|
accesso diretto
OFFICE
TOOLS
WEB
| | |
|
|
|
|
Manuale
VIRUS |
05.08 | APPROFONDIMENTI VIRUS PER VIRUS WORM_CHET.A |
|
|
|
DESCRIZIONE
Questo virus crea una copia di se stesso nella directory di sistema C:\WINDOWS,
con il nome SYNCHOST1.EXE. Nella cartella C:\ crea il file BOOT.TXT di
zero byte. Altri nomi con cui si incontra l’infezione sono: W32/Anniv911.A,
W32/Chet@MM e Win32.Chet.
PROPAGAZIONE
Tenta di infettare altri utenti spedendo e-mail, che hanno come mittente
Main@World.Com, come oggetto “All people!!” e il seguente testo:
Dear ladies and gentlemen! The given letter does not contain viruses,
and is not Spam. We ask you to be in earnest to this letter. As you
know America and England have begun bombardment of Iraq, cause of its
threat for all the world. It isn't the truth. The real reason is in
money laundering and also to cover up traces after acts of terrorism
September, 11, 2001. Are real proofs of connection between Bush and
Al-Qaeda necessary for you? Please! There is a friendly dialogue between
Bin Laden and the secretary of a state security of USA in the given
photos. In the following photo you'll see, how FBI discusses how to
strike over New York to lose people as much as possible. And the document
representing the super confidential agreement between CIA and Al-Qaeda
is submitted to your attention. All this circus was specially played
to powder brains!! You'll find out the truth. Naked truth, instead of
TV showed. For your convenience, and to make letter less, all documentary
materials (photos and MS Word documents) are located in one EXE file.
Open it, and all materials will be installed on your computer. You will
receive the freshest and classified documents automatically from our
site. It isn't a virus! You can trust us absolutely. We hope, that it
will open your eyes on many things occurring in this world.
L’allegato del messaggio è '11september.exe ' (note there
is a trailing space).
ISTRUZIONI PER RIMUOVERE IL VIRUS
1. Avviare il PC in modalità provvisoria.
2. Fare la scansione del sistema con un antivirus aggiornato e prendere
nota dei file eseguibili infetti dal WORM_CHET.A.
3. Aprire il Task Manager di Windows (CTRL + ALT + CANC), cercare i
programmi infetti e terminare i relativi processi.
4. Aprire l’editor del registro di configurazione e aprire la chiave:
HKEY_CURRENT_USER – SOFTWARE – MICROSOFT – WINDOWS – CURRENTVERSION
– RUN
5. Nella parte destra della finestra cancellare la voce:
ICQ1="C:\WINDOWS\SYSTEM\synchost1.exe"
|
|
|
|
Manuale VIRUS |
05.08 |
APPROFONDIMENTI VIRUS PER VIRUS WORM_CHET.A |
|
|
|
|
|