Service Windowsremote
Startup type: Automatic
Display Name: Windows Accounts Driver
Also a trojan download but the download link is invalid
After the complete action of the virus, the Sreng log is as follows:
Service
Code:
[A good DownLoad CAHW/ANHAO_VIP_CAHW] [Running/auto Start]
[Windows Accounts Driver/windowsremote] [Stopped/auto Start]
==================================
Autorun.inf
[C:\]
[Autorun]
Virus name: TROJAN.DELF.RSD MD5 216a3783443fc9c46fe4d32aa13c390f
After running the virus sample, automatically copy the copy to the%systemroot% directory
%systemroot%\flashplay.dll
%systemroot%\ge_1237.exe
X:\flashplay.dll
X:\readme.txt.exe
X:\autorun.inf
X refers to a non-system drive letter
%systemroot% is an environment variable,
What's inside Autorun.inf:
[Autor
Just repeatedly tested several versions, DF of the above version is all worn ...
Completely crazy ing .... Currently, only a few sites can be blocked on the route .... Look forward to the emergence of the master!
Sample sent up .... Say you can't penetrate yourself first Test
Overall protection, the system is completely open, without any restrictions! Now do not know why some systems do not wear ~
Immediately after running, look at the startup item.
The
System Folder content" and "show all files and folders ", deselect the "Hide extensions of known file types" check box. After this check box is set, the general hidden files are displayed.
3. Open "my computer" and go to the root directory. Experience tells us that this is not to be opened directly by double-clicking. Right-click the drive letter and you will see that the first item is "Auto" (normally "open "), select "Resource Manager" to enter the disk root directory.
Obviously, a file is ad
Nowadays, we often see "Autorun. if you double-click the disk partition icon with the mouse, the corresponding partition window cannot be opened, then we can almost conclude that the local computer system has been infected with the flash drive virus that has been very rampant recently. inf file, as long as we double-click the flash disk partition icon, the virus
:004086CD Align 10h
.upack:004086d0; Char s_systemcontr_3[]
. upack:004086d0 s_systemcontr_3 db ' System\controlset001\services\wuauserv ', 0
.upack:004086d0; DATA xref:sub_407cf4+3e7 o
. UPACK:004086F7 Align 4
.Upack:004086f8; Char s_systemcontr_4[]
. Upack:004086f8 s_systemcontr_4 db ' SYSTEM\CONTROLSET002\SERVICES\AVP ', 0
.Upack:004086f8; DATA xref:sub_407cf4+41d o
Image hijacking for n-plus security tools, System programs, and antivirus software (IFEO)
Because too much is not listed, and
tool to repair the infected exe file. Install windows patches in a timely manner.
6. Clear html, asp, php, and so on. The following code is contained in all webpage files: (To prevent code propagation from being modified in three ways, please "." For ".")
Batch cleanup of malicious code:
You can use Dreamweaver to replace them in batches.
How to use Dreamweaver batch replacement
You can download and use BatchTextReplacer for batch replacement.
An enterprise deployed with Symantec Anti
" (do not play it automatically or double-click it !)Delete the SXS.exe and autorun. inf files.For the first time in history, I encountered such a stubborn virus. I found it online and did not have a uniform name. Rising was called the Trojan. PSW. QQPass. pqb virus. Let me call it the sxs.exe virus.
After the system i
The following is an analysis report on the latest variant of the extremely rampant AUTO virus in the past two days:
I. Behavior OverviewThis EXE is a virus download tool that will:1) Calculate the service name, EXE and DLL file name by referring to the serial number of the system drive C.2) Place AUTO virus autorun. i
Virus program source code instance analysis-example code of CIH virus [2] can be referred to push eax; block table size
Push edx; edx is the offset of the virus code block table
Push esi; buffer address
The total size of the merged virus code block and virus code block ta
Special finishing a auto Autorun.inf desktop.ini sxs.exe auto.exe virus Manual processing complete skills, you can see the image set method, let auto Autorun.inf desktop.ini Auto.exe Virus Nowhere to hide
Recently, a number of viruses, the performance of:
1, under each partition will have three files, the property is hidden, file name is: autorun.inf,desktop.in,sxs.exe, which EXE file is a
A few days ago, rising company found through "cloud security" system data analysis that the online popular "Storm 1" (Worm. script. VBS. autorun. be) the amount of virus infection continues to grow. During January 1-3, 50 thousand computers were infected, and the growth rate was still accelerating. According to reports, after the virus is infected, the computer w
Introduction to the typical "Valentine's Day" virus
1. Valentine's Day (VBS. Valentin) virus
Valentine's Day (VBS. Valentin) virus is a virus that can write love letters. It encrypts itself with the scripting encryption engine and inserts it into the HTML file, which produces a vir
"Introduction to the Software"
U disk virus also known as Autorun virus, is through the Autorun.inf file to make each other's hard disk completely shared or Trojan virus. With the U disk, mobile hard disk, memory card and other mobile storage devices, USB disk virus also fl
what is a U disk virus?
U disk virus as its name implies is transmitted through U disk virus. U disk virus also known as Autorun virus, is through the Autorun.inf file using [1] All the hard disk is completely shared or Trojan
Any viruses and Trojans exist in the system, can not completely and process out of the relationship, even if the use of hidden technology, but also can find clues from the process, therefore, viewing the process of the system activity is the most direct way to detect the virus Trojan. But the system runs at the same time so many processes, which is the normal system process, which is the process of Trojans, and often by
First, let the virus disappear from the directory
We start with the directory where the virus resides, and if the virus has a separate directory like normal software, then we can smile a little bit--the virus is weaker. When you check the directory's creation time, you can tell when you dyed the poison and you may fin
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.