¦pªG¤¤¥ª msn ¬r~
¥i¥HÂI°µØ{....
¨g¼u sd file msg ­Ú¤H....·Ð¦º¤H¦a lu~~

¦p¦³¤j«L¥X¤â¬Û§U~
¤p§Ì·P¿E¤£ºÉ~

¤£ª¾¬O¤£¬O«ü³o­Ó
¤]¤£ª¾¹D¬O¤£¬O­Ó­Ó³£³o¼Ësolve

ªñ¤é¤£Â_¦³msn¥Î¤á¤¤©Û¡A¨ººØvirus·|¥Ñ§Afriend listªº¤Hsend¤@­Ófile­Ú§A¡Afile name¦h¼Æ¬°IMGxxx.zipªºÀ£ÁYÀÉ¡C½Ð±µ¦¬¡A°Ý²M·¡¬O§_¯uªº¬O§AªºªB¤Ísend­Ú§A¥ý¦n¥i¡A§_«h´N.............ʨ

Photo.zip Virus ²¾°£¤èªk

MSN·Ó¤ù¬r photo.zip (Worm.IRC.MyPhoto.a) ¸Ñ¨M¤èªk


¯f¬r¦WºÙ¡GMSN·Ó¤ù¡]Worm.IRC.MyPhoto.a¡^
¯f¬rÃþ«¬¡GįÂίf¬r
¯f¬r¦M®`¯Å§O¡G¡¹¡¹¡¹¡¸
¯f¬rµo§@²{¶H¤Î¦M®`¡G¸Ó¯f¬r·|³q¹LMSNµo°e¤º®e¬°¡§HEY lol i¡¦ve done a new photo album !  
Second ill find file and send you it.¡¨¡B¡§Hey wanna see my new photo album?¡¨µ¥¤º®eªº®ø®§¡A¦P®Éªþ±a¤@­Ó¦W¬°photo album.zipªºÀ£ÁYÀÉ¡C



¥Î¤á¹B¦æ¸ÓÀ£ÁYÀɤ¤ªºµ{¦¡§Y·|³Q¯f¬r·P¬V¡C¯f¬rÁÙ·|¦b¥Î¤á¹q¸£ùØÄÀ©ñ¤@­Ó«áªùµ{¦¡¡AÀb«È¥i¥H§Q¥ÎIRC³nÅé»·ºÝ±±¨î¤¤¬r¹q¸£¡AÅѨú­Ó¤H¸ê®Æ¡A±q¦Ó¨Ï¥Î¤á­±Á{·¥¤jªº¦w¥þ«Â¯Ù¡C
¤â¤u§R°£¡G


¤@¡B§R°£¯f¬rªºµù¥Uªí±Ò°Ê±M®×


1¡B¹B¦æregedit¡A¥´¶}µù¥Uªí½s¿è¾¹¡C¥´¶}
HKEY_LOCAL_MACHINE¢ÎSOFTWARE¢ÎMicrosoft¢ÎWindows¢ÎCurrentVersion¢Î
ShellServiceObjectDelayLoad¡A§ä¨ì¡§rdshost¡¨©Î"syshosts"¤@¶µ¡A±N¨ä­È°O¿ý¤U¨Ó¡A¨Ã±N¸Ó¶µ§R°£¡C



ª`·N¡G¡§rdshost¡¨©Î"syshosts"¶µªº­È¬°¤@­ÓCLSID¡C¯f¬r²£¥Íªº³o¬qCLSID¤£©T©w¡A¥»¨Ò¤¤¬°¡G{C7B4EE78-A8FB-4C16-AE1F-C1A568949825}¡C
    2¡B¥´¶}HKEY_CLASSES_ROOTCLSID¡A§ä¨ì­è¤~°O¿ý¤UªºCLSID¶µ¡A¥»¨Ò¬°¡G{C7B4EE78-A8FB-4C16-AE1F-C1A568949825}¡A±N¨ä§R°£¡C



¤G¡B­«·s±Ò°Ê¹q¸£


¥Ñ©ó¸Ó¯f¬r¾n¯d°O¾ÐÅé¡A¦]¦¹¡A²M°£±¼±Ò°Ê±M®×«á¥²¶·­«·s±Ò°Ê¹q¸£¤~¯à°÷§R°£¯f¬rÀÉ¡C


¤T¡B§R°£¯f¬rÀÉ


1¡B¶i¤JWindows¡AÀq»{¬°C:¢Îwindows¡A§ä¨ì¦W¬°¡§photo album.zip¡¨ªºÀɨçR°£¡C



2¡B¶i¤J¨t²Î¥Ø¿ý¡AÀq»{¬°C:¢Îwindows¢Îsystem32¡A§ä¨ì¦W¬°¡§rdshost.dll¡¨©Î"syshosts"ÀɨçR°£¡]ª`·N¬ODLLÀɤ£¬OEXE¡^¡C


3¡B­«·s±Ò°Ê¹q¸£¡AÀˬd³o´X­ÓÀɬO§_¦s¦b¡A¦pªG¤£¦s¦b¡A«h¯f¬r¤w³Q²M°£°®²b¡C


´£¥Ü¡G¸Ó¯f¬r¤â¤u²M°£¸û¬°Ácº¾¡A«Øij¨Ï¥Î±þ¬r³nÅé²M°£¡C°w¹ï¡§MSN·Ó¤ù¡¨¯f¬r¡A¥Î¤áÀ³±Ä¨ú¦p¤U±¹¬I¡A¤£­n»´©ö³q¹LMSN±µ¦¬©M¹B¦æ­¯¥ÍÀÉ¡F¯f¬r§Q¥ÎMSN¶i¦æ¶Ç¼½¡A¤j¶q¦û¥Î¨t²Î¸ê·½©Mºô¸ô±a¼e¡A¦]¦¹¥ø·~§½°ìºô¥Î¤á§ó­n¥[±j¹ï¦¹¯f¬rªº¨¾½d¡F¾¨§Ö§ó·s¦Û¤vªº±þ¬r³nÅ骩¥»¡A·ç¬P±þ¬r³nÅé19.16.12ª©¥»¥i¥H¹ý©³²M°£¦¹¯f¬r¡C

copy from other:


[ ¥»©«³Ì«á¥Ñ noel ©ó 2007-8-21 11:34 PM ½s¿è ]

oh~you are so gd~
³£¸Ü¥ª¾ð¤¯¦P¾Ç¦n kind ¬[°Õ~
(©O¥y«Y¯u¬[~µù¥UªG¤é§Ú«YËݦP·s¥ÍÁ¿....)

sori~¦³³¥°Ý.....

«Y«}¤@¤G¤T³£­n°µ»ô¡H

¹B¦æregedit (­øª¾«§¾¤)
¥´¶}µù¥Uªí½s¿è¾¹¡C(­øª¾«§¾¤)

ÁÂ~

¹B¦æregedit = ¶}©l==>°õ¦æ==>¥´regedit
¤@ ==>¤G==>¤T ¬O¶¶§Ç°µ¤U¥h

°ª¤â½Ð§A¥´±Ï§Ú°Õ

§Ú­ø¤p¤ß¤¤¥ª©Û¡A¨ä¹ê§Ú³£­øª¾«Y­ø«Y¤¤©O­Ó¯f¬r¦ý«Y³£´X¦ü~~

§Ú«Y¶}©l->°õ¦æ->regedit
¨£¨ìµnºñ½s¿èµ{¦¡

«YHKEY_LOCAL_MACHINE¢ÎSOFTWARE¢ÎMicrosoft¢ÎWindows¢ÎCurrentVersion¢Î
ShellServiceObjectDelayLoad¡A
ݯ¨ì
(¹w³]­È)
CDBurn
PostBootReminder
SysTray
WebCheck
°£¥ª©O5¼Ë§Ú´NÚ»­ø¨ì°Õ¡A§Ú­øª¾À³¸Ó°µÉA

¦AÚ»®IHKEY_CLASSES_ROOT
¤J­±¥u«Y±o
(¹w³]­È)
´N«§³£µL

½Ð°ª¤â¥´±Ï§Ú°Õ
­ø¸Ó®Í¡A¸U¤G¤À·P¿E¡A³Ò·Ð®Í~~

¦pªG§AÚ»­ø¨ì §Y¬O¥Nªívirus¨S¦³¼g¤J§Aªºwindowsµn¿ýÀÉ¡A¨º´N®¥³ß§A¡A¤£¥²°µ¥H¤W·Ð´eªº°Ê§@¡C
¥u­n§Aanti-virus³n¥ó scan¨ì¤S¥i¥H²MªÅvirus´Nok¤F
(P.S. ¨ä¹ê§A¦³¤°»ò¼xª¬?)

¼xª¬¡G
¤@ª½³£µL°ÝÃD¡A¬ðµM¤§¶¡­Ómsn ·|lock¥ª¡AÉA³£°µ­ø¨ì
d¤H·|¦¬¨ì¤@¥y­^¤å¡A¦¸¦¸³£­ø¦P(eg.Look how cute we look in this picture?)
¤§«á¦³­Ófile


§Ú¥Î­Ónod32 ¬Jantivirus ¦Pad-aware¬Jspyware check¹L
¦ý«Y°ÝÃD³£µL§ïµ½.....

filename³£·|ÅÜ
³Ì¥ý«Y©O­Óimg317.zip
¤§«áÅÜ¥ªimgac157.zip

[ ¥»©«³Ì«á¥Ñ iyan ©ó 2007-8-22 12:29 AM ½s¿è ]

¦n¦³¥i¯à«YIRC-Worm.Win32.Agent.a [(Backdoor.Win32.IRCBot.acd) by Kaspersky Anti Virus.] Ê\·|auto send¤@D message­Ú¤H(¥]¬A¤¤­^¤å)
1)§A¥i¥H¥ý¹ý©³del©Ò¦³¦P§A­Ómsn¦³Ãöªºfile (uninstall, ¤â°Êdel©Ò¦³regedit¤ºªº°O¿ý, ¦w¸Ë¥Ø¿ý©³¤Uªº¬ÛÃöfileµ¥µ¥)
2)update³Ì·sªºvirus-defination ³Ì·sªºupdateÀ³¸Ó¤w¸g¦³©O­Óvirusªº¸ê®Æ (NOD32§Ú¤£¤Ó²M·¡¡A¤£¹L¦pªG§A¦³¥Îsymatic/norton´N¥i¥H¥h©xºôdownload ¤â°Êremoval tool¥hdel)
3)¥hsafe mode°µfull system scan
4)re-install msn´ú¸Õ

(²×Âk³£«Y­nª¾¹D«Y«§virus¡Aª¾¹D­Ó¦W´N¦n©ökoÊ\¡A°ß¦³´N¬Oupdate³Ì·svirus-defination¤~À°¨ì§A)

[ ¥»©«³Ì«á¥Ñ pinekin ©ó 2007-8-22 01:16 AM ½s¿è ]