Prevent VIKING virus attacks using the nest of JIU zhange

I never use anti-virus software, mainly because it occupies system resources and is poisoned at ordinary times. It is also manually cleared.

However, it was recently harassed twice by a virus named VIKING. The biggest "advantage" of this virus is that it will automatically find some EXE files on your hard disk (as if they were random) and append them. (This worm virus was a headache in DOS, and a dir infected the entire directory .) In this way, even if you clear the virus in the memory, it does not matter, because you always need to run the exe file on the computer.

Upload these three files.

After the experiment, vdll.dllinjection into exeplorer.exeis completed by logocmd.exe. Virus will be automatically added to rundl132.exe

Virus is also a program, as long as it does not run space, it will be very good.

WINDOWS has a protection mechanism for program files in the memory. With this feature, you can execute two programs that are mandatory for starting the system before the virus exists, in this way, the virus cannot produce its own children.

My method:

1. Clear the virus file and vdll. dll in the memory. You can use the DOS platform or ICESWORD.

2. Ensure that only several processes are running at startup.

Three steps: Rename logocmd.exe to the windows directory, and execute it immediately. Then add it to the Registry and start the system.

Copy the ctfmon.exeunder windowssystem32to the Windows directory, rename it rundl132.exe, and execute it immediately.

Success !!! The two children with viruses are named "logo=.exe,rundl132.exe" because they are occupied by you first, they have to die in their mother's stomach. Wow, haha. (Isn't it cruel? If you can't bear it, let them out)

This virus will make some of your EXE unable to run normally. If a software cannot run normally, you can reinstall it and the virus will no longer have a chance.