Virus Specific analysis
File:SFF.exe
size:36864 bytes
File version:2.00.0003
md5:248c496dafc1cc85207d9ade77327f8b
sha1:b32191d44382ed926716671398809f88de9a9992
Crc32:8c51aaab
Writing language: Microsoft Visual Basic 5.0/6.0
The virus generates the following files
%system32%\svchost.com
Add under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Add key value Svchost point to%system32%\svchost.com
For the purpose of booting up
Generate SFF.exe and Autorun.inf under each partition root directory
In order to achieve through the U disk and other mobile storage transmission purposes
Keep writing to the Clipboard
"China Network game Trojan Plug Technology Encyclopedia http://www.hack1314.com Consulting qq:39722181" information (pictured below)
Virus Specific analysis
File:SFF.exe
size:36864 bytes
File version:2.00.0003
md5:248c496dafc1cc85207d9ade77327f8b
sha1:b32191d44382ed926716671398809f88de9a9992
Crc32:8c51aaab
Writing language: Microsoft Visual Basic 5.0/6.0
The virus generates the following files
%system32%\svchost.com
Add under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Add key value Svchost point to%system32%\svchost.com
For the purpose of booting up
Generate SFF.exe and Autorun.inf under each partition root directory
In order to achieve through the U disk and other mobile storage transmission purposes
Keep writing to the Clipboard
"China Network game Trojan Plug Technology Encyclopedia http://www.hack1314.com Consulting qq:39722181" information (pictured below)
The virus body has the word "p~,. Silly * ... An angry youth who hates China and Canada.
Virus Manual Removal Method:
Start your computer into Safe mode
(After the boot constantly press F8 key and then come out an advanced menu to select the first safe mode into the system)
Open Sreng
Start the Project registry delete the following items
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[NOBODY]
Double click on my Computer, tools, Folder Options, view, click to select "Show hidden files or folders" and clear the "Hide protected operating system files (recommended)" Front of the hook. When prompted to determine the changes, click Yes and then OK, click the folder button below the menu bar (search for the right button), right-click on the C disk (System disk) Click "Open" to open the C disk (System disk) as shown below:
Delete the following file
%system32%\svchost.com
SFF.exe
Autorun.inf
Right-click on the other disk letter click Open to open another disk
Delete the other packing directory
SFF.exe and
Autorun.inf
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
