Wowexec.exe relatively simple method of killing (Poison PA is Wowexec.exe Kill tool) _ Virus kills
Source: Internet
Author: User
Note: Wowexec.exe is a system process, but if preceded by a space, it is a virus.
Wowexec.exe Virus Solution:
1, download Poison PA, and upgrade to the latest virus library, into safe mode, turn off System Restore, killing the virus, download the address:: http://www.duba.net, to avoid infection virus variants, causing documents or photos were broken;
The general first step can solve the problem, we recommend that you install 360, so that the function of adding the registry is gone, the following operation is not necessary.
2, delete the virus registry key value, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Key Name: MSIEXEC key value: "wowexec.exe"
The Trojan also adds the following key values to the registry to store its own settings:
Hkey_classes_root\zpwd_box
Hkey_classes_root\zpwd_box tmupgrade_p dword:41bfabb0
Hkey_local_machine\software\classes\zpwd_box
Hkey_local_machine\software\classes\zpwd_box tmupgrade_p dword:41bfabb0
3, download avg Trojan Kill tool, upgrade virus library, enter Safe mode, turn off System Restore function, carry out overall antivirus.
Process files: wowexec or Wowexec.exe
Process name: Microsoft windows on Windows Execution process
Produced by: Microsoft Corp.
Belongs to: Microsoft windows on Windows Execution Process
This process can be preceded by a space, a virus please refer to the following information: Beware of the latest Qq.email worm
Virus Name: Email-worm.win32.vb.ac
File Size: 13.279k
Writing language: Microsoft Visual Basic
Shell type: Upx-scrambler rc1.x->
Nearly two days, many QQ users often received by others sent QQ Mail, please be careful not to open the view, in order to avoid the Trojan.
The worm uses the text icon and the. txt.exe extension to disguise itself, inducing the user to execute the worm. Wowexec.exe will access the 163 mailbox number: 163com[20030606], ip:202.108.44.153, and get the upgrade information. Port: 110
User Wdboxup
Password: shengjile password Jie Ba is a more harmful trojan, you can get a variety of timely communication software, EMAIL, network games, internet banking, ie entered a variety of passwords and so on and add registry startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Key Name: MSIEXEC key value: "wowexec.exe"
The Trojan also adds the following key values to the registry to store its own settings:
Hkey_classes_root\zpwd_box
Hkey_classes_root\zpwd_box tmupgrade_p dword:41bfabb0
Hkey_local_machine\software\classes\zpwd_box
Hkey_local_machine\software\classes\zpwd_box tmupgrade_p dword:41bfabb0
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
