Pandatv/thousand oak/AVG kill tool set

Source: Internet
Author: User

· My123. com virus removal tool
· Wow information exclusive tool V1.0
· Pandatv/thousand oak/Weijin kill tool set
· Manual removal of 3448 viruses
· Tools for fixing IIS errors
· Help process, how to send logs, analysis and auxiliary tools!

Since the above software is a security forum thing, you must register all the most recent virus software collections.
Download

The test showed that the above software could not be used. download the latest
This humorous and destructive virus is probably a lot of tricks recently. Let's take a look at this technical analysis:
I. What are the variants of pandatv?

The full path of the supervisor process is % SystemRoot %/Driversspoclsv.exe. The other part is basically the same as that of variant.

The major change of Variant C is to combat anti-virus software, especially the killing of super patrol police. The old version of the virus was built into the tool list by 360 security guard. Variant C closes the window by searching for the title of the window containing the words "Super patrol". Even if a new text file named "Super patrol" is created on the desktop, the window is closed in notepad. As a result, many netizens download the old version of kill and complain that it will be disabled when it is opened.

At the same time, pandatv also closes other common process management processes, such as common Windows Task Manager. The method to deal with this variant is to use a disabled process for management, the use of X-PS is recommended, and instructions for use. You can also download the latest super patrol to use the exclusive killer.
Variant D is a recent variant. After the variant is infected with a file, the icon is not like a panda. When the variant is infected, 100 Icon files are found in the temporary directory. There are other variants that are used to modify and Download versions of different backdoors to avoid detection and removal.

2. Damage to the system:

In an infected system, pandatv disables the antivirus software process, deletes the registry project of the antivirus software, disables the antivirus software service, and modifies the resource manager to disable hidden files.

The following command is also called to delete sharing:
Cmd.exe/c net share C $/del/y
Cmd.exe/c net share D $/del/y
Cmd.exe/c net share admin $/del/y
....

The old variant will completely infect the system file, and the new variant will infect files other than the system directory, that is, try not to infect the Microsoft operating system's own files.

Both new and old variants will delete. gho. Generally, after the system is installed, Norton Ghost will be used for backup. pandatv will maliciously Delete this backup file.

One of the variants will also generate desktop _. ini in the infected directory.

The biggest damage is that pandatv itself is a type of downloader that downloads backdoor, Trojan, various hacker programs, and even DDoS programs on a specified website.

3. Why can't I clean it up? How can I thoroughly scan and kill it:

Some people use the super patrol and the "pandatv" Special killer to clean up a machine, but soon they found that the infection was caused by pandatv burning incense after infecting a system, enable a separate thread to scan for C-type network infections, access port 139/445 of the same network segment, perform IPC $ password cracking and search for sharing, and infect files in the sharing. In this way, as long as there is a host in the network and there is a surviving pandatv virus, there is still the possibility of another infection across the network.

Many of my friends have file sharing servers and movie servers on the network. Many netizens use empty passwords or simple passwords like 123 to facilitate system logon.

Internet Explorer in the LAN is not infected with viruses. It is not known that websites with pandatv are infected with viruses.

The methods for killing are as follows:

1. Disconnect the network and use pandatv to kill the virus.
2. Change the password to cancel the local shared directory.
3. After the detection and removal are completed, use the super patrol patch to check that the system does not have any patches. patch the system in time, especially the IE patch.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.