"Gold" Virus file
Virus Name: WORM.VIKING.M
Chinese name:
Wiking (also known as: Sunway)
Threat Level: ★★★
Virus type: Worm
Affected Systems:
Win 9x/me,win 2000/nt,win Xp,win 2003
Five counts of "gold" virus
First crime: infecting system files
cause system damage, and manual removal difficulties;
The second crime: Download the vicious Trojan
Theft of Warcraft, legendary account, gray pigeon backdoor make the system completely controlled by hackers, qqrobber virus, etc.
Third crime: Multi-channel network communication mode
Through the infection file, LAN sharing to spread;
Crime Four: Mandatory disabling of domestic well-known anti-virus software
Reduce safety, easy to infect other virus;
Sin V: multiple variants
In a few days, multiple variants have emerged.
"Infection system files, local area network spread and manual removal difficulty is the main cause of the virus large area of infection," Jinshan Poison PA Technical director Chen Lui in summing up the "gold (WORM.VIKING.M)" Virus hazards emphasized. For example: User A uses a peer-to-peer software, in this Peer-to-peer software sharing directory, a large number of common tool software installation programs (executable programs, such as: WinRAR, FlashGet, and other software installation program), when the "gold" attack User A's system will infect these installer programs. At this point, User B downloads These installers exactly from the shared directory of User A, and if the installation infects the virus. Therefore, the file infection virus, in the network age and found the spread of space. Since the virus is a kind of running under Windows platform, integrated "executable file Infection", "network Infection", "Download network Trojans and other viruses" complex virus, if the user unfortunately infected with the virus, will face system paralysis, net silver, online games account stolen, important information leakage and other multiple threats.
First end Rundl132.exe, Rundll32.exe, Logo_1.exe and other unfamiliar processes, delete the registry startup keys in the virus key values and relative to the folder in the virus files, and then use kill tools to remove the virus (the latest version of the rising support to kill the virus, or the use of special killing tools) , and the last is to delete the _desktop.ini file. The virus will generate a file named _desktop.ini in each folder, from the hard disk partition can not be searched, folder Search Delete too laborious, so here to use a batch command del c:\_desktop.ini/f/s/q/a, The function of this command is to clean up the remaining files in the system after killing the Viking virus, and to explain:
Force delete _desktop.ini files in all directories (including the D disk itself) under D disk and do not prompt for deletion
/F Force deletion of read-only files
/q Specifies the mute state. Do not prompt you to confirm deletion
/s Deletes the specified file from the current directory and all subdirectories. Displays the file name that is being deleted
/A is deleted by attribute
Use the method is start/Run/cmd.exe, enter the above command, you can first delete the _desktop.ini in C disk, and then delete the _desktop.ini file in the other partition.
At this point, the worm.viking virus on the machine caused by all the elimination of the Impact!