The new QQ tail, the temptation to confuse netizens, click on the link in the message, download the operation will be in the recruit, after poisoning will continue to send similar messages to friends. The following are detailed analysis reports and manual removal methods:
Virus Name: worm.qqtaileks.ds.36864
Transmission mode: Send messages through QQ, and spread through automatic playback and malicious We
an abnormal startup.
File location
C:/windows/system32/conime.exeC:/windows/system32/dllcache/conime.exeConime.exe is a processing console input method of a program, often after running Cmd.exe will appear, is running Cmd.exe after the use of Ctrl+shift switch Input method function, the end of the process can not switch.Do not easily delete this file, because the deletion may cause automatic shutdown, if the automatic shutdown, indicating that this is not an input method editor related progra
after the removal of the file and before the file is exactly the same, fortunately, after the anti-virus files can be normal operation, some with self-verification files need to reinstall.
Second, "Eye" to see the procedure
Here we take an example to see the effect of the eye.
Now the system in a virus, all executable file icon exception, in order to ensure t
\ Drive \ shell/ve/t REG_SZ/d none
Echo.
Echo starts deleting the startup item in the Registry
Echo.
Echo if the program prompts "error: the system cannot find the specified registry key or value", the startup entry of the virus has been deleted.
Echo or a new variant has appeared. Remove it on the "System Configuration Utility" page.
Echo.
Echo and press Ctrl C to exit the program
Echo.
Pause
Reg delete HKCU \ Software \ Microsoft \ Windows \ Curren
Recently, I shared a directory where all the EXE files are infected with the virus, the Internet to find out that it is "logo1_.exe" this banging ghost. Online on the harm of the virus is very high, that as long as the virus, the entire machine can only "Format." The reason
When a computer gets poisoned, many friends open the process manager and turn off a few unfamiliar programs, but sometimes this happens: turn off one, then close the other, and the one that just closed runs again. Again from the registration table after the start of the deletion, restart the test, just deleted those startup items restored.
Because the computer only installed an operating system, there is no way to remove these viruses under another system. Download the special Kill
At the beginning of 2004, IRC backdoor virus began to appear on the global network on a large scale. On the one hand, there is a potential risk of leaking local information, on the other hand, the virus appears in the local area network congestion, affecting the normal work, resulting in losses.
At the same time, because the source of the virus is open, anyone t
Recently, the Internet has become popular with the Blackday virus, which is extremely destructive to computer files. The virus destroys a vast majority of files in infected computers, including infected webpage files, executable files, and other files. The damaged files cannot be recovered. This results in loss of important information and data stored on the computer. When the file is infected, the computer
After finishing the course yesterday, I went to the instructor to copy the courseware. I didn't expect to copy it back and found that the file name and suffix On My USB flash drive were changed to exe. I immediately realized that my disk was poisoned, this was the first time for me to take place. I felt quite nervous and immediately used rising star to kill viruses. What puzzled me was that after the virus
the latest version and restart your computer.
3, click on the Rising Card 3.0 interface on the "Rising Free Kill tool", download "rogue software 7939" killing tools.
Description of the phenomenon:
My123 is a browser hijacking type of rogue software that modifies the user's browser home page to "www.my123.com" and cannot be modified. It uses virus technology to protect itself, while in the background au
Trojan Horse program TROJAN-SPY.WIN32.AGENT.CFU
The sample program is a use of Delphi program, program using MEW 1.x shell attempt to evade signature scanning, length of 67,908 bytes, icon for Windows default icon, virus extension for EXE, the main way to spread the web page hanging horse, file bundle, hacker attacks.
Virus analysis
The sample program is activ
About Sxs.exe virus killing articles please see the link below
Http://www.jztop.com/net/bdzq/du/20060813/26006.html
Before antivirus, please disconnect the network, run the Kill tool after the restart of the computer
Download Address:
Download Sxs.exe virus Kill tool
***************************************
Some day
First, questions
C:\WINDOWS\system32\LgSym.dll: Trojan Horse program detected TROJAN-PSW.WIN32.ONLINEGAMES.FQ
C:\WINDOWS\system32\Qqzos.dll: Trojan Horse program detected trojan-psw.win32.onlinegames.kr
I follow your space in some of the methods of the post processing, although Kabbah does not appear above the hint but has a new trouble, every time I open the computer Kabbah will prompt me:
C:\WINDOWS\system32\winrpcs.exe: New variant risk detected software Hidden object
And then it's:
C:\WINDO
Detailed introduction, analysis, and removal of ipv32.exe USB flash drive viruses
Symptoms of poisoning:
Release files%Windows%%32.exe% System % voice. cpl% System % timedate. cpl
Release the root directory of each partitionX: autorun. infAutorun. inf content[Autorun]Opentracing evilday.exeShellexecuteappsevilday.exeShellopen (o=command=evilday.exeShell = open (
may be found. BAT file; you can use NotePad to open Microsoft. BAT file, and you will find an EXE file in the directory (the specific name will be different;
If you do not find the corresponding file in the preceding two steps, change your file to not hide the known file suffix, and search for the file in the system disk to check whether there are no relevant files.
Trojan description
This trojan is mainly because the user has installed an embedded T
What happens to the files on a USB drive that become an. exe executable file? Tell you, your USB stick virus, then how to clear it? Small series now tell you a few simple methods, easy to handle the virus problem on the USB stick.Method 1:(1) First use anti-virus software to kill anti-
the user.
The user according to the false unloading method provided by them, after unloading, the control Panel has no search site uninstall, but with IceSword view, its files and registry are kept intact in situ, and its drive is still in the protection of their own users are not found, not deleted by the user. In other words, users can not delete this Trojan!
Viii. Virus prevention and control
1, find
You can use the IceSword
The last two days of virus rampant, a process called Wsttrs.exe will automatically terminate the virus firewall, and lead to the system desktop, the phenomenon of suspended animation. These viruses are very abnormal, the current rising Kabbah do not recognize:
First, manual removal method:
1. In Windows XP and above systems:
When you can't get to the desktop, br
. Click RUN cmd.com and execute the following two lines in the doscommand Prompt window:Assoc. EXE = exefileFTYPE exefile = "% 1" % *There is a space between assocand .exe. You should be able to run the trojankiller.exe killing tool. However, we recommend that you do not restart the system to run anti-virus software an
Windows systems are integrated with countless tools that perform their respective duties to meet different application needs of users. In fact, these tools are "versatile". If you have enough imagination and are good at mining, you will find that they can also help us to counter viruses in addition to the industry. I. The task manager gives a knife to the virus
Windows Task Manager is the main tool for you
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.