viper virus

Today encountered a virus, the code is not much, but the use of a function of the small loophole, the lethality is really amazing.Reprint Please specify source: http://blog.csdn.net/u010484477 Thank you ^_^This virus is normal in front:Socket->bind->listen This process, we allBelow I would like to elaborate on its attack mode:while (1){Nsock =Accept(sock, (struct sockaddr *) v10, (socklen_t *) v9);//wait to

The recent website hangs the horse comparison verification, my computer also super card, proposed everybody next 360safe,File name: Image. Jpg-www.photobucket.comFile Size: 10752 bytesAV name: (No, haha ' because all over ')Adding shell mode: UnknownWritten Language: DelphiVirus type: IRCBotFile Md5:0e404cb8b010273ef085afe9c90e8de1Behavior:1. Release virus copy:%systemroot%\system32\rpmsvc.exe 10752 bytesC:\Documents and settings\%users%\local setting

1. Disconnect the network (necessary) 2. End the virus process %system%\drivers\spoclsv.exe 3. Delete virus files: C:\windows\system32\drivers\spoclsv.exe Note: Open C disk to the right key-fight, otherwise the man will failed, repeat 2 steps! 4. Modify registry settings and restore the "Show All Files and folders" option: [Copy to Clipboard] CODE: [Hkey_local_machine\software\microsoft\windows\currentversi

Niang xipi, I haven't written an article for a long time. I am so lazy. Today I will introduce the manual anti-virus service. I will talk about it in the group very early. Let's take a look at it in detail today.First of all, the premise is that your system partition is NTFS. If not, alas, uncle, you have already fallen behind a lot. Change it now (except cracker)What is the most disturbing thing about viruses? Nnd is the starting method, day, in the

1. manually delete the following files: % Program Files % \ common files \ safedrv.exe% Documents and Settings % \ Administrator \ rkoxe. DRV (random file name)% Documents and Settings % \ Administrator \ lrqkv. DRV% SystemRoot % \ system32 \ drivers \ DRV. sysX: \ infected run. inf (X is the infected drive letter)X: \ safedrv.exe 2. manually delete the following registry items: HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet \ Services \ oneData: ImagePathValue: system32 \ drivers \ DRV. sysHKEY_LOCAL

　　In general, viruses are hidden in the following three ways: 1, steal a single character change 2, the replacement system in the corresponding process name 3, the virus to run the required DLL file into the normal system process 　　Second, how to identify the virus process 1, the common virus process name is the use of such a naming method: The system in the

File:19.exe size:33495 bytes File version:0.00.0204 Modified:2007 year December 29, 21:23:18 md5:4b2be9775b6ca847fb2547dd75025625 Sha1:2660f88591ad4da8849a3a56f357e7dfb9694d45 crc32:2a485241 Writing language: VB 1. After the virus runs, the following copies and documents are derived: Quote: %systemroot%\debug\debugprogram.exe %systemroot%\system32\command.pif %systemroot%\system32\dxdiag.com %systemroot%\system32\finder.com %systemroot%\system32\ms

Virus name: Trojan-psw.win32.qqpass.ajo (Kaspersky)Virus alias: WORM.WIN32.PABUG.CF (Rising), win32.troj.qqpasst.ah.110771 (Poison PA)Virus size: 32,948 bytesAdding Shell way: UPXSample MD5:772F4DFC995F7C1AD6D1978691190CDESample sha1:e9d2bcc5666a3433d5ef8cc836c4579f03f8b6ccAssociated virus:Transmission mode: Through malicious Web page transmission, other Trojan d

This tool is a fully automated virus cleanup tool, and for the help of the caller, only one profile can be imported to complete the virus removal tool. Very simple to use: 1. Import from clipboard or file import repair instructions 2. Restart execution to The reason why there is no official version, because of its full automatic cleaning may contain bugs, Beta released three versions, after a certai

A few days ago back to school to hand over the paper, a lot of students on the computer on the virus, Kabbah, rising also old kill not clean, then everyone through the Internet to find information and consult some experts, finally resolved, and now share the experience with you: 1, delete the "Virus Component release" program: "%WINDOWS%\SYSTEM32\LOADHW. EXE "(Window XP system directory is:" C:\WINDOWS\Sys

Copy the following to Notepad, save as Pandakiller.bat, and then double-click Pandakiller.bat. This script not only has the effect of purging, but also prevents the virus from creating its associated programs again. Also note that in order to take care of the vast majority of users, this script has been removed from the general htm,html,asp,aspx,jsp,php file, which will not cause the loss of the pages in your favorites (because it's just a shortcut),

Script virus: TROJAN.DL.VBS.AGENT.CPB (file name is K[1].js) always appears in the Internet temporary files, rising monitor kill again, so repeatedly! I tried to empty the temporary files, but when I open the Web page (no matter which pages), the k[1].js will be monitored by the rising. What the hell is going on here? Is it a false alarm? The Web page exploits ms06-014 vulnerabilities, downloads http://day.91tg.net/xp.dll to C:\WINDOWS\winhelp.dll, a

1, generating files %windows%\win32ssr.exe 2, add Registry Startup entry HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WIN32SR "ImagePath" = "%windows%\win32ssr.exe" 3, other Download the virus%systemroot%\docume~1\admini~1\locals~1\temporary the Internet Files folder and copy it to C:\U.exe and execute it. 4, the following virus files are generated after performing C:\U.exe: %windows%\system32\d

Tags: padding goto ble hooks linu type cat glibc exitDisinfect.c/* * = compile: * Gcc-o2 disinfect.c-o disinfect *./disinfect Linux virus virus detoxification

\microsoft\windows\currentversion\run/f 23413 Sc.exe start Diskregerl Del "C:\WINDOWS\Media\Windows XP started. wav" Del "C:\WINDOWS\Media\Windows XP Information Bar. wav" Del "C:\WINDOWS\Media\Windows XP pop-up window blocked. wav" REGSVR32.EXE/S C:\windows\system32\Programnot.dll Ping 127.0.0.1-n 6 Del "C:\Documents and Settings\ lonely more reliable \ Desktop \oky.exe"/F 22483 17213 Date 2008-04-02 Time 08:21:33 Del%0 Exit The second one: 25187 6133 226902537319477 2819720092 404 Ping 127.0.0

AV name: Jinshan Poison PA (win32.troj.unknown.a.412826) AVG (GENERIC9.AQHK) Dr. Ann V3 (Win-trojan/hupigon.gen) Shell way: not Written Language: Delphi File md5:a79d8dddadc172915a3603700f00df8c Virus type: Remote control Behavioral Analysis: 1, release the virus file: C:\WINDOWS\Kvmon.dll 361984 bytes C:\WINDOWS\Kvmon.exe 412829 bytes 2, modify the registry, boot: HKEY_LOCAL_MACHINE\S

Latest virus Combination Auto.exe, game theft Trojan download manual killing The following is a virus-enabled code Microsofts.vbs Copy Code code as follows: Set lovecuteqq = CreateObject ("Wscript.Shell") Lovecuteqq.run ("C:\docume~1\admini~1\locals~1\temp\microsofts.pif") Trojan Name: TROJAN-PSW/WIN32.ONLINEGAMES.LXT Path: C:\WINDOWS\system32\k11987380222.exe Date: 2007-12-27 14:54

Download the Filemonnt software to do file operation monitoring. Point the monitoring target to the temp directory, monitor the create to find which file generated the batch of TMP virus, and finally discover that the program file that generated them is: DWHwizrd.exe, this program file is Norton's Upgrade Wizard!!! In the absence of words .... No wonder today I deleted Norton, again reload when found that the status has been waiting for updates, p

\plugins\ directory, you should find New123.bak and new123.sys two files; View your C:\Documents and settings\administrator\local settings\temp\ directory, Should find Microsoft.bat this file, you can use Notepad to open the Microsoft.bat file, found that mention an EXE file (the specific name will be different), you will also find this in the directory EXE file; If the above two steps you do not find the appropriate file, please change your file view to do not hide the known file suffix, and in

A new type of genetic scanning antivirus software. More than 22000 types of viruses and Trojan horses can be prevented and cleared, including various highly complex and variant viruses. It was once the first anti-virus software to eradicate the onehalf virus in 1994 and is well known in Europe. Dr. Web can quickly respond to various word viruses and isolate and clarify them. What's new in Dr. Web anti-