regsvr32 virus

Virus files include: 608769M. BMP crasos.exe Kernelmh.exe servet.exe ntmsoprq.exe RpcS.exe compmgmt.exe upxdnd.dll mppds.dll cmdbcs.dll Wsttrs.exe Ngr.exe iexpl0re.exe rundl132.exe update3.exe Servere.exe newinfo.rxk Removal Method: First, clear IE temporary files: Open IE point tool->internet option->internet temporary file-> point "delete Files" button-> will "delete all offline content" tick-> point "OK". Delete the following registry key with Sre

Releasing files Copy Code code as follows: %program files%\internet Explorer\plugins\autorun.inf %program files%\internet Explorer\plugins\pagefile.pif %program files%\internet Explorer\plugins\winnice.dll X:\Autorun.inf (x is not a system disk other letter) X:\pagefile.pif Add registry information such as Startup items Copy Code code as follows: Hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] { 06a68ad9-ff6

suspect a Trojan or virus, or if the system starts too slowly, use this tool to look at the startup item. The first time you run, the font displayed is very uncomfortable, please go to the menu "Options"-"font" set the font to "Arial" 9th, then no problem. Link: http://www.sysinternals.com/Files/Autoruns.zip V8.11 version download page: http://www.skycn.com/soft/17567.html QUOTE: Startuplist 1.52.1 Description: Foreign

"Download antivirus Software" 1, mobile phone poisoning The first thing we are downloading installation 360 housekeeper or other mobile phone housekeeper, and then to kill the virus. "For Antivirus" 1, open the download good housekeeper, you can find the "virus killing" this function 2, the use of anti-virus software, we can carry out the killing

1. Open Antiarp Sniffer, check the right "management" column is automatically get the gateway address, if not obtained, then manually enter the gateway address, and then click "Take Mac". MAC address acquisition and then click "Automatic Protection"! As shown in figure:screen.width-500) this.style.width=screen.width-500; "Border=0>2. After running for a period of time, if the pop-up prompts said "found ARP spoofing packets", you can in the "cheat data detailed records" See "Spoofing MAC Address"

PsKill Msns.exe echo "Kill Msns the virus that paralyzed the network ... jb51.net" echo "shuts down process 10 ..." echo "shuts down process 9 ..." echo "shuts down process 8 ..." echo "shuts down process 7 ..." echo "shuts down process 6 ..." echo "Kill Msns the virus that paralyzed the network ... jb51.net" Attrib-h-s-r-A%windir%\system32\msns.exe Del%windir%\system32\msns.exe regedit/s./msns.reg echo "sh

Today, the company's computer in the virus, Kabbah and 360 can not run, because it is an XP system, so I thought of using tasklist and taskkill implementation of the deletion method, the specific method Copy Code code as follows: Run-->cmd.exe First use tasklist >>list.txt to get the PID value of the virus Then using taskkill/f/t/pid PID value, /f is mandatory termination, /t because the

Recently, the Auto virus in the U disk flooding, several friends have recruit, and then summed up a small skill, although not how good, but basically can be auto virus prevention, of course, special variants except, methods are as follows: You can in your USB disk or mobile hard drive to create a new autorun file, Because according to the laws of the computer, there can be no two identical names under the s

Script virus: TROJAN.DL.VBS.AGENT.CPB (file name is K[1].js) always appears in the Internet temporary files, rising monitor kill again, so repeatedly! I tried to empty the temporary files, but when I open the Web page (no matter which pages), the k[1].js will be monitored by the rising. What the hell is going on here? Is it a false alarm? The Web page exploits ms06-014 vulnerabilities, downloads http://day.91tg.net/xp.dll to C:\WINDOWS\winhelp.dll, a

1, generating files %windows%\win32ssr.exe 2, add Registry Startup entry HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WIN32SR "ImagePath" = "%windows%\win32ssr.exe" 3, other Download the virus%systemroot%\docume~1\admini~1\locals~1\temporary the Internet Files folder and copy it to C:\U.exe and execute it. 4, the following virus files are generated after performing C:\U.exe: %windows%\system32\d

Tags: padding goto ble hooks linu type cat glibc exitDisinfect.c/* * = compile: * Gcc-o2 disinfect.c-o disinfect *./disinfect Linux virus virus detoxification

Have you ever had a virus? Despite the endless emergence of new viruses, there are not many viruses that ordinary users can truly "experience". They are nothing more than catastrophic shock waves and heartbeats, the QQ tail virus is also confusing by friends. When the system encounters a very "typical" virus phenomenon, it is very likely that it encounters a "pse

After you select the "show hidden files" option, you will find that a file on the USB flash drive disappears immediately. When you enable the folder option, the "hidden file not displayed" option is still found. Another window will be opened when you click drive letter icons such as C and D! Condition description 1. Hidden Files cannot be displayed; 2. When you click drive letter icons such as C and D, another window is opened; 3rd, when using winrar.exe, we found that the CIDR root directory co

Trojan Horse is a remote control of the virus program, the program has a strong concealment and harm, it can be unnoticed in the state of control you or monitor you. Some people say, since the Trojan is so powerful, then I can not be far away from it! However, this trojan is really "naughty", it can be no matter whether you welcome, as long as it is happy, it will try to get into your "home"! Ah, that also got, hurry to see their own computer there i

1, release the virus file: C:\WINDOWS\Help F3C74E3FA248.dll 143872 bytes F3C74E3FA248.exe 74532 bytes 2. Add Startup items: Registrykey:hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks Registry value: {1dbd6574-d6d0-4782-94c3-69619e719765} Type:reg_sz 3, using hook technology to record the mouse, keyboard operation, stealing online games account password. 4. Release: C:\windows\1.bat Deletes i

Trojan Horse brute force removal to remove the following files: 　　 Quote: C:\WINDOWS\system\1sass.exe C:\WINDOWS\System32\DRIVERS\2pwsdor.sys C:\WINDOWS\system32\drivers\k87wovjoq.sys C:\WINDOWS\system32\xswfgklsjnspp.dll and use Sreng to remove the corresponding service items and drivers, as follows: －－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－ Start Project-> service-> Win32 Service Application-> Select Hide Microsoft Services and delete the following name: 　　 Quote: [Rising Protected Storage/ris

Today encountered a virus, the code is not much, but the use of a function of the small loophole, the lethality is really amazing.Reprint Please specify source: http://blog.csdn.net/u010484477 Thank you ^_^This virus is normal in front:Socket->bind->listen This process, we allBelow I would like to elaborate on its attack mode:while (1){Nsock =Accept(sock, (struct sockaddr *) v10, (socklen_t *) v9);//wait to

The recent website hangs the horse comparison verification, my computer also super card, proposed everybody next 360safe,File name: Image. Jpg-www.photobucket.comFile Size: 10752 bytesAV name: (No, haha ' because all over ')Adding shell mode: UnknownWritten Language: DelphiVirus type: IRCBotFile Md5:0e404cb8b010273ef085afe9c90e8de1Behavior:1. Release virus copy:%systemroot%\system32\rpmsvc.exe 10752 bytesC:\Documents and settings\%users%\local setting

1. Disconnect the network (necessary) 2. End the virus process %system%\drivers\spoclsv.exe 3. Delete virus files: C:\windows\system32\drivers\spoclsv.exe Note: Open C disk to the right key-fight, otherwise the man will failed, repeat 2 steps! 4. Modify registry settings and restore the "Show All Files and folders" option: [Copy to Clipboard] CODE: [Hkey_local_machine\software\microsoft\windows\currentversi

We will use the code to practice a antivirus program, clear the readable and writable program, scan the program's signature, and delete the virus. # Include "stdafx. H "# include" Scandisk. H "# include" scandiskdlg. H "# ifdef _ debug # define new debug_new # UNDEF this_filestatic char this_file [] = _ file __; # endifuint threadproc (lpvoid PARAM) {cscandiskdlg * Scandisk = (required *) param; cstring part; int I = 0; int Cy = Scandisk-> m_disk.g