Home > Others

U disk virus VistaAA.exe Manual killing method _ virus killing

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Modified:2008 year May 8, 18:52:32
md5:7009ac302c6d2c6aadede0d490d5d843
sha1:0e10da72367b8f03a4f16d875fea251d47908e1e
crc32:dce5ae5a

After virus runs:
1. Release a sbl.sys to the%system32%\drivers below, and copy a cover Beep.sys, then load the drive, restore SSDT hook, resulting in some anti-virus software active defense function failure.

2. End the process of many anti-virus software and security tools
Such as:

Quote:
360rpt.exe
360Safe.exe
360tray.exe
Avp.com
KASMain.exe
KASTask.exe
KAV32.exe
KAVDX.exe
KAVPFW.exe
Rav.exe
RavMon.exe
RavMonD.exe
...


3. Copy yourself under \config\systemprofile\ and%system32%

4. Start an IE process, connect the network
To http://***.kjxs.com/tj.asp for infection statistics

Download Http://***.kjxs.com/liehuo.rar to%system32%\contxt.dat the file should be a list of Trojans to download
But the link has expired.

5. Image hijacking a lot of anti-virus software and security tools and some other popular viruses:

Quote:
360rpt.exe
360Safe.exe
360tray.exe
45.exe
5784dfgi.exe
Adam.exe
AgentSvr.exe
Appdllman.exe
AppSvc32.exe
Auto.exe
AutoRun.exe
Autoruns.exe
Avgrssvc.exe
AvMonitor.exe
Avp.com
Avp.exe
CCenter.exe
CcSvcHst.exe
Cross.exe
Dfcxfg.exe
Discovery.exe
FileDsty.exe
FTCleanerShell.exe
FuckAAAAAAA.exe
Guangd.exe
HijackThis.exe
IceSword.exe
Iparmo.exe
Iparmor.exe
IsPwdSvc.exe
Kabaload.exe
Kascrscn.scr
KASMain.exe
KASTask.exe
KAV32.exe
KAVDX.exe
KAVPFW.exe
KAVSetup.exe
KAVStart.exe
Kernelwind32.exe
KISLnchr.exe
KMailMon.exe
KMFilter.exe
KPFW32.exe
KPFW32X.exe
KPFWSvc.exe
KRegEx.exe
Krepair.com
KsLoader.exe
Kvcenter.kxp
KvDetect.exe
KvfwMcl.exe
Kvmonxp.kxp
Kvmonxp_1.kxp
Kvol.exe
Kvolself.exe
Kvreport.kxp
KVSrvXP.exe
Kvstub.kxp
Kvupload.exe
Kvwsc.exe
Kvxp.kxp
KWatch.exe
KWatch9x.exe
KWatchX.exe
Loaddll.exe
Logogo.exe
MagicSet.exe
Mcconsol.exe
Mmqczj.exe
Mmsk.exe
NAVSetup.exe
Nod32krn.exe
Nod32kui.exe
Pagefile.exe
Pagefile.pif
PFW.exe
PFWLiveUpdate.exe
QHSET.exe
Ras.exe
Rav.exe
RavMon.exe
RavMonD.exe
RavStub.exe
RavTask.exe
RegClean.exe
Regedit. Exe
Regedit32. Exe
Rfwcfg.exe
RfwMain.exe
RfwProxy.exe
Rfwsrv.exe
RsAgent.exe
Rsaupd.exe
Runiep.exe
Safelive.exe
Scan32.exe
SDGames.exe
Servet.exe
Shcfg32.exe
SmartUp.exe
Sos.exe
SREng.exe
SSDtDiscovery.exe
Symlcsvc.exe
SysSafe.exe
Taskmgr.exe
Tnt. Exe
TrojanDetector.exe
Trojanwall.exe
Trojdie.kxp
TxoMoU.Exe
U.exe
UFO.exe
UIHost.exe
UmxAgent.exe
UmxAttachment.exe
UmxCfg.exe
UmxFwHlp.exe
UmxPol.exe
UpLive.EXE
USBoot.exe
WoptiClean.exe
Wsyscheck.exe
XP.exe
Xxxdgfdfg.exe
Zxsweep.exe
~.exe


6. Create a Registry Startup Project
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<LoveHebeAA><C:\WINDOWS\system32\vistaAA.exe>
The purpose of booting itself up

7. Create a timer every 1800 seconds to start the virus itself

Purge method:

1. Restart Computer access
In Safe Mode (after Power-on press F8 key and then come out an advanced menu to select the first safe mode to enter the system)
Open Sreng:
Start the Project registry delete the following items

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<LoveHebeAA><C:\WINDOWS\system32\vistaAA.exe>

Delete all red Ifeo items

2. Delete the following file C:\WINDOWS\system32\vistaAA.exe

3. Use antivirus software to remove virus download other Trojan

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
what s killing android battery what s killing android battery process destroy not killing process fbi virus manual removal killing season a e season 2 u know if phone has virus mac startup disk almost full virus

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More