|
昨天怀疑电脑中毒,来发贴求助,
可惜没人答复,现在已经证实,确实感染最新病毒W32/Fizzer@MM,现在简单介绍一下,避免大家重蹈我的覆辙
我发这帖子,目的不是盖楼,只是希望大家不中毒
敬请注意以下病毒警告,检查您的计算机是否安装最新的防病毒软件(当前版本为2003-5-12),并检查您的Office是否已经安装最新的Service Pack3,如果尚未安装,请立即进行安装,谢谢合作!
Please be kindly note the following virus warning, please check if you have installed the newest anti-virus software (the current version is 2003-5-12), and check if you have applied the newest Office 2000 Service pack3. If you haven't done that, please do it immediately! Thanks for your cooperation!
如果您受到类似下面的邮件,请不要打开,它可能包含最新的计算机病毒 W32/Fizzer@MM
If you receive the following email, please don't open it, it may includes the newest virus W32/Fizzer@MM
Virus name: W32/Fizzer@MM
Risk assessment: Medium-on-Watch
Subject: why?
Body: The peace
Attachment: desktop.scr
Subject: Re: You might not appreciate this...
Body: lautlach
Attachment: service.scr
Subject: Re: how are you?
Body: I sent this program (Sparky) from anonymous places on the net
Attachment: Jesse20.exe
Subject: Fwd: Mariss995
Body: There is only one good, knowledge, and one evil, ignorance.
Attachment: Mariss995.exe
Subject: Re: The way I feel - Remy Shand
Body: Nein
Attachment: Jordan6.pif
(发帖时间:2003-05-14 08:03:14)
---属于夜空 J
回复(1):
病毒带木马,影响比较讨厌,
我试了几种最新版本的杀毒软件,对他都无效,
我是手工删除的,
删除注册表里的键值HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
SystemInit = %WINDOWS%\iservc.exe
以及windows主目录下的4个文件
initbak.dat (220,160 bytes) - A copy of the worm
iservc.exe (220,160 bytes) - A copy of the worm
ProgOp.exe (15,360 bytes) - Process handling
iservc.dll (7,680 bytes) - Handles timing and windows hooking/keylogging
并用防木马软件清除木马(确实发现几个)
由于我用的是公司电脑,影响比较大,处理也比较麻烦
所以提醒大家注意
===============
该病毒作用目前尚无定论,以下为转载:
The minimum engine for detection of this threat is the 4.1.60 engine, however to remove it the 4.2.40 engine is required. AVERT recommend ALL users (Enterprise and Consumer) update to the 4.2.40 engine immediately to stay protected from this threat.
This mass-mailing worm has many components and an internal timer to trigger different processes at different times. These include:
Mass-mailing itself to addresses gathered from different places
Outlook Contacts list
Windows Address Book (WAB)
Addresses found on the local system
Randomly manufactured addresses
IRC bot (Internet Relay Chat)
AIM bot (AOL Instant Messenger)
Keylogger
KaZaa worm
HTTP server
Remote access server
Self-updating mechanism
Anti-virus software termination
The worm contains its own SMTP engine and uses the default SMTP server as specified in the Internet Account Manager registry settings. It can also use any one of several hundred different external SMTP servers.
另外,病毒发现日期是5月8日
世界上对该病毒并无定论,由于带木马,可能有其他影响,所以请大家不要太过于相信各种更新后的杀毒软件 |
|