Email-Worm.Win32.Zhelatin.u_在线百科全书查询

Email-Worm.Win32.Zhelatin.u

该病毒运行后，病毒在当前目录下衍生一个随机命名的病毒副本，而后构造带有病毒副本的垃圾邮件以传播自身。

简介

行为分析(1 、邮件主题从下列字符串表中选取 2 、附件名从下列符串列表中选取 3 、伪造下列发信人从下列字符串中选取 4 、关闭包含下列字符串的程序进程 5 、邮件内容多为空 6 、在当前目录下衍生病毒副本)

清除方案

简介

病毒名称： Email-Worm.Win32.Zhelatin.u

中文名称：泽拉丁变种

病毒类型：蠕虫类

文件 MD5： BB78341288F265C0659D2A323BE2328E

公开范围：完全公开

危害等级： 5

文件长度：脱壳前 50,582 字节，脱壳后1,431,552 字节

感染系统： Win9X以上系统

开发工具： Microsoft Visual C++ 6.0

加壳工具： UPX变形壳

命名对照： McAfee [W32/Zhelatin.gen@MM] Avast![ Win32:Tibs-AII]

DrWeb [Trojan.Packed.14] DrWeb[BackDoor.Generic.1138]

AVG[Trojan horse Downloader.Tibs.3.A]

ClamAV [Trojan.Downloader-1381]

行为分析

1 、邮件主题从下列字符串表中选取

''I Love You with All I Am''''The Time for Love'' ''When You Fall in Love''''Your Love

Has Opened'' ''My Love'', ''Our Love is Free'',''Eternity of Your Love'', ''I Love You

Soo Much'' ''Wrapped in Your Arms'', ''Our Love Nest'' ''Hugging My Pillow'', ''The Dance

of Love'' ''Falling In Love with You'', ''Why I Love You'', ''A Kiss So Gentle'',''Miracle

of Love'',''A Token of My Love'', ''For You....My Love'', ''Our Love Will Last'',''Inside

My Heart'', ''The Miracle of Love'', ''Our Love is Strong'',''Love Remains'', ''I am

Complete'', ''I Dream of you'',''Dream Girl'', ''I Believe'', ''Unmatchable Beauty'',''Baby,

I'',27h,''ll Be There'' ''Rose for my Love'',''I Love You So'',''I Love Thee'', ''I'',27h,

''ll Be Your Man'',''Will You?'', ''Want You to Know'', ''Internet Love'', ''Only You'',

''Passionate Kiss'', ''Kiss Coupon'', ''Breakfast in Bed Coupon'', ''Romantic Picnic

Coupon'', ''Dinner Coupon'',''Massage Coupon'', ''A Relaxing Coupon'',''Steamy Sex

Coupon'', ''Bubble Bath Coupon'', ''Dream Date Coupon'',''A Day in Bed Coupon'',

''Feeling Horny?'', ''Kisses, Hugs & Roses'',''The Love Bugs'', ''A Little (sex) Card'',

''A Kiss for You'', ''A Monkey Rose for You'', ''I Woof You'', ''We Are Different'', n

''You Are My Guiding Star'', ''Puppy Love'',''You Rock Me!'', ''Times Are Hard, I Luv U'',

''Crazy way to say I Luv U'', ''You Were Worth the Wait'', ''Showers Of Love'',

''Can'',27h,''t Wait to See You!'', ''You'',27h,''re My Hero'', ''You Brighten My Day'',

''Love at First Sight'', ''The Mood for Love'',''I Love You Mower'', ''A Romantic Place'',

''We'',27h,''re a Perfect Fit'', ''Love is in the Air'', ''Emptiness Inside Me'', ''Our

Love Everyday'', ''I Can'',27h,''t Function'',''5 Reasons I Love You'',''You Lucky Duck!'',

''Peek-A-Boo'', ''Last Night was Hot!'', ''When I look at you'', ''You are out of this

world'', ''Memories'', ''Wild Nights--Wild Nights'',''I Think of You'', ''A Bouquet of

Love'', ''I Would Give you Anything''''Hold Me (distant love)'', ''Between Us'', ''In My

Heart'', ''From this day forward'',''You'',27h,''re Soo kissable'', ''Angel of Love'',

''Thinking about you'', ''Love for Granted'', ''How Much I Love You'', ''A Hug & Roses'',

''Summer Love'', ''A Weekend Getaway'', ''My Heart is Thinking'', ''Steamy Dream'', ''My

Heart belongs to you'',''Every Inch of Your Body'', ''Our love is torn by miles'', ''A

Special Kiss'', ''Won'',27h,''t you dance with me''A Red Hot Kiss'', ''The Sweet Taste

of Love'',''A Special Flower for You'', ''Just You & Me'', ''Till Morninig'',27h,''s

Light'', ''Your Silly Smile'', ''Trunk Full Of Love'',''Till Morning'',27h,''s Light'',

''The Letter'',''Bewitching Moonlight'', ''I Am Lost In You'', ''Fields Of Love'', ''We

Have Walked'', ''P.M.S'', ''So Unique'', ''Take My Hand'', ''Solitary Beauty'', ''Cuddle Me

Please'', ''Let'',27h,''s Get Frisky'', ''Teddy Bear & Roses'', ''Wish I Could Tell You'',

''Twilight Paradise'', ''Thinking of You'', ''Longing for You'', ''Twice Blest'', Forever

and Ever'', ''Dancing With You'', ''I Still Love You'', ''Soul Mates'', Two of a Kind'',

''He Blessed Our Lives'', ''Pockets of Love'', ''Live With Me'', ''Now I Know'', ''The

Kiss'', ''Vacation Love'',''I Would Do Anything'', ''You + Me'', ''Sending Kiss'', ''Safe

With You'', ''Love Birds'', ''It'',27h,''s Your Move'', ''In Love'', ''Love You Deeply'',

''The Long Haul'', ''I wish'', ''Together Again'', ''You'',27h,''re so Far Away''''Brand New

Love'', ''For You'', ''Wish Upon a Star'', ''You Asked Me Why'', ''Our Two Hearts'', ''All

That Matters'', ''Hold On'', ''You and I'', ''Someone at Last'', ''Made for Each Other'',

''Safe and Sound'', ''Cuddle Up'', ''With All My Love'', ''Heart is Breaking'', ''Everyone

Needs Someone'', ''When I'',27h,''m With You'', ''All For You'', ''For Better of For

Worse'', ''To New Spouse'', ''Forever in Love'', ''Full Heart'', ''Unique Love'', ''My Eye

on You'', ''Our Wedding Day'', ''Hey Cutie'', ''Against All Odds'', ''Cyber Love'', ''Old

Together'', ''Our Love'', ''That Special Love'', ''I Give to You'', ''Back Together'',

''Wine and Roses'', ''I Win with You'', ''Hand in Hand'', ''If I Could'', ''A Song to You''

''Search for One'', ''A Sweet Love'', ''JustYou'',''Thanks...Love'', ''Now and Forever'',

''Without Your Love'', ''This Day Forward'', ''Waiting for You'', ''My Perfect Love'',

''True Love'', ''The Candle'',27h,''s Light'', ''Words I Write'', ''You and I Forever'',

''You'',27h,''re the One'', ''Worthy of You'', ''My Invitation'', ''Until the Day'', ''Red

Rose'', ''This Feeling'', ''So in Love'', ''Want to Meet?'', ''Awaiting Your Love'', ''I

Always Knew'', ''With All of My Heart'', ''Soul Partners'', ''Tender Whispers'', ''With

This Ring'', ''Til the End of Time'', ''Heart of Mine'', ''If I Knew'', ''Touched by

Love'', ''Most Beautiful Girl'', ''Wrapped Up'', ''Evening Romance'', ''Doing It for You'',

''Window of Beauty'', ''Together You and I'', ''Sending You My Love'', ''Magic of

Flowers''

2 、附件名从下列符串列表中选取

大小为 50,582 字节

Flash Postcard.exe

flash postcard.exe

greeting postcard.exe

Greeting Postcard.exe

greeting card.exe

Greeting Card.exe

3 、伪造下列发信人从下列字符串中选取

''Zenia'', ''Zoe'', ''Zilya'', ''Xenia'', ''Xylia'',''Xandra'', ''Willa'', ''Wendy'', ''Vicky'',

''Vivian'', ''Violet'', ''Valora'', ''Vanessa'', ''Valda'', ''Ula'', ''Uma'', ''Sharon'',

''Silver'', ''Rosa'', ''Ruby'', ''Rita'', ''Rae'', ''Rachel'', ''Queen'',''Peggy'',''Pamela'',

''Olivia'', ''Olga'',''Nicole'', ''Naomi'',''Natalie'',''Nora'', ''Nina'',''Nova'', ''Nadia'',

''Maia'', ''Mary'', ''Melody'', ''Mimi'',''Myra'', ''Linda'', ''Lisa'', ''Lolita'', ''Lynn'',

''Laura'',''Lara'', ''Kara'', ''Kassia'', ''Kyle'',''Kali'', ''Kacey'', ''Katrina'', ''Janet'',

''Jewel'', ''Joanna'', ''Juliet'', ''Julie'', ''Ida'', ''Idona'', ''Isabel'', ''Iris'', ''Ivana'',

''Ivory'', ''Helga'', ''Holly'', ''Haley'', ''Gloria'', ''Gilda'', ''Gale'', ''Faith'', ''Emily'',

''Evelyn'', ''Eve'',''Erika'', ''Eliza'', ''Eden'',''Ebony'',''Donna'',''Dora'', ''Doris'',''Diana'',

''Danielle'', ''Daria'', ''Damita'',''Camille'',''Cara'',''Carla'',''Carmen'',''Clarissa'',

''Chelsea'', ''Caitlin'', ''Bettina'', ''Blenda'',''Bridget'', ''Briana'', ''Bella'', ''Becky'',

''Barbra'',''Aldora'', ''Alysia'',''Amorita'', ''Aretina'',''Ara'', ''April'', ''Anita''

4 、关闭包含下列字符串的程序进程

mcafee

taskmgr

hijack

f-pro

lockdown

msconfig

firewall

blackice

vsmon

zonea

spybot

nod32

reged

troja

viru

anti

alsys

Registry

Editor

5 、邮件内容多为空

6 、在当前目录下衍生病毒副本

另外可能会在系统目录下衍生病毒副本 alsys.exe。

注： % System% 是一个可变路径。病毒通过查询操作系统来决定当前 System 文件夹的位置。 Windows2000/NT 中默认的安装路径是 C:\\Winnt\\System32 ， windows95/98/me 中默认的安装路径是 C:\\Windows\\System ， windowsXP 中默认的安装路径是 C:\\Windows\\System32 。

清除方案

1 、使用安天木马防线可彻底清除此病毒 ( 推荐 )

2 、手工清除请按照行为分析删除对应文件，恢复相关系统设置。

(1)使用安天木马防线断开网络，结束病毒进程：

病毒文件名 /exe

(2)删除病毒释放文件。

(3)查找系系统目录下是否病毒副本 , 如有则删除：

alsys.exe

(4) 建议使用安天木马防线扫描全盘。

[tr=#f0f0f0][td=2,1]病毒标签：[td=1,1,16%][td=1,1,84%]

病毒名称： Email-Worm.Win32.Zhelatin.u

中文名称：泽拉丁变种

病毒类型：蠕虫类

文件 MD5： BB78341288F265C0659D2A323BE2328E

公开范围：完全公开

危害等级： 5

文件长度：脱壳前 50,582 字节，脱壳后1,431,552 字节

感染系统： Win9X以上系统

开发工具： Microsoft Visual C++ 6.0

加壳工具： UPX变形壳

命名对照： McAfee [W32/Zhelatin.gen@MM]

Avast![ Win32:Tibs-AII]

DrWeb [Trojan.Packed.14]

AVG[Trojan horse Downloader.Tibs.3.A]

ClamAV [Trojan.Downloader-1381] [td=2,1]病毒描述：

该病毒运行后，病毒在当前目录下衍生一个随机命名的病毒副本，而后构造带有病毒副本的

垃圾邮件以传播自身。 [tr=#f0f0f0][td=2,1]行为分析：[td=1,1,16%][td=1,1,84%]1 、邮件主题从下列字符串表中选取：