lsass exe virus

According to Xinhua News Agency, Beijing, 22, the anti-virus Center of Beijing Jiangmin company, on the 22nd, it was detected that a virus named "Piglet" was being spread online, and the computer was completely paralyzed after being poisoned. This destructive virus can infect the computer's EXE executable files, while

Idea: Create a new program file type with the extension eee Modify the name of the file you want to protect with the extension eee. Method: Copy the following code as reg file and import the registry: Windows Registry Editor Version 5.00 [Hkey_classes_root\.eee] @= "Eeefile" [Hkey_classes_root\eeefile] @= "Application" "EditFlags" =hex:38,07,00,00 [Hkey_classes_root\eeefile\defaulticon] @= '%1 ' [Hkey_classes_root\eeefile\shell] [Hkey_classes_root\eeefile\shell\open\command] @= "\"%1\ "%*"

Behavior: 1. Release the file: C: \ WINDOWS \ SYSTEM \ Services. EXE 65536 bytes C: \ WINDOWS \ SYSTEM \ sysanalysis. EXE 65536 bytes C: \ WINDOWS \ SYSTEM \ assumer.exe 976896 bytes2. Delete the backup file:C: \ windows \ system32 \ dllcache \ assumer.exe3. overwrite the System File: C: \ WINDOWS \ assumer.exeWhen the system starts, run the virus body firs

start the software you need. Note: you cannot open the software by clicking the OPEN button. This method is applicable to most software except office series .) The second time I got depressed !! 2nd, I decided on the assumer.exe process. I suspected there was a Trojan. I downloaded the esido-guard active software and found 8 Trojans. But again, the process was still being done, and the webpage was very slow. Thanks for the first time !! Access to open the web page, according to the slow, an

confirmed Au_.exe is an integral part of the NSIs installation package, not a virus When it unloads 360safe, it does connect to port 80 of the following address 60.195.253.85 Grab the bag as follows: SOURCE Address: 10.1.5.189 Port: 1214 Destination Address: 60.195.253.85 Port: ttl:64 packetsize:64 Protocol: TCP TCP flag: ack| URG 0x02 0x04 0x05 0xAC 0x01 0x03 0x03 0x02 0x01 0x01 0x08 0x0A 0x00 0x00-0x00 0