Logo_1.exe Mutant Virus Solution _ Virus killing

Logo_1.exe Mutant Virus Solution

After the attachment decompression, the files inside the virus folder are copied to the c:\windows\ below. Rest assured. These are empty files. The file name is the same as the virus name. But it's all 0 bytes.
Then run Logo1virus.bat to add the system to the files that were just put under c:\windows\. Hide. Read Only 3 properties.
That's it. can prevent Sunway virus. That is to say, even if you have a Sunway virus in your machine. It's 100% impossible!
For double Insurance. Please proceed to the next step:
Start-run input gpedit.msc
User Configuration-Administrative Templates-the system does not run the specified Windows program.
Enabled, and then shown below to add the filename in the virusname.txt.

Logo1.rar inside is a virus. You can try it. Even if you run this virus, it will not attack or infect.

I'm not going to say anything. I hope everyone has good luck. The latest report of the rising. There are now tens of thousands of people in this drug. Only 3 days. Thousands of internet cafes were poisoned within 2 days. Not to be overlooked.

The table says you've never seen this QQ message.

Look at that. My recent photos to scan the QQ album on the ^_^!

http://www.qq.xxx.search_2.shtml.cgi-client-entry.photo.39pic.com/qq%E5%83%8F%E5%86%8C2/

If you order ...

The table said you wouldn't point. If you are at home. Is your computer just for your own use? If you don't take it easy. So ...
If you are in the Internet café, other people point to the Internet café ...

Virus information:
Virus Name: Worm.Viking.bo WORM.VIKING.BP
MacFee Detection for Trojan class Trojan
The truth is far from so simple ...

Infection way: At present for through QQ information infection. Of course. No denying that someone would use a malicious Web page to spread

Feature: After infection, there will be a Logo1_.exe file in the Windows folder in C. After running virus body is Logo1_.exe kill.exe sws32.dll sws.dll rundl132.dll etc.
Modify the Registration Form
The virus modifies the registry, in [Hkey_local_machine\software\microsoft\windowsnt\currentversion\inifilemapping\system.ini\boot] Winlogo Xiang
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun and
[HKEY_LOCAL_MACHINE] software/microsoft/windows/currentversion/runservices/Add the key value =%system% (where, and for the variable), making the next
When the system starts, the virus can run automatically with it.

After poisoning, the virus can rapidly infect core processes such as Explorer.exe.
And all the. exe executable programs ... is completely modified. Instead of simply modifying the file association ... The specific performance is. The game icon changes color. or becomes blank. Basically, it's the virus. That means you have to format the hard drive all.
Add the Logo1_.exe process. And a few other forgotten names.

At the same time, the release of the game Trojan Horse. Including WOW, legend, western Tour. Trojan.psw.lineage table asked me what it is ...

You can say. I have anti-virus software. Unfortunately, the virus has a function. It kills antivirus software. The virus runs the following processes:
Rising
Skynet
Symantec
Mcafee
Gate

Rfw.exe
RavMon.exe
Kill
NAV
KAV
The table tells me I don't know what the process is.

You can say. I have the restore software. Unfortunately, the virus can penetrate the Restoration wizard, freezing point, and other major reduction software. I'm testing it. Even the restore card is useless.

You can say that. I have ghost. It's OK to recover. Unfortunately, because it is a total infection. It's no use restoring a mirror image.

For poisoned friends. I can only say my condolences. If you really want to fix it, there are the following options.

Enter Safe mode what are the table points. Start-run-regedit
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Nt\currentversion\inifilemapping\system.ini\boot]
Winlogo Items
Delete. C:\WINDOWS\SWS32. Dll

Hkey_local_machine]software/microsoft/windows/currentversion/run cut off C:\WINDOWS\SWS32.dll similar to delete. and/runonce/. The RunOnceEx item inside also examines.
For security. Search for the following values in the registry Logo1_.exe logo_1.exe Kill.exe Sws32.dll sws.dll rundl132.dll The search to the key values are deleted.

The key values that were searched. Be sure to remember the path. such as C:\windows\sws32.dll C:\windows\logo1_.exe, etc. the registry information is deleted. In C, delete these things.

Then in the run, enter the Msconfig in the back of the boot entry. Cancel all the items you haven't seen before.

If it is an Internet café. The server service must be off. Because the virus spreads through sharing. and tries to unlock the user's password for the shared machine. The purpose of transferring files.

Do this step. Please install Kaspersky. And then remove all the infected objects. Of course, with the consistent style of the death of Kabbah. N Multiple system files will be deleted. Please use system repair to repair the system ... Over.

In fact, by my means. The poison. Basically there is no need to repair. The virus realizes itself to replicate more. The trouble is to reload the system. How do you stop infecting this virus? That's what I want to say. After checking the virus data. And I used to manual antivirus experience. I use the following anti-virus ideas.

After the system has been reinstalled. (Install the system procedure, unplug the network cable) create several new files under C:\windows\. Named respectively
Logo1_.exe Logo_1.exe Sws32.dll Sws.dll etc. and set the file property to read-only.
In fact, the virus is the culprit is logo1_.exe in theory, only to create this one on it.

Start-run input gpedit.msc
Local Computer Policy--User Configuration--Administrative Templates--Double-click the right side. Do not run the specified Windows program Select an enabled point below the display there add the following filename logo1_.exe logo_1.exe kill.exe As for whether there are other virus principal names. We'll check more.

To this point. Basically, the virus will not work.
In fact, there is a way to prevent logo1_.exe operation. Just add a batch to the startup entry. The batch content is

attrib c:\window\logo1_.exe-r-H
Del c:\window\logo1_.exe/y
Copy a few more lines. Add the other file names you want to delete

is to delete the files when you start the system. Of course it can't run ... However, this approach usually fails.;)

There is a point is to prevent the DOT QQ information inside the link. Open the QQ Security Center. If you want to display the links in QQ information but don't want to point him. There is also a way.

In the QQ menu-Settings-security Settings-Network information security to set the security level to the highest. The following chat information security inside two hooks are removed.
Tables into unfamiliar websites.

In a word. Good surfing habits are the best anti-virus tool.

The hands are all sour. I hope we can help ...

PS: I have a poor ability to express. Table strikes me. I have no idea where I am.

The following is a modified Logo1virus.bat

Saved the first step. That is, after running the Logo1vires.bat directly. To modify Group Policy. The modified Logo1virus.bat content is

---------------------------------------------------

echo > C:\windows\Logo1_.exe
echo > C:\windows\rundl132.exe
echo > C:\windows\0Sy.exe
echo > C:\windows\vDll.dll
echo > C:\windows\1Sy.exe
echo > C:\windows\2Sy.exe
echo > C:\windows\rundll32.exe
echo > C:\windows\3Sy.exe
echo > C:\windows\5Sy.exe
echo > C:\windows\1.com
echo > C:\windows\exerouter.exe
echo > C:\windows\EXP10RER.com
echo > C:\windows\finders.com
echo > C:\windows\Shell.sys
echo > C:\windows\smss.exe
echo > C:\windows\kill.exe
echo > C:\windows\sws.dll
echo > C:\windows\sws32.dll

attrib c:\windows\Logo1_.exe +s +r +h
attrib c:\windows\rundl132.exe +s +r +h
attrib c:\windows\0Sy.exe +s +r +h
attrib c:\windows\vDll.dll +s +r +h
attrib c:\windows\1Sy.exe +s +r +h
attrib c:\windows\2Sy.exe +s +r +h
attrib c:\windows\rundll32.exe +s +r +h
attrib c:\windows\3Sy.exe +s +r +h
attrib c:\windows\5Sy.exe +s +r +h
attrib c:\windows\1.com +s +r +h
attrib c:\windows\exerouter.exe +s +r +h
attrib c:\windows\EXP10RER.com +s +r +h
attrib c:\windows\finders.com +s +r +h
attrib C:\windows\Shell.sys +s +r +h
attrib c:\windows\smss.exe +s +r +h
attrib c:\windows\kill.exe +s +r +h
attrib c:\windows\sws.dll +s +r +h
attrib c:\windows\sws32.dll +s +r +h

-------------------------------------------

I just tidied it up a little bit. Modify Group Policy There has been a registry written by me. Please copy the following to the text. Modify the reg suffix to import.

------------------------------------------------

Windows Registry Editor Version 5.00

[Hkey_current_user\software\microsoft\windows\currentversion\group Policy objects\ Local user\software\microsoft\ Windows\currentversion\policies\ Explorer\disallowrun]
"**delvals." =" "
"1" = "0Sy.exe"
"2" = "1.com"
"3" = "1Sy.exe"
"4" = "2Sy.exe"
"5" = "3Sy.exe"
"6" = "5Sy.exe"
"7" = "Exerouter.exe"
"8" = "exp10rer.com"
"9" = "finders.com"
"Ten" = "finders.com"
"One" = "Kill.exe"
"A" = "Logo1_.exe"
"A" = "Rundl132.exe"
"A" = "rundll32.exe"
"A" = "Shell.sys"
"All" = "Smss.exe"
"He" = "Smss.exe"
"A" = "Sws.dll"
"A" = "Sws32.dll"
"A" = "Tool.exe"
"The" = "Tool2005.exe"
"All" = "Tool2006.exe"
"A" = "Tools.exe"
"VDll.dll" = "the"

Attachment:Viking.rar(462 K)