After running the virus sample, automatically copy the copy to the%systemroot% directory
%systemroot%\flashplay.dll
%systemroot%\ge_1237.exe
X:\flashplay.dll
X:\readme.txt.exe
X:\autorun.inf
X refers to a non-system drive letter
%systemroot% is an environment variable,
To run the Ie,%systemroot%\ge_1237.exe connection network:
IP Address: 125.91.104.177 port is: 80
IP Address: 59.45.180.5 port is: 37
IP Address: 221.238.249.18 port is: 80
About pop-up free song, point to URL: http://img2.uiuni.com/ivr/all/index.html?uid=2722
Workaround:
1. Run the IceSword---settings---prohibit thread creation---Force uninstall is inserted into the Explorer.exe process and the C:\WINDOWS\system32\flashplay.dll of the iexplore.exe process
%systemroot%\flashplay.dll
%systemroot%\ge_1237.exe
Remove the non-system drive letter
X:\flashplay.dll
X:\readme.txt.exe
X:\autorun.inf
Precautions:
When you use IceSword to remove the X:\readme.txt.exe, the desktop process is automatically aborted, after the deletion is complete, unblock the thread creation, use: Ctrl+ait+del pull out the Task Manager, select the file--new task--Bring up the desktop process: Explorer.exe
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
