· my123.com virus Killing tool
* Wow, information kill tool V1.0
* Panda Incense/thousand oak/Sunway Kill Tools Collection
• Manual killing of 3448 virus methods
· Repair Tool after error in IIS
• Help flow, how to send logs, analysis and auxiliary tools!
Since all of the above software is a security forum thing, cut must register all the latest virus software collections that have been provided
Download
The test found that the above software can not use AH download the latest
This humorous and destructive virus is probably a lot of recent tricks to look at this technical analysis:
How many varieties do pandas burn incense?
So far, in general, there are four major variants, variant A We have analyzed, see this edition, Variant B is what we often say the spoclsv.exe process, it hides the full path is:% Systemroot%/driversspoclsv.exe, The other parts are basically consistent with variant A.
Variant c The main change is against anti-virus software, especially the Super patrol, the exclusive killing of the old version of the 360 security guards built into the list of tools. Variant C by looking up the window title has Super Patrol Word, that is, close the window, even on the desktop to create a new text file called Super Patrol, open with Notepad will also be closed. So many netizens downloaded the old version of the kill, complaining that the open was closed.
At the same time, Panda incense virus also closes some other common process management, such as the common Windows Task Manager. The way to deal with this variant is to use a process that is not closed, recommend the use of X-ps, download the address and instructions for use: http://www.unnoo.com/html/research/2006/0718/29.html, Turn off the process named Spoclsv.exe. Then in the use of police patrol, of course, can also download the latest Super patrol use inside the special kill to killing.
Variant d is a recent variant that infects files after the icon is not in the panda shape, and when infected the variant will find 100 icon files in the temp directory. There are other variants that are basically designed to avoid killing to modify and download different back-door versions.
Ii. damage to the system:
Panda incense in the infected system, will shut down the anti-virus software process, delete anti-virus software registry entries, disable anti-virus software services, modify the resource manager does not show hidden files and so on.
The following command is also invoked to remove the share:
CMD.EXE/C net share C $/del/y
cmd.exe/c net share d$/del/y
cmd.exe/c net share admin$/del/y
....
Old variants will completely infect system files, and new variants will infect files outside the system directory, that is, as much as possible without infecting the Microsoft operating system itself.
The old and new variants will be deleted. Gho, the General people will be installed after the system, using Norton Ghost for backup, Panda will maliciously delete this backup file.
One of the variants will also generate Desktop_.ini in the infected directory.
The biggest damage is that panda incense itself is a kind of download, will be in the designated Web site download backdoor, trojan, all kinds of stolen code procedures, and even DDoS programs.
third, why can not clear clean, how to completely killing:
Someone used the Super patrol and patrol Panda after the killing, will be a machine to kill clean, but soon found infection, this is because, panda incense after infected with a system, open a separate thread for C-class network scan infection, access to the same network segment of 139/445 ports, for ipc$ password guess and find shares, and infect files in the share. So long as the network has a machine and live panda incense virus, there will still be the possibility of infecting the whole network again.
Many friends in the network are file-sharing server, movie server, and many users of the network in order to facilitate the system login password is empty password, or 123 such a simple password.
There is an IE in the LAN did not hit the virus, browse hung Panda Incense Virus website, do not know.
The method of killing is:
1, disconnect the network, the use of Super Police patrol panda burning incense, each machine full antivirus.
2, modify the password, cancel the local share directory.
3, after the completion of the use of Super Patrol after the check system does not play patches, timely patch, especially IE patches.
