Recently used Super rabbit detection of suspicious procedures Microsoft.exe, located in C:\WINDOWS\system32, in the process after the shutdown and appeared in the process, in the Safe mode after the deletion, the heavy start again! ~ ~ Is this a virus?
Microsoft-microsoft.exe-Process Information
Process files: Microsoft or Microsoft.exe
Process name: Gaobot Virus www.sstorm.cn our permanent domain name!
Process Name: Microsoft.exe is a takanami Gaobot virus related program. The virus exploits Windows LSASS vulnerabilities and creates a buffer overflow that causes the system to shut down. More information refer to Microsoft website: http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx Producer: unknown N/A
Belongs to: Gaobot Virus
System process: No
Background program: Yes
Use Network: Yes
Hardware Related: No
Common error: unknown n/A
Memory usage: unknown N/A
Security Level (0-5): 4
Spyware: No
Advertising software: No
Virus: Yes
Trojan: Yes
*************************************************
How to disinfect it?
Solution:
First start Sreng Use the Ice blade (set prohibit into thread creation) end the following program
IceSword Basic Use
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
