Panda burning incense and how to solve virus
[Users questions | Browse:28 | Favorites]
Users questions:Virus
Experts answer: Panda burning incense virus analysis and solution of killer (killer 2 uid0.net) Date :2006-11-20 1, the virus description: contain the virus body files are run, the virus copies itself to the system directory, and modify registrationTable itself is set to boot entry, and traverse different drive, write to the disk itself to the root directory, add an Autorun.inf file, enabling users to activate the virus when you open the disc body. Then the virus body to open a thread for local file infection, open another thread in a web siteDownload ddos process launched malicious attacks. Second, the basic situation of the virus: [File Information] Virus Name: Virus.Win32.EvilPanda.a.ex $ Size: 0xDA00 (55808), (disk) 0xDA00 (55808) SHA1: F0C3DA82E1620701AD2F0C8B531EEBEA0E8AF69D Shell Information: Unknown hazards Level: High Virus Name: Flooder.Win32.FloodBots.a.ex $ size: 0xE800 (59392), (disk) 0xE800 (59392) SHA1: B71A7EF22A36DBE27E3830888DAFC3B2A7D5DA0D Shell Information: UPX0.89.6-1.02 * 1.05-1.24 hazardsLevel: Middle School, the virus acts: Virus.Win32.EvilPanda.a.ex $: 1, the implementation of the virus body, it will copy itself to the system directory:% SystemRoot% * system32 * FuckJacks.exeHKEY_LOCAL_MACHINE * SOFTWARE * Microsoft * Windows * * RunUserinit CurrentVersion "C: Win2K * * * SVCH0ST.exe system32" 2, Add registry start-up projects to ensure their own re-start after being loaded in the system: key path: HKEY_CURRENT_USER * SOFTWARE * Microsoft * Windows * CurrentVersion * Run keys: FuckJacpc : "C: * WINDOWS * system32 * FuckJacks.exe" : HKEY_LOCAL_MACHINE * SOFTWARE * Microsoft * Windows * CurrentVersion * Run keys: svohost key: "C: * WINDOWS * system32 * FuckJacks.exe" 3, copy itself to all drives root directory, named as Setup.exe, and generate a autorun.inf allows the user to open the disk to run the virus, and these two file attributes set to hidden, read-only, system. C: * autorun.inf1KBRHSC: * setup.exe230KBRHS4, closed a number of anti-virus software and security tools. 5, the connection *****.3322. Org to download a file, and the address of record according to the file to www .****. com to download a ddos program, download successful implementation of the program. 6, refresh bbs.qq.com, QQ show a link. 7, looping through the disk directory, infected files, andSkip critical system files, not infected Windows Media Player, MSN, IE and other programs. Flooder.Win32.FloodBots.a.ex $: 1, the implementation of the virus body, it will copy itself to the system directory:% SystemRoot% * SVCH0ST.EXE% SystemRoot% * system32 * SVCH0ST.EXE2, the virus downloads running, add the registry start-up projects to ensure their own re-start after being loaded in the system: key path: HKEY_LOCAL_MACHINE* SOFTWARE * Microsoft * Windows * * CurrentVersion Run : Userinit: "C: * WINDOWS * system32 * SVCH0ST.exe" 3, DDOs2 .****. com, get attacked and attacked configure address lists and, based on configuration file, make the appropriate attack. Configuration file as follows: www.victim.net:3389www.victim.net:80www.victim.com:80www.victim.net:801112050000 four solutions: 1, using the super-Patrol can completely clear the virus and recover infected files . 2, recommended clearance patrol when the first use of super-end process management tool-virus program, or system response is slow. 3, to suspend the process and remove the virus started the project see the Forum-related pictures. Copyright: Data Security Lab http: ** www.dswlab.comhttp: ** www.unnoo.com * Copyright (c) DSWLabAllrightsreserved
Experts answer: Panda burning incense virus analysis and solution of killer (killer 2 uid0.net) Date :2006-11-20 1, the virus description: contain the virus body files are run, the virus copies itself to the system directory, and modify registrationTable itself is set to boot entry, and traverse different drive, write to the disk itself to the root directory, add an Autorun.inf file, enabling users to activate the virus when you open the disc body. Then the virus body to open a thread for local file infection, open another thread in a web siteDownload ddos process launched malicious attacks. Second, the basic situation of the virus: [File Information] Virus Name: Virus.Win32.EvilPanda.a.ex $ Size: 0xDA00 (55808), (disk) 0xDA00 (55808) SHA1: F0C3DA82E1620701AD2F0C8B531EEBEA0E8AF69D Shell Information: Unknown hazards Level: High Virus Name: Flooder.Win32.FloodBots.a.ex $ size: 0xE800 (59392), (disk) 0xE800 (59392) SHA1: B71A7EF22A36DBE27E3830888DAFC3B2A7D5DA0D Shell Information: UPX0.89.6-1.02 * 1.05-1.24 hazardsLevel: Middle School, the virus acts: Virus.Win32.EvilPanda.a.ex $: 1, the implementation of the virus body, it will copy itself to the system directory:% SystemRoot% * system32 * FuckJacks.exeHKEY_LOCAL_MACHINE * SOFTWARE * Microsoft * Windows * * RunUserinit CurrentVersion "C: Win2K * * * SVCH0ST.exe system32" 2, Add registry start-up projects to ensure their own re-start after being loaded in the system: key path: HKEY_CURRENT_USER * SOFTWARE * Microsoft * Windows * CurrentVersion * Run keys: FuckJacpc : "C: * WINDOWS * system32 * FuckJacks.exe" : HKEY_LOCAL_MACHINE * SOFTWARE * Microsoft * Windows * CurrentVersion * Run keys: svohost key: "C: * WINDOWS * system32 * FuckJacks.exe" 3, copy itself to all drives root directory, named as Setup.exe, and generate a autorun.inf allows the user to open the disk to run the virus, and these two file attributes set to hidden, read-only, system. C: * autorun.inf1KBRHSC: * setup.exe230KBRHS4, closed a number of anti-virus software and security tools. 5, the connection *****.3322. Org to download a file, and the address of record according to the file to www .****. com to download a ddos program, download successful implementation of the program. 6, refresh bbs.qq.com, QQ show a link. 7, looping through the disk directory, infected files, andSkip critical system files, not infected Windows Media Player, MSN, IE and other programs. Flooder.Win32.FloodBots.a.ex $: 1, the implementation of the virus body, it will copy itself to the system directory:% SystemRoot% * SVCH0ST.EXE% SystemRoot% * system32 * SVCH0ST.EXE2, the virus downloads running, add the registry start-up projects to ensure their own re-start after being loaded in the system: key path: HKEY_LOCAL_MACHINE* SOFTWARE * Microsoft * Windows * * CurrentVersion Run : Userinit: "C: * WINDOWS * system32 * SVCH0ST.exe" 3, DDOs2 .****. com, get attacked and attacked configure address lists and, based on configuration file, make the appropriate attack. Configuration file as follows: www.victim.net:3389www.victim.net:80www.victim.com:80www.victim.net:801112050000 four solutions: 1, using the super-Patrol can completely clear the virus and recover infected files . 2, recommended clearance patrol when the first use of super-end process management tool-virus program, or system response is slow. 3, to suspend the process and remove the virus started the project see the Forum-related pictures. Copyright: Data Security Lab http: ** www.dswlab.comhttp: ** www.unnoo.com * Copyright (c) DSWLabAllrightsreserved
- Can not afford the advertising off your desktop
- Find the latest nod32 upgrading code
- Bandwidth Control
- How to deal with bdgdins.dll?
- Rising Antivirus
- What is-CIL59.tmp
- 360 cloud killing in the end work?
- 360 with the launch of the cloud security is not good ah! ! !
- Why do KB928366 and KB951847 Installation Failed?
- The question on the speed and dropping!
- This information provided by the users.Thanks!
Computer Knowledge Copyright 2005-2015 All Rights Reserved.