Virus Information Archival:
========================================
Xinhuanet, Beijing, September 11, February 20, a camel Trojan download tool, CAP (Trojan. DL. win32.mnless. CAP) "the virus is worth noting this week. Its authors are a bit superstitious. Even the names of the released
Today encountered very strange problem, the normal development of the unit code, in a program compiled no problem, the same unit reference to the B program compiled by the small red umbrella virus tr/spy.banker.gen4 [Trojan], automatic isolation deletion.Today's anti-virus software, is really a struggle, today an afternoon of the troubleshooting code, and finally
Virus Specific analysis
File:SFF.exe
size:36864 bytes
File version:2.00.0003
md5:248c496dafc1cc85207d9ade77327f8b
sha1:b32191d44382ed926716671398809f88de9a9992
Crc32:8c51aaab
Writing language: Microsoft Visual Basic 5.0/6.0
The virus generates the following files
%system32%\svchost.com
Add under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Add key value Svchost point to%system32%\svcho
Down.exe/virus. win32.autorun. Z/Trojan. PWS. maran.262
EndurerOriginal2Added replies from Kaspersky.1Version
When you open a page that is occasionally used in the Forum, rising prompts you to download and run suspicious files.
Search by Google, and Google has already marked it:Http://www.google.cn/search? Complete = 1 HL = ZH-CN newwindow = 1 Q = % E8 % BF % 98% E7 % 8f % A0 % E5 % 8C % Ba + % E6 % 97%
Virus name: TrojanClicker. VB. gg
Chinese name: "video baby" variant gg
Virus length: 22528 bytes
Virus Type: Trojan clicks
Hazard level:★
Affected Platforms: Win9X/ME/NT/2000/XP/2003
This virus is one of the latest members of the "video baby"
Trojan. DL. Small. ibr virus manual cleanup method
1. restart the computer and press F8 to enter safe mode.2. Find windirected2.0 in "add and delete programs" on the control panel and uninstall it.3. Clear IE cached files in Safe ModeOpen IE browser, tool -- Internet option -- delete file (all offline content)4. Delete the following folders in safe mode.C: WindowsSystem32mscacheC: WindowsSystem32msicn5. res
A Basic defensive thinking: backup is better than remedy.
1. Backup, after loading the machine, first back up the C disk (System disk) WINDOWS inside, and C:\WINDOWS\system32 the file directory.
Run, CMD commands as follows;
dir/a C:\WINDOWS\system32 >c:\1. Txt
dir/a C:\Windows >c:\2. Txt
This backs up the list of files under Windows and System32, and if one day you feel the computer is having problems, the same command lists the files, and then cmd below, the FC command comparison, the format i
One month later, Kaspersky was so annoying to listen to the voice of "pig" every day. Kaspersky was able to delete files only when encountering this virus, but the virus had a system service in the background, A virus file will be generated later. If your machine is infected with this trojan
This series of tutorials is copyright "I spring and Autumn" All, reproduced please indicate the source. for Video tutorials, please visit "I Spring" (www.ichunqiu.com).PrefaceIf we have anti-virus software installed in our computer, then when we intentionally or unintentionally downloaded a malicious program, kill the soft generally pop up a dialog box prompts us, the download program is likely to be malicious programs, suggest deletion or the like,
The internet is a lot of fake phenomenon, this is not in the author's computer, Trojan disguised as a normal security document, staged a "true Monkey King" farce. If you have the same situation at this time, may wish to follow the author to use digital signature technology, to find out the evil disguise Trojan Horse "."
Small knowledge: Simply called digital signature, is attached to the data unit some dat
Microsoft Word users should be especially careful when downloading files because hackers are exploiting an uncorrected defect in this popular word processing software.
According to IDG reports, last Thursday, the security vendor McAfee warned users that a type of name is BackDoor-ckb! The cfaae1e6 trojan virus secretly installs software on the computer.
However, to infect computers with this
Virus Trojan scan: Reverse Analysis of pandatv (I)1. Preface conduct Reverse Analysis on viruses to thoroughly identify the behavior of viruses and take more effective measures. In order to save space, I am not going to thoroughly analyze the "pandatv incense" here. I will only explain some important parts. If you have mastered these ideas, then we can handle a lot of malicious programs. Generally, we use I
Recently, my friend's computer has been poisoned. It has been killed for a day. Search for the answer from the Internet. However, there is something wrong with the answer.
My computer is 98. Use Method 1: No. EXE is always not executable. [Hkey_classes_root \ exefile \ shell \ open \ command] No error. They finally found that they were wrong. The Registry should be[Hkey_classes_root \ winfile \ shell \ open \ command]
Fault Analysis: It is most likely that a software or even a
:
Start the Document Footer. An HTM file is attached here. I open c: \ windows \ system32 \ com \ iis.htm with a text document and find that this IFRAME code is in it, this HTM is not normal, so I removed the document footer and deleted the HTM file. The problem was solved temporarily (because the system may have viruses, so solve it for the time being)
Many people on the Internet say that their servers are attacked by ARP viruses, IIS tails, and so on. If they do not solve the problem, p
, stating that our program achieves the intended purpose. and click "Close Monitoring", through the Process Explorer, the DLL file has been uninstalled, it is also explained that our program has done a good job of the corresponding function.SummaryThe Active defense program we discussed this time is still relatively rudimentary and can only be used to prevent viruses contained in the feature library, and there is nothing to do with the unknown virus,
Security researchers warned that a Trojan horse took unusual self-defense measures-installing anti-virus software to clear other malware from infected PCs.Security researchers said the SpamThru Trojan Horse installed the AntiVirusforWinGate software on the infected PC. The pirated software can scan malicious code on the system-but can miss SpamThru files, then, t
We know that the Win7 system is very powerful, but now the chances of a virus infecting a computer are high, which requires security guards to keep our computer safe for 24 hours without interruption. If the user computer accidentally infected Trojan virus, this time the computer program is likely to burst. So in order to prevent
Download fart broadband yesterday. Test and verify
ProgramThere is a trojan virus.
System startup Item: mstasks.exe
The following is an example of the Rising Star update report:
27. Trojan. sdbot. gen. p
Method of destruction: copy yourself to the system directory, name it mstasks. EXE, and register it as self-starting.
, clear the virus main program:
First, change the system time correctly
Download Sreng, download address: down.45it.com
Reboot the computer into Safe mode (reboot the system long by pressing F8 until prompted, then select Enter Safe mode)
Double click on my Computer, tools, Folder Options, view, click to select "Show hidden files or folders" and clear the "Hide protected operating system files (recommended)" Front of the hook. In the hint
When you
Q: How can I determine from the port whether it is a virus or a trojan?
A: ports can be divided into three categories:
1. Well Known Ports: from 0 to 1023, they are closely bound to some services. Usually the communication between these ports clearly indicates a service protocol. For example, port 80 is always HTTP Communication.
2. register the port (Registered Ports) from 1024 to 49151. They are loosel
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.