Virus name (in Chinese):
Virus alias:
Threat Level: ★★☆☆☆
Virus type: Trojan Horse program
Virus Length: 23040
Impact System: WIN9X\WINNT
Virus behavior:
The virus is a Trojan that steals users ' information such as the game account and password. The Trojan runs, copies itself to the system folder, by writing and executing Dela.bat deletes itself and runs the virus copy in the System folder, records and mails the name of the gods and passwords, computer names, operating systems and other information, so that the user's interests of the seal of God are lost.
1, generating files
%system%\fsservice.exe
% current directory%\dela.bat (from delete)
2, modify the registration form
Hklm\software\microsoft\windows\currentversion\policies\explorer\run
911= "%system%\fsservice.exe"
3, disable anti-virus software and other processes
Assistse.exe
Ravmon.exe
Ravtimer.exe
Rfw.exe
Kavpfw.exe
Kpfwsvc.exe
Kavstart.exe
Kwatch.exe
Kavplus.exe
Mailmon.exe
Kpopmon.exe
Kwatchui.exe
Kavsvc.exe
Kvapfw.exe
Kvfw.exe
Kvmonxp.kxp
Kvsrvxp.exe
Kvxp.kxp
Kvcenter.kxp
Defwatch.exe
Rtvscan.exe
CcApp.exe
Ccsetmgr.exe
Vptray.exe
Passwordguard.exe
Eghost.exe
Iparmor.exe
Pfw.exe
Teregpct.exe
Dfvsnet.exe
Netbargp.exe
Nmain.exe
Navw32.exe
Kavsvcui.exe
Kav32.exe
4, other
The virus is able to detect ollydbg and other debugging software is running, is to terminate its own process to achieve self-protection.