stubborn virus

"Download antivirus Software" 1, mobile phone poisoning The first thing we are downloading installation 360 housekeeper or other mobile phone housekeeper, and then to kill the virus. "For Antivirus" 1, open the download good housekeeper, you can find the "virus killing" this function 2, the use of anti-virus software, we can carry out the killing

1. Open Antiarp Sniffer, check the right "management" column is automatically get the gateway address, if not obtained, then manually enter the gateway address, and then click "Take Mac". MAC address acquisition and then click "Automatic Protection"! As shown in figure:screen.width-500) this.style.width=screen.width-500; "Border=0>2. After running for a period of time, if the pop-up prompts said "found ARP spoofing packets", you can in the "cheat data detailed records" See "Spoofing MAC Address"

" (do not play it automatically or double-click it !)Delete the SXS.exe and autorun. inf files.For the first time in history, I encountered such a stubborn virus. I found it online and did not have a uniform name. Rising was called the Trojan. PSW. QQPass. pqb virus. Let me call it the sxs.exe virus. After the system i

PsKill Msns.exe echo "Kill Msns the virus that paralyzed the network ... jb51.net" echo "shuts down process 10 ..." echo "shuts down process 9 ..." echo "shuts down process 8 ..." echo "shuts down process 7 ..." echo "shuts down process 6 ..." echo "Kill Msns the virus that paralyzed the network ... jb51.net" Attrib-h-s-r-A%windir%\system32\msns.exe Del%windir%\system32\msns.exe regedit/s./msns.reg echo "sh

Today, the company's computer in the virus, Kabbah and 360 can not run, because it is an XP system, so I thought of using tasklist and taskkill implementation of the deletion method, the specific method Copy Code code as follows: Run-->cmd.exe First use tasklist >>list.txt to get the PID value of the virus Then using taskkill/f/t/pid PID value, /f is mandatory termination, /t because the

Recently, the Auto virus in the U disk flooding, several friends have recruit, and then summed up a small skill, although not how good, but basically can be auto virus prevention, of course, special variants except, methods are as follows: You can in your USB disk or mobile hard drive to create a new autorun file, Because according to the laws of the computer, there can be no two identical names under the s

In the past, it was often said that it was okay to reinstall the system if the system was poisoned. But now, this sentence will be history. In March 15, the Kingsoft security lab named"GhostingComputer virus. The virus is parasitic on the disk Master Boot Record (MBR). Even if the system is formatted and reinstalled, the virus cannot be cleared. When the system r

The popularity of the internet has made our world a better place, but it has also made people unhappy. When you receive a message with the theme "I Love You", when you click on an attachment with a mouse that is almost shaking with excitement, when you browse a trusted Web site and find it very slow to open each folder, do you realize that the virus has broken into your world? May 4, 2000 in Europe and the United States outbreak of "love Worms" networ

Today, a classmate has a virus in his computer, but there are many important things in the computer, such as virus-style Autorun. INF is a stubborn old virus. As long as the deletion is not clean, it will immediately copy and implant everything in the computer into such a file, which is usually in the root directory, w

Today encountered a virus, the code is not much, but the use of a function of the small loophole, the lethality is really amazing.Reprint Please specify source: http://blog.csdn.net/u010484477 Thank you ^_^This virus is normal in front:Socket->bind->listen This process, we allBelow I would like to elaborate on its attack mode:while (1){Nsock =Accept(sock, (struct sockaddr *) v10, (socklen_t *) v9);//wait to

The recent website hangs the horse comparison verification, my computer also super card, proposed everybody next 360safe,File name: Image. Jpg-www.photobucket.comFile Size: 10752 bytesAV name: (No, haha ' because all over ')Adding shell mode: UnknownWritten Language: DelphiVirus type: IRCBotFile Md5:0e404cb8b010273ef085afe9c90e8de1Behavior:1. Release virus copy:%systemroot%\system32\rpmsvc.exe 10752 bytesC:\Documents and settings\%users%\local setting

1. Disconnect the network (necessary) 2. End the virus process %system%\drivers\spoclsv.exe 3. Delete virus files: C:\windows\system32\drivers\spoclsv.exe Note: Open C disk to the right key-fight, otherwise the man will failed, repeat 2 steps! 4. Modify registry settings and restore the "Show All Files and folders" option: [Copy to Clipboard] CODE: [Hkey_local_machine\software\microsoft\windows\currentversi

As early as a few years ago, some precognition netizens lamented: How can a person not win a bid if they are online. Nowadays, computer tricks are common. In the face of the surging virus and Trojan horses, anti-virus software and firewall are naturally indispensable. But sometimes there are still a lot of stubborn elements that just rely on anti-

\microsoft\windows\currentversion\run/f 23413 Sc.exe start Diskregerl Del "C:\WINDOWS\Media\Windows XP started. wav" Del "C:\WINDOWS\Media\Windows XP Information Bar. wav" Del "C:\WINDOWS\Media\Windows XP pop-up window blocked. wav" REGSVR32.EXE/S C:\windows\system32\Programnot.dll Ping 127.0.0.1-n 6 Del "C:\Documents and Settings\ lonely more reliable \ Desktop \oky.exe"/F 22483 17213 Date 2008-04-02 Time 08:21:33 Del%0 Exit The second one: 25187 6133 226902537319477 2819720092 404 Ping 127.0.0

AV name: Jinshan Poison PA (win32.troj.unknown.a.412826) AVG (GENERIC9.AQHK) Dr. Ann V3 (Win-trojan/hupigon.gen) Shell way: not Written Language: Delphi File md5:a79d8dddadc172915a3603700f00df8c Virus type: Remote control Behavioral Analysis: 1, release the virus file: C:\WINDOWS\Kvmon.dll 361984 bytes C:\WINDOWS\Kvmon.exe 412829 bytes 2, modify the registry, boot: HKEY_LOCAL_MACHINE\S

Latest virus Combination Auto.exe, game theft Trojan download manual killing The following is a virus-enabled code Microsofts.vbs Copy Code code as follows: Set lovecuteqq = CreateObject ("Wscript.Shell") Lovecuteqq.run ("C:\docume~1\admini~1\locals~1\temp\microsofts.pif") Trojan Name: TROJAN-PSW/WIN32.ONLINEGAMES.LXT Path: C:\WINDOWS\system32\k11987380222.exe Date: 2007-12-27 14:54

Download the Filemonnt software to do file operation monitoring. Point the monitoring target to the temp directory, monitor the create to find which file generated the batch of TMP virus, and finally discover that the program file that generated them is: DWHwizrd.exe, this program file is Norton's Upgrade Wizard!!! In the absence of words .... No wonder today I deleted Norton, again reload when found that the status has been waiting for updates, p

\plugins\ directory, you should find New123.bak and new123.sys two files; View your C:\Documents and settings\administrator\local settings\temp\ directory, Should find Microsoft.bat this file, you can use Notepad to open the Microsoft.bat file, found that mention an EXE file (the specific name will be different), you will also find this in the directory EXE file; If the above two steps you do not find the appropriate file, please change your file view to do not hide the known file suffix, and in

Characteristics: 1, after running Notepad.exe,%systemroot%system32 set up random naming folder 935f0d, Release C:\WINDOWS\system32\935F0D\96B69A. Exe 2, in the%userprofile%"Start menu \ program \ startup icon for the folder file name is a space shortcut, point to C:\windows\system32\935f0d\96b69a.exe 3, add boot to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, point to C:\windows\system32\935f0d\96b69a.exe 4, download the virus yun_qi_img/o.g

Behavior: 1. To release a file: C:\WINDOWS\system\SERVICES. EXE 65536 bytes C:\WINDOWS\system\SYSANALYSIS. EXE 65536 bytes C:\WINDOWS\system\explorer.exe 976896 bytes 2. To delete a backup file: C:\WINDOWS\system32\dllcache\explorer.exe 3. Overwrite system files: C:\WINDOWS\explorer.exe When the system starts, execute the virus body first, then execute C:\WINDOWS\system\explorer.exe. 4. Rename file as: explorer.exe608924508094788, as Backup 5. Try