病毒对注册表进行修改,使得在下次系统启动时,病毒可随之自动运行HKEY_CURRENT
_USERSoftwareMicrosoftWindows NTCurrentVersionWindows Run ="RAVMOND.exe"HKEY_L
OCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionrunServices"COM++ System"="e
xploier.exe……""SystemTra"="%windows%CDPlay.exe"HKEY_LOCAL_MACHINESoftwareMic
rosoftWindowsCurrentVersionRun"Winhelp"="%system%TkBellExe.exe……""Hardware P
rofile"="%system%hxdef.exe……""Program in Windows"="%system%IEXPLORE.exe"HKEY
_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun Program In Windows ="C
: %System%IEXPLORE.EXE"病毒修改注册表项,使得txt文件运行时病毒随之运行HKEY_CL
ASSES_ROOTtxtfileshellopencommand(Default) ="Update_OB.exe %1……"
病毒发送的邮件特征如下主题:(为下列之一)testhi hello Mail Delivery Syste
m Mail TransactionFailed Server Report Status Error内容:(为下列之一)pass Ma
il failed. For further assistance,please contact!The message contains Unicod
echaracters and has been sent as a binaryattachment.It's the long-awaited film
version ofthe Broadway hit. The message sent as a binaryattachment.附件名称:
(为下列之一)document readmedoc text file data test message body附件的扩展名
:(为下列之一)bat cmd exe pif scr
4、通过网络共享传播
病毒将自身拷贝到网络中的共享文件夹,用以传播WinRAR.exe Internet Explorer.b
at Documents andSettings.txt.exe Microsoft Office.exe WindowsMedia Player.zip.
exe Support Tools.exeWindowsUpdate.pif Cain.pif MSDN.ZIP.pif autoexec.bat