viking c 1000b

:34:20Size: 93240 bytes, 91.56 KBMD5: ef70da-91d050cc898319acbb044e847 Kaspersky reportsWorm. win32.viking. II After 0.exe is run, other malicious files will be downloaded and the EXE file will be infected. The following is a record of Kaspersky 6 after 0.exe is run:/----Detected: Risk SoftwareTrojan. GenericRunning process: D:/test/0.exeDetected: Trojan programTrojan-PSW.Win32.Magania.jmFile: C:/winnt/system32/wincab. sysDetected: Trojan programTroja

EndurerOriginal 2006-11-02 No.1Version Last night, I was too late to help the netizen having worm. Viking. Dy in the computer perform a detailed check.Worm. Viking. DYIt is officially started at noon today. According to the Rising Antivirus record on the user's computer, four more times this morning, C:/winnt/logocmd.exe was infected.Worm. Viking. DY, Cleared. In

install a QQ tail virus, then use the QQ of the computer that has been poisoned to send spam information, and use the machine to spread the virus.(Reference: more than 10 enterprises with nine thousand internet users attacked by Weijin WormHttp://it.rising.com.cn/newSite/Channels/info/virus/virus/200606/05-171222684.htm)------------------------------ Detected Viking automatically downloaded "misi virus (rising Name:Trojan. psw. lmir. kgs", QQ tail vi

Encounter worm. win32.viking. lm/worm. Viking. tc, Trojan. psw. win32.onlinegames, etc. 2 EndurerOriginal1Version Seeing C:/Windows/richdll. dll and O4-HKLM/../run: [load] C:/Windows/uninstall/rundl132.exe reminds me of Viking ...... Stop and disable windowsdown (windows_systemdown) Uninstall Baidu super souba Download and install the rising star Kaka Security As

Recently, Viking virus has been spreading over the Internet. This computer virus will not only infect all executable files on the hard disk, but also automatically download other computer viruses from the Internet, as a result, QQ numbers, MSN accounts and other personal data are stolen, which is extremely harmful! I hope all of you will be alert and handle it in time to avoid regret. Method 1: Vikin virus exclusive tool: Kingsoft exclusive:Http://d

ShellExecute method of application object Q: % WINDIR %/system32/cmd.exe/C % WINDIR % /***.. Test.htmCode included:/------/ Test. jsThe content is not encrypted. Use activexobject ("thunderserver. webthunder.1") to download love.exe, save it to C:/, and run it with a timer. File Description: D:/test/love.exeAttribute: ---Language: Chinese (China)File version: 1.0.0.0Note:Copyright:Note:Product Version: 1.0.0.0Product Name:Company Name:Legal trademark:Internal Name:Source File Name:Creation Time

EndurerOriginal 1Version A colleague said that his computer was abnormal and asked me to check it out. Download hijackthis scan log to http://endurer.ys168.com and find suspicious items: /-----Logfile of hijackthis v1.99.1Scan saved at 9:04:52, onPlatform: Windows XP SP2 (winnt 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running Processes:C:/Windows/logocmd.exeE:/qqgame/pocket ~ 1/pocketrpg.exe F3-Reg: win. ini: load = C:/Windows/rundl132.exe-----/ Logocmd.exe and rundl132.exe a

-------------------------/ Check the following folders with WinRAR and find: C :/============================================Internt. HTA (Kaspersky reportsTrojan-PSW.Win32.QQPass.hn)RAR. HTA (Kaspersky reportsTrojan-Downloader.JS.Small.cq)Vidll. dll (indicated by KasperskyWorm. win32.viking. rThe rising report isWorm. Viking. AA) C:/Documents and Settings/user/Local Settings/temp===========================

EndurerOriginal 1Version A netizen said that when his computer was powered on, rising scanning found that C:/winnt/logocmd.exe was infected with worm. Viking. Dy, which had been cleared. Let me help you. Use QQ for remote assistance. Shut down the real-time monitoring of rising stars, and then use the rising virus isolation system to restore logo.exe and package it back with WinRAR. Enable real-time monitoring of rising. To http://it.rising.com.c

In the first half month since January 1, early September, the company was infected with a serious virus: Viking. the company's entire LAN is almost paralyzed. the company only has one it, which shows how busy it is. on the morning of work, I thought it was like a daily software fault. I had to reinstall the software to solve the problem. However, the problem is becoming more and more serious. Not only does the repaired software become infected with

reportsTrojan. win32.bcb. I, Drweb reportsWin32.hllw. mybot)Jxdll. dll (indicated by KasperskyTrojan-PSW.Win32.Delf.hh)Myrx. dll (Kaspersky reportedTrojan-PSW.Win32.Agent.ia)Mywow. dll (Kaspersky reportedTrojan-PSW.Win32.WOW.jw)Myztr. dll (Kaspersky reportedTrojan-PSW.Win32.OnLineGames.v)Ss3.exeWsd_sock32.dll (the value of Kaspersky isTrojan-PSW.Win32.Agent.if)Xia.exe (Kaspersky reportsWorm. win32.viking. Ax)Rundl132.exe (note: the front of 32 is the

EndurerOriginal 2006-09-031Version Be careful to spread worm. win32.viking. r through the URL (Q-zone. ***** QQ. c0m) in the QQ tail The URL in the article has changed. When the QQ friends dialog box is opened, the message is:/----------I have a female student who participated in the 2006 online style selection for college students. The Q-zone space has a photo of her candidate. I will help him increase his popularity during the tour. Thank you

EndurerOriginal 2006-10-08 th 1Version The information automatically sent by QQ is:/--------Check out my recent photos ~~~ To scan the Q-zone space. Is it too explicit .... Hxxp: // Q-zone. *** QQ. c0m. % 34% 76% 30 *** % 2e % 63% 6e/** Photo/cgi_bin 387 ** 381/--------/ Click the header of the webpage opened by this link to use the Javascript script code encrypted by the custom function psw. After decryption:/----------------/ MM ***. htmThe script program starting with htmlship encryption is

!Creation Time: 20:40:47Modification time:Access time:Size: 69037 bytes, 67.429 KBMD5: 35ecfe1014702d38a40a0b428679c06a Scanned file: 0.rar-infected 0. rar/0.exe-infected by worm. win32.viking. JrStatistics: Known viruses: 285996 Updated: 26-03-2007 File size (Kb ): 64 Virus bodies: 1 Files: 1 Warnings:

A new version of 2003 SP1 was installed a few days ago, and "VIKING" was unfortunately caught on the Internet. After the virus was cleared manually, 360 security guards were used again, and two pieces of green e software scanned once... I think it is safe. I restarted the machine and found that the major event was not good. The icons of most executable files on the hard disk were gone... in both eyes, I had to scream, and it would be hard to get all t

/nntv.exe O23-NT Service: workstation-unknown owner-E:/Windows/services.exe The startup items in the O4 group are similar to those found in the computers of netizens worm. Viking. pk in the previous days. See: I only reminded you yesterday that today some netizens have clicked on the web site in QQ information, which is Worm. Viking. PK.Http://endurer.bokee.com/6174316.htmlHttp://blog.csdn.net/Purpleendure

I never use anti-virus software, mainly because it occupies system resources and is poisoned at ordinary times. It is also manually cleared. However, it was recently harassed twice by a virus named VIKING. The biggest "advantage" of this virus is that it will automatically find some EXE files on your hard disk (as if they were random) and append them. (This worm virus was a headache in DOS, and a dir infected the entire directory .) In this way, even

EndurerOriginal1Version Code added to the webpage:/--------/ Mm.htm contains code:/------/ Hxxp: // www.97 *** 72 * 5.com /? 01 **** 6 Code included:/------/Hxxp: // www.97 *** 72 * 5.com/m?uxiao=**2.jpg (Kaspersky: exploit.win32.img-ani.k?use the animation hole to download 97725.exe Hxxp: // www.97 *** 72 * 5.com/0620.20.20.20.14.js The content is Javascript script code. The function is to use Microsoft. XMLHTTP and scripting. FileSystemObject to download the 97725.exefile and save it to % WIND

EndurerOriginal 1Version This website homepage containsCode: Hxxp: // www *** 1.8 *** 93 *** 8 ** 2.cn/5*%1%%%.htmCode included:/------/ Hxxp: // www *** 1.8 *** 93 *** 8 ** 2.cn/css.jsContent is JavascriptProgram, Use a regular expression to decrypt the code and run it. The decrypted code is written in Javascript. The function is to use Microsoft. XMLHTTP andSCR uninstall pting. FileSystemObject download file down.exe, save as % WINDIR % /~ TMP. tmp and run the command % WINDIR %/s

EndurerOriginal 1Version (Continued)This section describes the analysis process. 1. Check the automatic scanning record of rising startup:==================================Virus name processing result found date path file virus sourceTrojan. psw.