EndurerOriginal
2006-12-232Supplementary Revision2006-12-221Version
Yesterday afternoon, an error message box pops up after a friend's computer connected to the USB flash drive, prompting that disk A or something could not be found. After the USB flash drive is closed, it is called again. Let me help you.
Use WinRAR to open the USB flash drive and find the fileAutorun. infAndSss.exe, Which is generated immediately after deletion.
Download hijackthis and procview from http://endurer.ys168.com.
Ru
Rundl132.exe RichDll.dll Solutions for Sunway variants
The variant has not been jiangmin and Cabacha killed, and several special kill to find a can repair EXE file!
After the virus runs, access the network to download multiple Trojan programs (F1.exe,f2.exe,f3.exe,f4.
Weijin variant rundl132.exe richdll. dll Solution
This variant has not been detected and killed by Jiang min and Kabbah. After several excludes, you can find one to kill and repair the EXE file!
After the virus runs, access the network to download multiple Trojans
Program Running) and running! Generate the following Virus File (the current virus is abnormal ):
C: \ Documents and Settings \ your USERNAME \
viruses use the new name and then create the autorun. inf file to infect the USB flash drive. However, for users with high security awareness, using this method to determine whether their USB flash drives are infected is not a problem.
AUTORUN. INF virus information MVS.exe Dropper. VB. acd
LaunchCd.exe Trojan. VB. vwp
Tel.xls.exe Worm. VB. lv
Ghost.exe,conime.exe Trojan. DL. Agent. blr
Autorun.exe Trojan.
I. Theoretical Basis
Friends who often use CDs know that many CDs run automatically when they are put into the optical drive. How do they do this? The CD will be automatically executed as soon as it is put into the optical drive, mainly depending on * two files, one is the autorun. inf file on the CD, and the other is one of the system files of the operating system itself, cdsealing. VxD. Cdsealing. VxD will detect whether there is any action in the
Autorun. inf and its command details
We already know that you can use intellirun. inf to specify the icons and running files automatically loaded on the CD,In fact, autorun. inf is very useful,The following describes the application of autorun. inf in detail.
Learn about autorun. infWhat is
also allows the hard disk to run programs automatically. The method is very simple. Open notepad, right-click the file, and select "RENAME" in the pop-up menu ", rename it AutoRun. inf, in AutoRun. type the following content in inf:
[AutoRun] // indicates that the AutoRun part starts and must be entered
Icon = C:/C. i
"section" must start with the section name. The section name must be enclosed in brackets [], and the section name is the command in this section.Autorun. inf supports three sections, including [Autorun], [Autorun. Alpha], and [deviceinstall]. Only [Autorun] must exist.Instance applicationNow let's take an instance to learn in detail what the
One: Software download and installation
Users can download the software from the black and white network. After downloading the compressed package decompression, double-click the name "AutoFireWall.exe" executable file, pop-up main interface as shown:
Figure I
Second: Software use
Software includes monitoring information, firewall settings, and other modules.
Click "View Monitor Record", will pop up a notepad record.
Autorun virus Firewall
According to the author: in view of the full introduction of autorun on the Internet. there are not many articles about the inf function. I found an autorun article on the official Microsoft website's official website, called "inf. description of inf in English. This article is written by the translator and the author himself. (Thanks to the excellent articles provided by the author)
======= I am a separato
AUTORUN. The INF is one of the more common files used in our computer to allow you to run a specified file automatically when you double-click the disk. The computer Autorun.inf virus, what should do? WinXP system Autorun.inf How to delete it? The following small series for everyone to bring WinXP system delete the Autorun.inf folder method. Come and have a look!
Method/Step:
1, the folder is a stubborn folder, the use of the deletion function can
In the previous article, Autorun is very useful. The trouble is that others may use it to do bad things. Someone else may use it to run his dangerous program, steal information or even destroy the device, or even your own Autorun may be infected with viruses. One way to deal with this is to put Autorun in a directory that is not easy to guess and give it a strang
, prohibited, disabled by default)32: Optical Drive Device (CDROM, disabled by default)64: virtual storage device (RAM, which is not recommended by default)128: other drives not specified (Reserved bits are recommended. disabled by default)3. The autorun. inf file is divided into three parts: [Autorun] [Autorun. Alpha] [deviceinstall].[
system security.
Autorun. inf can be exploited by viruses in four ways.
1.opendomainfilename.exe
Run automatically. However, for many XP SP2 users and Vista users, Autorun has become AutoPlay and will not run it automatically. A pop-up window will pop up asking you what to do.
2. shellautocommand#filename.exe
Shell = Auto
Modify the context menu. Change the default item to the startup Item of the virus. Ho
Trojan. DL. win32.autorun. yuz, Trojan. win32.inject. gh, Trojan. win32.agent. zsq, etc.
EndurerOriginal2007-10-231Version
Pe_xscan 07-08-30 by Purple endurer2007-10-22 13:13:44Windows XP Service Pack 2 (5.1.2600)Administrator user group
C:/Windows/system32/winlogon.exe * 604 | MICROSOFT (r) Windows (r) Operating System | 5.1.2600.2180 | Windows NT logon application | (c) Microsoft Corporation. all rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803
autorun. ini will also be executed. The notepad.exe function is that when you enable the USB flash disk
After any folder, it will hide your folder and generate an EXE file with the same name as the hidden folder.
That is, the structure of the virus is the same as that of notepad.exe.
Summarize the characteristics of the virus:
This is also a USB Flash Drive autorun
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.