1. Run Autorun. BAT to perform drive letter immunity (including USB flash drives)
2. Run de-Autorun.bat to relieve drive letter immunity (including USB flash drive)
3. The fourth line of the Autorun. BAT and de-Autorun.bat filesCodeIn (c d e f g h I j) indicates the drive letter,You can add or delete a drive letter based on your computer.
Welcome to my blog: http://hi.baidu.com/ycosxhack.
By cosine fu
needs, such as "Open U disk Directory", "Running ppt", "Running QQ" and so on. In addition to the input text to change the title, you can also give the button to specify a personalized BMP icon, just click on "Bitmap", and then select the appropriate icon.
④ Select a button, click the blank area of click Action in the Object Inspector, and a Drop-down menu pops up. You can define an action for this button by selecting seven actions such as "Open File", "Open url", "Send Mail", "Play Sound", "P
it was probably because the PE file checked the shell with PEID and saw 4:
Sure enough, I guess this is not a folder, but a PE file, that is, a file, but an icon disguised as a folder.
The author of this virus is still very good at thinking about spreading the virus. I admire this expert.
However, the author is "Kind", but only hides your folder and does not delete or destroy the content in the folder.
(Don't look for me, the virus ran into my USB flash drive, and I was helpless, so the dishes
Trojan. DL. win32.autorun. yuz, Trojan. win32.inject. gh, Trojan. win32.agent. zsq, etc.
EndurerOriginal2007-10-231Version
Pe_xscan 07-08-30 by Purple endurer2007-10-22 13:13:44Windows XP Service Pack 2 (5.1.2600)Administrator user group
C:/Windows/system32/winlogon.exe * 604 | MICROSOFT (r) Windows (r) Operating System | 5.1.2600.2180 | Windows NT logon application | (c) Microsoft Corporation. all rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803
Create a file named autorun. inf in the root directory (the suffix must be. inf) and edit the following content (note the format ):
[Autorun]Shellexecuteappsnotepad.exe
Use the task manager to unzip assumer.exe "and double-click the disk. Is it in notepad :)
In fact, the principle of "autorun. inf virus" is similar ~
Preventive measures (transfer ):
You may
Most common USB flash drives are immune to the registry, and directories with special file names are generated on the USB flash drives. Provides an alternative dynamic immune method.
The specific memory string in the Shell32.dll module of the Process Explorer can achieve the dynamic immunity automatically executed by the USB flash drive.
Shell32.dll version: 6.0.2800.1873
Imagebase: 7CD00000
. Text: 7CD8A162 push eax; lpString1. Text: 7CD8A163 call ds: lstrcpynW. Text: 7CD8A169 push offset aAuto
ubuntu14.04 boot Autorun application-ydt_lwj column-Blog channel-csdn.net
Under Ubuntu there are many ways to start the program automatically, in the different process of booting can launch different programs. If you run the program automatically at boot-up, it is modified by placing the
???? /ETC/RC or
???? /ETC/RC.D or
???? /etc/rc?. D
?? The script file in the directory allows Init to start other programs automatically. For example: Edi
When ravmone.exe "...... The mysterious ghost in the root directory, the killer of system security, is called the "USB flash drive virus ". Countless Windows users are focusing on them. This article is a summary of your research on the USB flash drive virus and lessons learned from the fight against the USB flash drive virus.
All systems after Windows 95 have an "Auto Run" function. Read the Autorun. inf file to get the custom icons of the volume in E
Release files
Copy codeThe Code is as follows: % Program Files % \ Internet Explorer \ PLUGINS \ Autorun. inf
% Program Files % \ Internet Explorer \ PLUGINS \ pagefile. pif
% Program Files % \ Internet Explorer \ PLUGINS \ WinNice. dll
X: \ Autorun. inf (X is a non-system disk with other drive letters)
X: \ pagefile. pif
Add registry information, such as a startup ItemCopy codeThe Code is as follows:
An Autorun virus exclusive firewall was found on the Internet and is a green version.
A small tool used to defend against the autorun virus, you can easily put your computer in monitoring the autorun virus. The firewall intercepts the inserted USB device in real time and detects it. If a virus is detected, the firewall will simply scan and kill the device. Then,
Situation
All the keys on the right run, and the 8-bit xxxxxx.exe and autorun. inf files appear under each disk.
Virus attacks such as viruses and Trojans are disabled on the Internet, and nod32 and other antivirus methods cannot be enabled.
Software
You cannot view hidden files. solution:
Method 1: Modify the Registry File (Save the following file in OK. reg) and run it.
Copy codeThe Code is as follows: Windows Registry Editor Version 5.00
[HKEY_LOC
Four, this is I think testng very good point ~ ~ ~ really great, testng there is a way, so that users can be in the testng XML file and directly into the code, but there are drawbacks, if you forget to pass,,, the code will directly ignore this methodSpecifically, this is@Parameters ({"URL", "PORT"})@Test (groups = {"Checkintest"})public void TestMethod4 (String url,string PORT) { System.err.println ("
At present, U disk virus is very serious situation, almost all with virus USB disk, the root directory has a autorun.inf. The right key menu has more "AutoPlay", "Open", "Browser" and other items. Because we are accustomed to using a double click to open the disk, but now we double-click, usually not open u disk, but let the program set up in the Autorun.inf automatically play. So it's quite troublesome for many people. In fact, there are 4 ways in which autorun.inf is used by viruses
Open=file
U disk again in the Autorun virus, really annoying! Is there a simple anti-virus method? Here's a trick to teach you.
First insert the U disk, then create a new text document, add the following in it:
@echo on
Taskkill/im explorer.exe/f
Taskkill/im W.exe
Start reg add hkcusoftwaremicrosoftwindowscurrentversionexploreradvanced/v showsuperhidden/t reg_dword/d 1/f
Start reg Import Kill.reg
Del c:autorun.*/f/q/as
Del%systemroot%system32autorun.*/f
. Always use absolute paths when creating links.3. The focus of this approach is not that test is stored in the/ETC/INIT.D directory (typically we will have the script automatically started with the system in this directory), but instead the link file created S900test placed in the/ETC/RC.D/RC3.D directory.Reason:1. Operating level:[Email protected] rc.d]# RunLevelN 32.inittab Default configuration:L0:0:WAIT:/ETC/RC.D/RC 0L1:1:WAIT:/ETC/RC.D/RC 1L2:2:WAIT:/ETC/RC.D/RC 2L3:3:WAIT:/ETC/RC.D/RC 3 (
Worm program worm. win32.autorun. DG Solution
Virus name
Worm. win32.autorun. DG
Capture Time
2007-10-14
Virus symptoms
The virus is a worm program written in Delphi. It is 25,600 bytes in length, the icon is a regular executable file icon, and the virus extension is exe.
Virus analysis
After the worm program is activated, the internat.exe file is generated in the % SystemRoot % \ systemdirectory, which is
Today, the autorun. inf folder is displayed under each disk on the computer. You can use this method to quickly delete the folder. If you have any problems, try it.The method is as follows:Assume that the autorun. inf folder is in disk D. The operation is as follows: Open start, select Run, Enter CMD, and open the command line
In the command line window, enter the following command:Step 1: Enter D and
The network found a autorun virus to kill the firewall and is a green version
A small tool for defense against Autorun virus, it is very convenient for your computer to be in the monitoring Autorun virus. The firewall will intercept the inserted USB device in real time, detect it, and if there is a virus, it will make a simple killing, and then automatically ejec
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.