The "pandatv" virus has undoubtedly become the most popular keyword on the Internet recently. on the Internet, you can find many solutions to the pandatv virus. These methods are not perfect, in addition, there are many variants of pandatv, which further compromises the effectiveness. Kingsoft anti-virus experts provide a complete solution for users infected with pandatv.
Virus Name:
Chinese: pandatv (also known as Wuhan boys)
English: Worm. WhBoy
More than 50 variants have been found
Typical Performance:
After virus infection, many. EXE file icons are found to become fragrant pandatv, which is also the origin of the virus name. Some variants are no longer using this well-known icon. Some variants can be updated directly through the Internet, and some variants can infect html, html, asp, php, jsp, aspx, and other webpage format files. If a web server is infected, it means that all computers browsing these web pages may automatically download and be infected with the pandatv virus.
This series of variants will release the following typical files:
Under the root directory of the partition: setup.exe‑autorun.infure‑system‑fuckjacks.exe, % System % Drivers
Spoclsv.exe
GameSetup.exe in LAN environment
Virus behavior:
1. Delete the startup items or services of commonly used anti-virus software in the Registry and terminate the process of anti-virus software. This involves almost all anti-virus software currently.
2. Terminate the processes of some security auxiliary tools, such as IceSword and Task Manager taskmon.
3. The final dimension of Log service is logo=.exe1_logo_1.exe1_rundl123.exe.
4、weak Syntax: crack the account number of administroron another computer on the local network, and use gamesetup.exe for replication and propagation.
5. Modify the registry key value, so that you cannot view hidden files and system files.
6. In addition to the C drive directory, the virus will try to destroy the .exe and ,. com ,. gho ,. pif ,. scr file, the virus will not infect the files in the following directory (leave us a chance to solve this virus, please refer to the description below ).
WINDOW,Winnt,System Volume Information,Recycled,Windows NT,Windows Update,Windows MediaP,Outlook Express,Internet Explorer,NetMeeting,Common Files,ComPlus Applications,Messenger,InstallShield Installation Information,MSN,Microsoft Frontpage,MovieMaker,MSN GaminZone
|
7. The virus deletes a file with the extension gho. This file is a backup file of the System Backup Tool GHOST, which causes the loss of your system backup file.
Solution:
1. The preferred exclusive killing tool
The exclusive killer tool is the best effective solution and can handle Known variants. The disadvantage is that after there are new variants, the exclusive killer also needs to be updated. We recommend that you go to www.xiongmaoshaoxiang.com to download and kill.
2. Online Anti-Virus
Because of the special nature of pandatv, antivirus software may be infected, and the virus may try to end the process and service of the antivirus software, but the virus does not infect IE, you can use a browser to load the online anti-virus control to clear viruses. You can try shadu.duba.net.
3. restart the system to the secure mode with network connection. Upgrade anti-virus software to prevent viruses. You can click Start, Run, enter msconfig, open the System Configuration Utility, click the BOOT. INI tab, and modify it. Then, restart the system to enter the Secure Mode with network connections.
4. manually clear
Because pandatv is an infectious virus, manual removal is quite troublesome. The manual removal solution released by netizens can only end the virus process manually. A program that has been infected with the pandatv virus is running, they will try again. The following describes how to manually stop a virus process and fix the registry key:
A. Disconnect the network, disable the NIC, or unplug the network cable;
B. End the virus process. Because the task manager and IcdSword cannot run, it is difficult to implement the virus-infected machine. Recommended to http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/
ProcessExplorer. mspx downloads a Process Explorer backup. It is depressing that the optical cable is not repaired and the download speed on the official website is very slow. You can download it from Sina, huajun, and skylist. And end with this tool.
C. Search for and delete the following virus execution files on the local computer:
Under the root directory of the partition: setup.exe, autorun. inf (this is not a virus, but it exists to double-click the disk to automatically call the virus program, it is recommended to delete it)
%System%Fuckjacks.exe;%System%Driversspoclsv.exe
|
D. Start --> Run-> enter regedit. After confirming, open the Registry Editor and delete the startup Item created by the virus:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"FuckJacks"="%System%\FuckJacks.exe[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"svohost"="%System%\FuckJacks.exe"
|
[HKEY_LOCAL_MACHINESoftwareMicrosoftwindowsCurrentVersionexplorerAdvancedFolderHiddenSHOWALL]
|
E. Fix or reinstall the anti-virus software to restore the registered key value deleted by the virus and the anti-virus software.
F. Finally, update the full scan of the anti-virus software to fix the infected EXE program and webpage files. Note that webpage editing requires you to protect your edited Web documents and protect your Web servers. If you find that your website upload files are infected with viruses, you should delete them in time and upload them again.
For the prevention of this virus, please refer to the method described on www.xiongmaoshaoxiang.com, or see the http://www.duba.net/zt/panda/ here. Note: The updated Kingsoft drug overlord has integrated the immune function for the pandatv virus, which can prevent the pandatv virus.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
