Main symptoms:
1. It takes up a large amount of network speed, making machine use extremely slow.
2. All exefiles will be bundled, And the logo1.exe icon under winntwill be changed to the application icon only when the application program is used.
3. Sometimes some program boxes will pop up from time to time. Sometimes the application fails when it moves together, and sometimes it is forced to exit when it starts.
4. In Internet cafes, only win2k pro and server and XP systems are infected.
5. All restoration software can be bypassed.
Detailed technical information:
After the virus runs, logocmd.exe is generated at % windir %, and a file named virdll. dll is generated in the windws root directory.
% Windir % virdll. dll
The worm generates the following key values in the system registry:
Auto = 1
Password theft
The virus attempted to log in and steal the password of online game Legend 2 in the infected computer, and sent the password to the implant of the Trojan virus. Prevent the following antivirus software virus from trying to terminate the processes that contain the following processes, most of which are antivirus software processes. These include kabski and Kingsoft's drug overlord. Rising. 98% of anti-virus software is running. Chinese software has been killed by viruses after being poisoned. It is virus-antivirus software. Such as Kingsoft and rising. Which software can recognize viruses. But soon after I recognized it, I was killed. Change the % system % driversetchosts file by writing text information. This means that when the infected computer browses many sites (including many anti-virus sites), the browser will redirect to 66.197.186.149.
Virus infected computers running windows operating systems and spread through open network resources. Once installed, the worm will infect the. exe file in the infected computer. The worm is a windows pe executable file with a size of 82 K. Spread the worm over a local network and copy itself to the following network resources:
Admin $
Ipc $
Symptoms:
The worm will infect all files with .exe. However, it does not infect files whose paths contain the following strings:
Program files
Common files
Complus applicati
Documents and settings
Netmeeting
Outlook express
Recycled
System
System volume information
System32
Windows
Windows media player
Windows nt
Windowsupdate
Winnt
The worm deletes the processes listed below from the memory:
Eghost.exe
Iparmor.exe
Kavpfw.exe
Kwatchui.exe
Mailmon.exe
Ravmon.exe
Z
Internet cafes are damaged by this virus, resulting in large-scale card machines and paralysis. The harm level can be compared with the world's top 10 love backdoor variants. The virus can be transmitted over the network for 3 minutes. If the new system is in a toxic network environment, as long as the machine is connected to the Internet, it will surely win in three minutes. After you install rising skynet symantec mcafee gate rfw.exe ravmon.exe kill nav and other anti-virus software, you cannot remedy your system. The virus file logocmd.exe is the main virus, which automatically generates the sws32.dll sws required for virus attacks. dlll kill.exe and other files. These files are derived. He will quickly infect the core processes of systems such as ipve in the system and the executable files of .exe. The typical symptoms of the appearance are legends, bubble bubbles, and other game icons. At this time, the system resource availability is very low. Every time you restart the system, the virus attacks once. The virus is very vulnerable to weak defense awareness, and the Restoration software is not as fast as the Internet cafes in place, so the network transmission speed is fast and effective. The old version of anti-virus software cannot be detected, and the new version cannot be completely killed. 1. If a machine in an Internet cafe is infected with the virus, all machines in the internet cafe that are not poisoned are in danger. The virus attack is stored in memory. It can be propagated through explore.exe. Therefore, even if the recovery genie is installed, the machines on the recovery card will also be infected. After you restart, the system can be restored. However, once you start the system, it will still be infected.
Virus outbreaks generate additional viruses, such as pwsteal. lemir. gen and trojan. psw. lineage. These are all very powerful Backdoor programs. Similar to plug-in viruses, but its power is more than 50 times that of plug-in viruses. On the win98 platform, virus modification is less harmful. In win2000/xp/2003
The platform is fatal to the internet cafe system. The operating system is extremely slow. After you restart the system, you will find that all the. exe programs in your game are infected with the latest anti-virus software. Except that the system can barely run. You don't want to run anything else.
Virus Cleaning Method:
If the virus does not attack, the virus can be completely eliminated. If the attack happens, do not take the virus. Recover the disk directly.
1. Find the Registry
Auto = 1
Delete the downloadwww primary key
2. Find
Winlogo, delete c: winntsws32.dll next to the winlogo item, and then delete/runonce/runonceex In the hkey_local_machine] software/microsoft/windows/currentversi key.
C: winntsws32.dll
Delete all of the above values. Be sure not to delete the default values)
Skip this step if you do not have the above key values
3. Process Termination
Press the export ctrl+alt?del=key to pop up the task manager, find the logo=.exe and other processes, and end the process. You can use the green e process management software for easier processing. Find the expl0rer.exe process (note that the first letter is the number 0, not the letter o), find it, select it, and click "End Process" to cancel (if the expl0rer.exe process runs again, redo this step ).
Four-pack anti-virus software
After the installation, do not restart (remember) to directly upgrade the virus database. After the upgrade, delete all the files with viruses under the c: winnt directory. Then run anti-virus software to start anti-virus. After the removal. There are also several items that cannot be deleted by anti-virus software. Remember the names. Because different systems have different names. So it is unclear here. Write it down by yourself ., Re-launch and then anti-virus again. The end of the suspicious process. Otherwise, the anti-virus software cannot clean the virus. The most important thing is to set the virus that cannot be cleared by anti-virus software to delete files. It usually takes three to five times to clean the virus.
5. Check the anti-virus system.
A lot of system files are missing. The system is in a dangerous state. If you have a ghost backup. At this time, restore it. The system can be clean and lossless. If not, run the sfc command to check the file system. Run-enter the cmd command to enter the dos prompt. -Input sfc
/Scannow -- the system disk is displayed. -- Put it in. Then wait. Look at the results. The anti-virus effect is remarkable. The virus is cleared. However, many games won't be able to play after the virus is eliminated. I don't know what I am busy. Depressed. Then try again. Who is said to be poisoned is the anti-virus of the Internet cafe system and the prevention after the system is reinstalled. Some netizens may feel like this when dealing with viruses, or they may not be able to reinstall the system, but it will not take long for them to have the same virus, so there is the best immune program.
The immunization program will be published as follows for Internet users to download and use: We recommend that you disable the default sharing function when using the system. Disable ipc $ admin $ disable 554 Disable icmp routing. Set a password for all members in the administrator group. It is best to add numbers in English
You can Http://www.e169.net software download to find, you can directly download through the following URL:
Http://www.e169.net/showsoft.asp? Id = 28
File description after downloading and unzipping, there are three dellogo files. bat is stored in the winnt directory, and 98 users are stored in the windows directory delshare. put bat in the "Start" menu-"program"-"startup Item", so that the default sharing can be deleted after the computer is started, thus preventing the virus from spreading externally and from infecting again. Hosts file. Note that the Registry import file is for the win2000 system. If you are using another operating system, please refer to the modification.
The preceding operation only blocks transmission. If you are afraid of being infected with the virus, you must perform the following operations to prevent the virus from running the main virus program. Of course, the operations mentioned here are actually for the win2000 system. For other systems, refer to the operations:
Run gpedit. msc to open the Group Policy
Choose "user configuration"> "management module"> "system"> "do not enable windows programs. Then, click" add logo=exe ", which is the virus source file.
Check the situation of the logocmd.exe virus on the Internet, and summarize it based on my experience in eliminating the virus. Here, we will take a test for netizens who are interested in the virus, I have integrated the post by referring to "net Star" and other netizens. It is not my original work. It can only help you to clear this virus as soon as possible.
Check the situation of the logocmd.exe virus on the Internet, and summarize it based on my experience in clearing the virus. This is a reference for netizens who are interested in the virus, I have integrated the "net Star" and other netizens' posts. It is not my original work. It can only help you to clear the virus as soon as possible:
About logocmd.exe
Basic Introduction
Virus name Worm@w32.looked
Virus alias: virus. win32.delf. 62976 , W32/hllp. philis. j , W32.looked
Net-worm.win32.zorin.a
Virus Type worm (Network worm)
Virus detected on
Affected Platforms: windows 95/98/me, windows nt/2000/xp/2003
Risk Assessment
Degree of dissemination: Medium
Damage degree: Medium
Main symptoms:
1. It takes up a large amount of network speed, making machine use extremely slow.
2. All exefiles will be bundled, And the logo1.exe icon under winntwill be changed to the application icon only when the application program is used.
3. Sometimes some program boxes will pop up from time to time. Sometimes the application fails when it moves together, and sometimes it is forced to exit when it starts.
4. In Internet cafes, only win2k pro and server and XP systems are infected.
5. All restoration software can be bypassed.
Detailed technical information:
After the virus runs, logocmd.exe is generated at % windir %, and a file named virdll. dll is generated in the windws root directory.
% Windir % virdll. dll
The worm generates the following key values in the system registry:
Auto = 1
Password theft
The virus attempted to log in and steal the password of online game Legend 2 in the infected computer, and sent the password to the implant of the Trojan virus.
Prevent the following anti-virus software from running
The virus tries to terminate the processes that contain the following processes, mostly antivirus software. These include kabski and Kingsoft's drug overlord. Rising. 98% of anti-virus software is running. Chinese software has been killed by viruses after being poisoned. It is virus-antivirus software. Such as Kingsoft and rising. Which software can recognize viruses. But soon after I recognized it, I was killed. Change the % system % driversetchosts file by writing text information. This means that when the infected computer browses many sites (including many anti-virus sites), the browser will redirect to 66.197.186.149.
Virus infected computers running windows operating systems and spread through open network resources. Once installed, the worm will infect the. exe file in the infected computer. The worm is a windows pe executable file with a size of 82 K. Spread the worm over a local network and copy itself to the following network resources:
Admin $
Ipc $
Symptom
The worm will infect all files with .exe. However, it does not infect files whose paths contain the following strings:
Program files
Common files
Complus applicati
Documents and settings
Netmeeting
Outlook express
Recycled
System
System volume information
System32
Windows
Windows media player
Windows nt
Windowsupdate
Winnt
The worm deletes the processes listed below from the memory:
Eghost.exe
Iparmor.exe
Kavpfw.exe
Kwatchui.exe
Mailmon.exe
Ravmon.exe
Z
Internet cafes are damaged by this virus, resulting in large-scale card machines and paralysis. The harm level can be compared with the world's top 10 love backdoor variants. The virus can be transmitted over the network for 3 minutes. If the new system is in a toxic network environment, as long as the machine is connected to the Internet, it will surely win in three minutes. Install rising skynet symantec mcafee gate rfw.exe ravmon.exe kill nav and so on.
Virus software cannot remedy your system. The virus file logocompu.exe is the main virus, which automatically generates the sws32.dll required for virus attacks.
Files such as sws. dlll kill.exe. These files are derived. It will quickly infect kernel processes such as ipve IN THE SYSTEM AND
The typical appearance of executable files is legend, bubble Hall, and other game icons. At this time, the system resource availability is very low. Every time you restart the system, the virus attacks once.
The virus is very vulnerable to weak defense awareness, and the Restoration software is not as fast as the Internet cafes in place, so the network transmission speed is fast and effective. The old version of anti-virus software cannot be detected, and the new version cannot be completely killed. 1. If a machine in an Internet cafe is infected with the virus, all machines in the internet cafe that are not poisoned are in danger. The virus attack is stored in memory. It can be propagated through explore.exe. Therefore, even if the recovery genie is installed, the machines on the recovery card will also be infected. After you restart, the system can be restored. However, once you start the system, it will still be infected. Virus outbreaks generate additional viruses, such as pwsteal. lemir. gen and trojan. psw. lineage. These are all very powerful Backdoor programs. Similar to plug-in viruses, but its power is more than 50 times that of plug-in viruses. On the win98 platform, virus modification is less harmful. On the win2000/xp/2003 platform, the Internet cafe system is fatal. The operating system is extremely slow. After you restart the system, you will find that all the. exe programs in your game are infected with the latest anti-virus software. Except that the system can barely run. You don't want to run anything else.
Virus Cleaning Method
If the virus does not attack, the virus can be completely eliminated. If the attack happens, do not take the virus. Recover the disk directly.
1. Find the Registry
Auto = 1
Delete the downloadwww primary key
2. Find
Winlogo items
Delete c: winntsws32.dll next to the winlogo item
Next, set hkey_local_machine] software/microsoft/windows/currentversi to/runonce/runonceex.
Either of them is
C: winntsws32.dll
Delete all of the above values. Be sure not to delete the default values)
Skip this step if you do not have the above key values
3. Process Termination
Press the export ctrl+alt?del=key to pop up the task manager, find the logo=.exe and other processes, and end the process. You can use the green e Process Management Software
More convenient. Find the expl0rer.exe process (note that the first letter is the number 0, not the letter o), find it, select it, and click "End Process"
If the expl0rer.exe process runs again, redo this step ).
Four-pack anti-virus software
After the installation, do not restart (remember) to directly upgrade the virus database. After the upgrade, delete all the files with viruses under the c: winnt directory. Then run
Anti-Virus Software begins to attack viruses.
After the removal. There are also several items that cannot be deleted by anti-virus software. Remember the names. Because different systems have different names. So I cannot tell it clearly here.
Chu. Write it down by yourself ., Re-launch and then anti-virus again. The end of the suspicious process. Otherwise, the anti-virus software cannot clean the virus. And heaviest
To delete a file, set the virus that cannot be cleared by anti-virus software. It usually takes three to five times to clean the virus.
5. Look at the anti-virus system.
A lot of system files are missing. The system is in a dangerous state. If you have a ghost backup. At this time, restore it. The system can be clean and lossless. If not, run the sfc command to check the file system. Run-enter the cmd command to enter the dos prompt. -Input sfc
/Scannow -- the system disk is displayed. -- Put it in. Then wait. Look at the results. The anti-virus effect is remarkable. The virus is cleared. However, many games won't be able to play after the virus is eliminated. I don't know what I am busy. Depressed. Then try again. Who is said to be poisoned is the anti-virus of the Internet cafe system and the prevention after the system is reinstalled. Some netizens may feel this is difficult to clean up when dealing with viruses, or they cannot reinstall the system, but it's not long before the same virus exists, so it's best to have an immune program.
The immunization program will be published as follows for Internet users to download and use: We recommend that you disable the default sharing function when using the system. Disable ipc $ admin $ disable 554 Disable icmp routing. Set a password for all members in the administrator group. It is best to add numbers in English. Http://www.e169.net software download to find, you can directly download through the following URL: Http://www.e169.net/softdown/list.asp? Id = 25 indicates three dellogo files after downloading and unzipping. bat is stored in the winnt directory, and 98 users are stored in the windows directory delshare. put bat in the "Start" menu-"program"-"startup Item", so that the default sharing can be deleted after the computer is started, thus preventing the virus from spreading externally and from infecting again. Hosts file. Note that the Registry import file is for the win2000 system. If you are using another operating system, please refer to the modification.
The preceding operation only blocks transmission. If you are afraid of being infected with the virus, you must perform the following operations to prevent the virus from running the main virus program. Of course, the operations mentioned here are actually for the win2000 system. For other systems, refer to the operations:
Run gpedit. msc to open the Group Policy
Choose "user configuration"> "management module"> "system"> "do not enable windows programs. Then, click" add logo=exe ", which is the virus source file.
One more step
Token-related content.
The above is reproduced on the Internet. Now let me talk about my handling process.
Wking will create 15 files in the WINDOWS or WINNT directory: FUSE, sws32.dll, and sws. dll, KILL.exe, and virDll. dll, vDLL. dll; first Delete these virus files, and then re-create 15 identical files, set to completely deny access, read-only hidden, so that the general can defend against this virus. There is also a random-start defense software, which can automatically bind the local IP address, MAC address, gateway IP address, MAC address, without manual operation, it can also play a certain preventive effect on arp. If necessary, you can add my QQ or go to my forum to notify me.
Vikin virus, congratulations! You have done it, but you don't have to worry about it. Nothing amazing. After killing it, download the virus and study it on purpose !!!
1. Restart and press F8 to enter safe mode (you can skip this mode. If you do not enter safe mode, some files cannot be deleted)
2. It is recommended that you manually run the -regedit-edit -search -logo=.exeand rundl132.exe commands several times by using the.
3. Open my computer> Tools> Folder Options> View> hide protected operating system files ", select "show all files and folders" and click "OK.
4. Delete all files in the following three folders:
C: \ windows \ temp \\
C: \ Documents and Settings \ Administrator \ Local Settings \ Temp
C: \ Documents ents and Settings \ Administrator \ Local Settings \ Temporary Internet Files
5. Open c: \ windows \ and arrange the files according to the modification time, and delete all the files generated during the recent poisoning period (be careful with this, if the time is far away, it should be a system file. If it was generated on the day of your poisoning and what is the exe file, delete it), including. log File!
6. Open c: \ windows \ system32 \ and perform the same operations as 6. Delete the virus name file in these two folders, if you cannot find the virus, name it!
It must be noted that software cannot work with manual deletion.
References: http://www.jiangmin.com/download/VikingKiller.exe
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
