"Recently found a strange phenomenon, my system time is always changed to 1980, changed back after the computer automatically changed back." I asked a friend, said that the motherboard battery is dead, I bought a new battery installed also did not fix, yesterday unexpectedly found QQ was stolen. The user, Mr. Zhang reluctantly said.
Jinshan Poison PA Anti-Virus expert Dai Guangjin said, recently similar to Mr. Zhang's encounter more, the virus tampering system time, because the time after the modification is 1980, so many netizens call it "1980 virus". The virus adjusts the system time the goal is shuts down the anti-virus software the monitoring function, then downloads the gray pigeon to run in the backstage, like this, your machine at the same time 1980 and the gray Pigeon two virus. Infected with the gray pigeon virus, remote attackers can be very easy to steal the user's QQ number.
It is understood that 1980 virus in the network has been popular for some time, and has led to a large number of users of the computer system time has been tampered with, the Forum on the virus to help the post is also everywhere, but because of the destructive and no panda incense and other viruses so bad, so the network has no relevant complete solution, This brings a lot of trouble to the user's removal, the following is Jinshan poison PA antivirus experts for 1980 of the detailed analysis of the report and the solution, I hope to be able to infect the virus users help!
Virus behavior:
The virus is a download Trojan and will reset the system time to April 23, 1980, and running the virus will download and execute a gray pigeon virus. After the ash pigeon, your system will be controlled by people remotely.
1, the generated file is C:/sxs2.exe, and its properties are set to hidden.
2. Add system Startup items to ensure that each boot virus program is automatically executed.
4, download the installation of Gray pigeon from the following path
Http://drsunbo.go2.icpcn.***/network.exe
5, in other partitions to generate Autorun.inf configuration files, even if you unbearable, reload the system, the next time you double-click another disk, restart the virus.
----------------------------------
[Autorun]
Open=sxs2.exe
Shellexecute=sxs2.exe
Shell/auto/command=sxs2.exe
---------------------------------
Manually clean the virus, first in the process to find and end the Sxs2.exe, Network.exe process, search the hard disk Sxs2.exe, network.exe files, found all deleted. Modify the registry to restore the display of hidden files as follows.
Remove the CheckedValue key created by the virus, right-click the new--dword value-named CheckedValue, and then modify its key value of 1, 16, and click OK to refresh and exit the registry, so you can choose to display all hidden files and display system files.
If the system is not very familiar with the proposal to install Jinshan poison PA 2007 After the killing, you can also log in shadu.duba.net use online anti-virus solution.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
