Panda Incense virus has undoubtedly become the most popular Internet keyword, online can also find a lot of panda incense virus solutions, these methods are imperfect, coupled with a lot of pandas, the effectiveness of a discount. A relatively complete program is provided here for your reference.
Virus information
Chinese name: Panda Incense virus (also known as Wuhan Boys), English name (Worm.whboy), the current number of varieties found more than 50.
Virus typical Bad performance:
1. Infected with the virus found more EXE file icon into the point of Incense Panda, which is the origin of the virus name, now found that some of the variants are no longer using this well-known icon.
2. Some variants can be updated directly via the Internet, and some variants can infect, in addition to. exe files, web format files such as htm,html,asp,php,jsp,aspx.
3. Once the Web server is infected, it will mean that all computers browsing these pages may automatically download and infect the panda incense virus.
4. This series of variants will release the following several typical files
Partition root directory:
Code:setup.exe, Autorun.inf,%system%fuckjacks.exe;%system%driversspoclsv.exe
LAN Environment: GameSetup.exe
Virus behavior:
1. Remove commonly used anti-virus software in the registry of the startup items or services, terminate the process of antivirus software, almost all of the current anti-virus software involved
2. Terminates the process of part of the security aids, such as IceSword, Task Manager Taskmon.
3. Terminate the related process of the Logo1_.exe, Logo_1.exe, Rundl123.exe.
4. Weak password cracked other computers on the LAN Administror account number, and GameSetup.exe replication transmission.
5. Modifying registry keys causes hidden and system files to be viewed.
6. The virus attempts to destroy some of the. exe,. com,. Gho,. pif,. scr files under other partitions, except for C disk, which does not infect files in the following directory (give us a chance to resolve the virus, please see the description below).
Code
Window,winnt,system Volume information,recycled,windows NT,
Windows update,windows mediaplayer,outlook express,internet Explorer,
Netmeeting,common Files,complus Applications,messenger,installshield
Installation Information,msn,microsoft Frontpage,moviemaker,msn Gaminzone.
7. The virus deletes the file with the extension Gho, which is a backup file of the system Backup tool Ghost, which causes the user's system backup files to be lost.