confirmed Au_.exe is an integral part of the NSIs installation package, not a virus
When it unloads 360safe, it does connect to port 80 of the following address
60.195.253.85
Grab the bag as follows:
SOURCE Address: 10.1.5.189 Port: 1214 Destination Address: 60.195.253.85 Port: ttl:64 packetsize:64
Protocol: TCP TCP flag: ack| URG
0x02 0x04 0x05 0xAC 0x01 0x03 0x03 0x02 0x01 0x01 0x08 0x0A 0x00 0x00-0x00 0
. After confirmation, the task manager will find a strange process, hidel.exe. Although the CPU and memory occupied by it is not very large, the I/O write volume is astonishing, it seems to be a zombie, right-click it and select "Stop process" to terminate. The hard disk read/write has been restored to normal.Ii. Anti-Virus and invisible system backup toolsI have encountered a virus "C: \ Program Files \ Co
Digital certificate, is really a magical thing, can ensure that the software is not modified, can indicate the date of the release of the file, the most important, can greatly reduce the anti-virus software false positives, of course, this will be the use of trusted institutions issued certificates.It's not about applying for a certificate, it's about making your own certificate.1. Install the Windows SDKBoth the Generate certificate and the signature
Source code of pandatv exclusive tool to remove infected EXE files
/*Pandatv excludes infected EXE filesBy: ww0830Create: 2007-1-7*/# Include "windows. H"# Include # Include # Include # Define testLong g_lcheckfilenumber; // file number checkedLong g_lclearfilenumber; // clear number//// Function:// Check if EXE file b
; CurrentVersion> RunFind the SVOHOST.exe, sxs.exe, or SoundMam (note that it is not a soundman, only one letter is missing) key value, there may be two, delete the key value is C: \ WINDOWS \ system32 \ SVOHOST.exe.Open notepad, copy the following code, save it as the "Orange August sxs killing tool. bat" file, and then run it!Copy codeThe Code is as follows: echo.@ Echo :::::::::::::::::::::::::::::::::::::: ::::::::::::::::::::::::::::::::::::@ Ech
I want to introduce the MS removal tool, but I feel it is necessary because some friends still don't know how to use this "Microsoft free lunch ".
In my opinion, it is a mini popular virus removal tool.
The following is an overview of the official malicious software
the lpctstr! With this, you can easily Delete the specified startup Item and restore the file association. for your understanding, I will give an example of how to fix the EXE file association, you can modify the corresponding parameters to apply the modification of other key values. In addition, you can use the regdeletevalue function to delete the self-startup items.
Hkey;Lpctstr data1 = "/" % 1/"% *"; // default open mode for
The vbs virus is still quite popular, and its strength cannot be underestimated! Using vbs to write a common virus (worm) is not difficult, and writing a virus killing tool is not difficult. But before writing the exclusive killing tool, you must understand the information a
This article illustrates the method of virus killing tool that VC realizes. Very practical, share to everyone for your reference. The implementation methods are as follows:
Nowadays virus Trojan worm is endless, and variant is one after another. Anti-virus companies and major security companies are providing free
Virus: "MS08-067 vulnerability Virus Variant B" is a hacker program that exploits Microsoft MS08-067 vulnerability to launch attacks. This program starts the attack thread to randomly generate an IP address and tries to launch an attack on this IP address. If the system does not have a MS08-067 patch, it may be attacked. After successful attack, a Trojan of 6767.exe
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.