目录: you will automatically execute the script file, copying itself to the following directory:
$windows/Win32DLL.vbs ($windows的目录) $ Windows/Win32DLL.vbs ($ windows directory)
$system/MSKernel32.vbs $ System/MSKernel32.vbs
($system目录,即c:\windows\system) ($ System directory, which is c: \ windows \ system)
$windows/LOVE-LETTER-FOR-YOU.TXT.vbs $ Windows / LOVE-LETTER-FOR-YOU.TXT.vbs
---- 然后将这些文件自动载入Registry,以后你启动电脑时便会自动执行,和一般病毒没两样。 ---- Then automatically load these files Registry, after you start your computer will automatically execute, and general virus Meiliang Yang. 虽然I love Although I love
you已有多个变种,但其原理是一样的。 you have several varieties, but the principle is the same.
I love You都做了些什么坏事? I love You have done a bad thing?
它会通过IE来下载一个可执行的Souce It through IE to download an executable Souce
Code,下载完毕后会将它加入Registry。 Code, the download is complete it will be adding Registry. 这有什么作用呢? What's the effect? 如果你玩过mIRc,它会找出你的mIRC程序,自行建立一个mIRC If you played mIRc, it will find your mIRC program, itself a mIRC
script格式文件,用来发送HTML文件。 script format, used to send HTML file. 这样就可以对所有加入你所在频道的用户发送HTML,并传染他们的IE。 This can be added to all users in your channel to send HTML, and transmitted them to the IE.
在你的E-Mail软件如Outlook的Address Book里寻找E-Mail In your E-Mail software such as Outlook Address Book in the search for E-Mail
Address,将病毒不断寄出,一个传一个,使病毒不断扩其大占领区。 Address, keep the virus sent a pass one, the virus continued to expand its major occupation.
扫描你的硬盘或网络共用的硬盘,自动将后缀是Vbs、vbe、js、jse、css、wsh、sct、hta、vbs、jpg、jpeg等的文件变改成病毒。 Scan your hard drive or network shared drives, automatically suffix is Vbs, vbe, js, jse, css, wsh, sct, hta, vbs, jpg, jpeg and other file changes into the virus.
将你的密码如Dialup密码及IP地址通过E-Mail发送给作者。 Dialup password as your password and IP address via E-Mail sent to the author.
解决方法 Solution
---- 1.用regedit指令来修改Registry,删除下列内容: ---- 1 with the regedit command to modify the Registry, delete the following:
HKEY_CURRENT_USER\Software\Microsoft HKEY_CURRENT_USER \ Software \ Microsoft
\CurrentVersion\Run\MSKernel32 \ CurrentVersion \ Run \ MSKernel32
HKEY_CURRENT_USER\Software\Microsoft HKEY_CURRENT_USER \ Software \ Microsoft
\CurrentVersion\RunServer\Win32DLL \ CurrentVersion \ RunServer \ Win32DLL
HKEY_CURRENT_USER\Software\Microsoft HKEY_CURRENT_USER \ Software \ Microsoft
\CurrentVersion\Run\WIN_BUGSFIX \ CurrentVersion \ Run \ WIN_BUGSFIX
---- 2.在硬盘内找WIN-BUGFIX.exe和LOVE-LETTER-FOR-YOU.HTM文件,并将它们完全删除。 ---- (2) in the hard disk to find WIN-BUGFIX.exe and LOVE-LETTER-FOR-YOU.HTM files, delete them entirely.
---- ----
3.检查所有后缀是Vbs、vbe、js、jse、css、wsh、sct、hta、vbs、jpg的文件,看看是否已被感染,如果有就完全删除之。 3 Check that all suffixes are Vbs, vbe, js, jse, css, wsh, sct, hta, vbs, jpg files to see if has been infected, if there is to completely remove it.
Tidak ada komentar:
Posting Komentar