Virus name: TROJAN.DELF.RSD MD5 216a3783443fc9c46fe4d32aa13c390f
After running the virus sample, automatically copy the copy to the%systemroot% directory
%systemroot%\flashplay.dll
%systemroot%\ge_1237.exe
X:\flashplay.dll
X:\readme.txt.exe
X:\autorun.inf
X refers to a non-system drive letter
%systemroot% is an environment variable,
What's inside Autorun.inf:
[Autorun]
Open=.\readme.txt.exe
Shell\1=open
Recent outbreaks of malignant virus? More exaggerated than the "Sxs.exe virus", which was commonly infected last time, and has become a virus from the category of rogue software.
Virus phenomenon:IE Browser home can not be changed, was modified to www.my123.com, or automatically jump to 7255.Manual
5. Remove the startup entry created by the virus:
[Copy to Clipboard]
CODE:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Svcshare" = "%system%\drivers\spoclsv.exe"
6. Modify registry settings and restore the "Show All Files and folders" option:
[Copy to Clipboard]
CODE:
[Hkey_local_machine\software\microsoft\windows\currentversion\explorer\advanced\folder\hidden\showall]
"CheckedValue" =dword:
The Antiy vulnerability can cause virus-free or mistaken removal of legitimate software.
The android version of Antiy avl pro has a vulnerability. If used by viruses or Trojans, the vulnerability can be detected by avl scans.
After avl pro detects and removes mobile phones, the results are saved in the db first, and then the scan information is read and displayed
Virus Trojan scan and removal: compilation of the dedicated kill tool for QQ Trojan Horse stealingI. Preface as I have compiled a general kill tool framework in article 004th "virus Trojan scan: Writing pandatv killing tools, this framework is basically applicable to the
Auto Virus is a dedicated to prevent and kill auto virus, u disk virus, Flash disk virus tools.
In addition to 30 seconds of lightning killing Ravmone, Rose, Sxs, Fun.xls, and other dozens of kinds of virus transmission through U disk, but also to the system to implement act
Tags: NET WIN8 SQL database Timing PAC too 4.0 zip srcAnd the small partners who are worrying about ransomware are rushing to use an excellent SQL database backup toolHighlights in addition to the ability to regularly detect the database and backup database, but also to avoid the backup is infected, in case of being infected with the encrypted Bak file for decryption and reconstruction.Software support WIN7 WIN8 WIN10 WIN2008 WIN2012 WIN2016 and above, use the right-click Administrator rights mo
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.