Jinshan Poison PA 2008 The official introduction of technical information looks very beautiful, the actual face of the virus, and what? Going to get a virus experience. Virus samples are in a forum to get the little ladybird, the virus almost at the same time with panda incense and AV terminator virus characteristics, all infected EXE will become Green ladybug icon, the virus will modify a lot of system configuration, using image hijacking or other means forcibly shut down antivirus software.
test Environment:
WinXP SP2, Jinshan poison fighter 2008 Official download version (virus library 12.5)
Test steps:
1. Take a look at this ladybug first
2. Try Jinshan Poison PA 2008 can be Ladybug virus kill, deliberately shut down Jinshan poison PA upgrade function, test result is Jinshan poison PA, net Dart, clean expert all safe and sound. After poisoning, restart the system, Jinshan poison PA is still functioning normally, the purpose of the virus hijacked poison PA was not achieved.
3. After the phenomenon of poisoning, beginners may only be formatted to reload a path.
A) The control panel is missing.
Sometimes, a bug in the virus cannot completely hide the control Panel, and when you open the Control Panel item, the following error is reported:
(b) Task Manager, Registry Editor is locked
When you run regedit, you are prompted:
C All disks are fully shared, which is implemented by the virus using the net share command, and the virus attempts to share all drives.
D The Ladybug also created three shortcuts per disk root directory, and three shortcuts to the virus program itself.
e) Virus Infection In addition to the system Tray EXE program, but the virus infection is not successful, is implemented by the coverage, the infected EXE, one eye is seen, the original function of the program is lost. Like the panda, the infected EXE is full of ladybug icons.
f) There are more changes to the virus, specifically to see the detailed analysis of the virus:
http://bbs.duba.net/thread-21863367-1-1.html
4. See I use Jinshan poison PA 08 and cleanup experts to solve
A The first step, first try to upgrade the poison PA, look at the beginning of the test, the virus library version is 12.5, upgrade to the latest, immediately overall antivirus. At the same time, you can proceed to the next step.
(b) Using the cleaning expert's system repair, check the startup items, and hide the results after the known security entries:
c to see the full test, here omitted a lot of image hijacking items to make screenshots clear, after hiding the known security items, you can find the virus Modified file association, added a driver.
D now poison PA 08 Comprehensive drug search has been reported, first found a few malware, obviously, the little Ladybug ran after the download installed more malware, some of the features and AV terminator almost the same, was judged to find AV terminator.
Current 1/3 page
123 Next read the full text