This article contains an overview of Windows almost all common virus, Trojan process name, check your system process to see if the Recruit.
EXE→BF Evolution mbbmanager.exe→ Smart gene
_.exe→tryit Mdm.exe→doly 1.6-1.7
aboutagirl.exe→ first lover microsoft.exe→ Legendary cipher Messenger
Absr.exe→backdoor.autoupder mmc.exe→ Nimda virus
aplica32.exe→ the Dead
According to rising global anti-virus monitoring network, there are two viruses worth noting today: "Trojan. PSW. win32.XYOnline. jg) "and" QQ pass variant YRH (Trojan. PSW. win32.QQPass. yrh) "virus. The JG virus of xiyou Trojan
Yesterday to download the butt-fart broadband. The test verifies that the program has Trojans and viruses.
System Boot entry Load Mstasks.exe
The following quote from rising upgrade report:
27.trojan.sdbot.gen.p
Destruction method: Copy yourself to the system directory, named MSTASKS.EXE, registered as a self starter.
Virus resides in memory, illegally connects hirc.3322.org, and leaks local information.
Http://virus.chinavnet.com/newSite/Channels/Ant
The name of the Trojan Horse (Trojan) is derived from the Ancient Greek legends (Homer's epic Trojan Horse story, the Trojan Trojan horse is meant to Trojan, that is, the Trojan horse,
The world's first new Android Trojan Golem virus infected tens of thousands of mobile phones
When the mobile phone is recharged on the desk, the screen is suddenly highlighted. When no one is touched, a mobile phone game runs, slides, and executes many commands. After the execution, the phone quietly closes the screen display, and nothing happens. The mobile phone owner will find that his cell phone battery
Spread of ARP virus websites such as Trojan. psw. win32.onlinegames. gen
Original endurer1st-
The virus adds code to the webpage:/------/
1 hxxp: // A ** D *. 1 ** 02 ** 4.mo *. CN/Shui **/4.htmCode included:/------/
1.1 hxxp: // www. I ** mm ** M * QM. ***. CN/h.htm contains the Code:/------/
1.1.1 hxxp: // 0 ** 867*5. Se * r ** Vice-Google. ***. CN/VIP/cn3100.h
Virus Trojan scan: Reverse Analysis of pandatv incense (medium)I. Preface
The previous article explained the analysis at the entrance to the disassembly code of the "pandatv incense" virus sample. Although the core part of the virus has not been studied yet, our subsequent analysis is consistent with the previous thoug
Virus filename: Stup.exe
File path: C:\progra~1\tencent\adplus\stup.exe (in most cases)
(Note: There may be Soso address bar plug-ins, if found in the above path, it is the virus, to No, is Soso)
Note: This virus file may be through QQ, MSN, mail transmission, in most cases, the default is saved in the QQ Tencent folder; If the machine is through the company L
Open the Office file to indicate whether to run macros then maybe this Office file is the carrier of the Trojan Horse.
There is a gadget called the VBA macro virus generation tool that enables you to convert an EXE executable file into an application that can be invoked by a macro in office. To run the VBA macro virus generation tool, I first select a
then click "OK ".
4. Find the Virus File
That is:
C:/Windows/system32/. EXE: Trojan. qqtail. AGC:/Windows/system32/notepad.exe: Trojan. qqtail. AGC:/Windows/system/rundll32.exe: Trojan. qqtail. AGC:/program files/Tencent/QQ/167486104/myrecvfiles/ (((((wor. jpg.exe is Worm. QQ. topfox.
As follows:
Delete them .....
If
Our win7 system often has some Trojan virus, and these stubborn virus in our system deeply rooted, it is difficult to completely clear. Sometimes, even anti-virus software does not do well. So what is the way to remove these annoying Trojan
Virus Trojan scan: Behavior Analysis of pandatv burningI. Preface
To analyze the behavior of the pandatv virus, we use Process Monitor v3.10.
Behavior Analysis Aims To write virus killing programs. Of course, due to various restrictions in the real environment, we may not be able to discover all the behaviors of viruse
system-related directory (with the directory of. exe files) and other than the system partition directory (with the directory of. exe files) released a large number of. t files. Later, whenever the relevant. exe is run, the. t file must be executed first, this process can be monitored by the SSM, can also be banned by the SSM. However, if you use the SSM to ban this. T, then the. exe you want to run is also banned by the SSM. After the use of anti-virus
Today encountered very strange problem, the normal development of the unit code, in a program compiled no problem, the same unit reference to the B program compiled by the small red umbrella virus tr/spy.banker.gen4 [Trojan], automatic isolation deletion.Today's anti-virus software, is really a struggle, today an afternoon of the troubleshooting code, and finally
Virus Specific analysis
File:SFF.exe
size:36864 bytes
File version:2.00.0003
md5:248c496dafc1cc85207d9ade77327f8b
sha1:b32191d44382ed926716671398809f88de9a9992
Crc32:8c51aaab
Writing language: Microsoft Visual Basic 5.0/6.0
The virus generates the following files
%system32%\svchost.com
Add under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Add key value Svchost point to%system32%\svcho
icon on the Trojan.
5, built into the registry
Due to the complexity of the registry, Trojans often like to hide in here merry, quickly check, what procedures in its next, open eyes carefully look, do not let the Trojan Oh:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversion all the key values that begin with "run";
Hkey_current_usersoftwaremicrosoftwindowscurrentversion all the key values that be
Recently, my friend's computer has been poisoned. It has been killed for a day. Search for the answer from the Internet. However, there is something wrong with the answer.
My computer is 98. Use Method 1: No. EXE is always not executable. [Hkey_classes_root \ exefile \ shell \ open \ command] No error. They finally found that they were wrong. The Registry should be[Hkey_classes_root \ winfile \ shell \ open \ command]
Fault Analysis: It is most likely that a software or even a
:
Start the Document Footer. An HTM file is attached here. I open c: \ windows \ system32 \ com \ iis.htm with a text document and find that this IFRAME code is in it, this HTM is not normal, so I removed the document footer and deleted the HTM file. The problem was solved temporarily (because the system may have viruses, so solve it for the time being)
Many people on the Internet say that their servers are attacked by ARP viruses, IIS tails, and so on. If they do not solve the problem, p
, stating that our program achieves the intended purpose. and click "Close Monitoring", through the Process Explorer, the DLL file has been uninstalled, it is also explained that our program has done a good job of the corresponding function.SummaryThe Active defense program we discussed this time is still relatively rudimentary and can only be used to prevent viruses contained in the feature library, and there is nothing to do with the unknown virus,
Microsoft Word users should be cautious about downloading files because hackers are making waves from a bug that has not been fixed in this popular word processing software.
According to IDG, the U.S. local time in Thursday, security company McAfee warned users that a Trojan virus named Backdoor-ckb!cfaae1e6 would secretly install software on the computer.
However, to make the
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.