About logo1_.exe basic introduction:
Virus name:
Virus alias: virus..62976
Virus type: worm (network worm)
Virus discovery date: 2004/12/20
Influence platform: windows 95/98/me , windows nt/2000/xp/2003
Risk assessment: degree of dissemination: medium; degree of damage: medium.
Main symptoms:
1. It occupies a lot of network speed, making the machine extremely slow to use.
2. All exe files will be bundled. As soon as the application is used, the icon under winnt will become the application icon accordingly.
3. Sometimes some program boxes pop up from time to time, sometimes the application will make an error when it is moved together, and sometimes it will be forced to exit when it is started.
4. In the Internet cafe, I only felt that the win2k pro version, the server version and the xp system were not infected.
5. Can bypass all restore software.
Detailed technical information:
After the virus is run, a file named "named" will be generated in %windir% at the same time in the Windws root directory.
%windir%
The worm will generate the following key values in the system registry:
auto = 1
Stealing password
The virus attempted to log in and steal the password of the online game Legend 2 in the infected computer, and sent the game password to the implanter of the * virus. Prevent the following antivirus software from running the virus. The virus attempts to terminate the run of the following processes, mostly antivirus software processes. Including Kabaski, Kingsoft's Drugs. Rising et al. 98% of antivirus software run. Domestic software is killed by viruses after being poisoned, and it is a virus that kills it - antivirus software. Such as Kingsoft, Rising, etc. Which software can recognize viruses. But he was killed shortly after he was recognized. Change the %system%driversetchosts file by writing text information. This means that when an infected computer browses many sites (including numerous anti-virus sites), the browser redirects to 66.197.186.149.
The virus infects computers running the Windows operating system and spreads through open network resources. Once installed, the worm will infect the .exe file in the infected computer. The worm is a Windows Pe executable file of size 82k. Propagating the worm through the local network will copy itself to the following network resources:
admin$
ipc$
symptom:
The worms infect all .exe files. However, it does not infect files with the following strings in the path:
program files
common files
complus applicati
documents and settings
netmeeting
outlook express
recycled
system
system volume information
system32
windows
windows media player
windows nt
windowsupdate
winnt
The worm will delete the processes listed below from memory:
z
Internet cafes were damaged by this virus and caused large-scale lock-up machines to be paralyzed. The degree of harm can be compared with the top ten love backdoor variants in the world. The virus can be spread through the Internet and has a transmission cycle of 3 minutes. If the newly built system is in a poisoned network environment, as long as the machine is online, it will definitely be hit within 3 minutes. After being hit, you can install antivirus software such as rising skynet symantec mcafee gate kill nav Once these files are derived. He will quickly infect the core processes of the system such as explore and so .exe executable files, and the typical appearance of the symptoms are legend, bubble hall, etc. game icons such as discoloration. At this time, the system resource availability rate is extremely low. Every time you restart, the virus will attack once. The virus is very fatal to Internet cafes where the recovery software fails to be installed in time, and its network spread is very fast and effective. The old version of antivirus software cannot be detected, and the new version cannot be completely killed. Once a machine in the Internet cafe is infected with this virus, all unpoisoned machines in the Internet cafe are in danger. Due to the onset of the virus, it is stored in memory. And spread through. Therefore, even if the restore elves are installed, the restore card machine will be infected. After you restart the system can be restored. But once you turn on the computer, you will still be infected.
Virus attacks will generate additional viruses and so on. They are all very powerful backdoor programs. It is similar to plug-in viruses, but its power is more than 50 times that of plug-in viruses. Under the win98 platform, changing the virus is relatively less harmful. In win2000/xp/2003
The platform is fatal to the Internet cafe system. The system is extremely stuck. After you restart, you will find that all the .exe programs in your game are infected with the latest antivirus software and have been killed. Except that the system can barely run. You can't run the rest.
Virus cleaning methods:
If the virus does not occur, it can be completely solved. If it occurs, don't kill viruses. Just recover the disk.
1. Find the registry
auto = 1
Delete the downloadwww primary key
2. Find
Winlogo item, delete the c: after winlogo item, and then hkey_local_machine]software/microsoft/windows/currentversi /runonce/runonceex one of the two is also
c:
Delete all the above. Be careful not to delete the default key values (if you delete them, you will be responsible for the consequences)
If there are no key values above, skip this step directly.
Three End the process
Press the "ctrl+alt+del" key to pop up the task manager, find processes such as logo1_.exe, and end the process. It can be processed more conveniently with Green Eagle's process management software. Find the process (note that the fifth letter is the number 0, not the letter o), find it and select it and click "End Process" to end it (if the process runs again, you need to do this step).
Four-install antivirus software
Do not restart after installation (remember) directly upgrade the virus library. After upgrading, delete all poisonous files in the c:winnt directory. Then run the antivirus software to start the antivirus. After killing. There are also several things that cannot be deleted by antivirus software to write down. Because different systems have different names. So it's not clear here. Write it down by yourself. , and reboot and anti-virus. Remember the end of the suspicious process. Otherwise, the antivirus software will not be able to clean the virus. The most important thing is to set the virus that cannot be removed by antivirus software to delete files. Generally, you have to repeat the virus 3-5 times before you can kill it completely.
5. Check out the antivirus system.
Many system files are missing. The system is in a dangerous state. If you have ghost backup. Recover at this time. The system is clean and lossless. If not, please run the sfc command to check the file system. The specific operation is to run - enter the cmd command to enter the dos prompt. -Enter sfc
/scannow -- A prompt to put it in the system CD. --Put it in. Then wait slowly. Look at the results. The antivirus effect is significant. The poison is completely killed. But after killing the poison, many games can't be played. After a while, I didn't know what I was busy with. Then re-made the system. Who says that poisoning is the anti-virus system in the Internet cafe and the prevention after reinstalling the system. Some netizens may feel that it is difficult to clear the virus when dealing with it, or they cannot reinstall the system, but they have been infected with the same virus for a short time, so it is the best to have an immune program.
The immunization program will be announced as follows, for netizens to download and use: It is recommended to turn off the default sharing when building the system. Close ipc$ admin$ Close 554 Close icmp routing. Set passwords for all members of the administrator group. The best number plus English
Download address to
File description After downloading and decompressing, 3 files are placed in the winnt directory. 98 users are placed in the Windows directory and placed in the Start menu-Program--Start item. The purpose is to enable the computer to delete the default share after it is started, thereby preventing the virus from spreading and reinfecting. After downloading, run this file directly. It is prompted that after importing the information into the registry, it means that the registry is written successfully. The purpose is to enable the computer to immediately delete the virus theme file logo1_.exe file after restarting. It should be noted that this registry import file is for win2000 system. If you are a different operating system, please refer to it and modify it.
The above operations are just to block the spread. If you are afraid of getting infected with this virus during use, you also need to follow the following operations, so that even if the virus is infected, the main virus program cannot be run. Of course, the operations mentioned here are actually for win2000 systems. For other systems, you can refer to the operations:
Run Open Group Policy
Click User Configuration - Management Module - System - Specify that the program point that is not enabled for Windows running. Then click Display Add logo1_exe, which is the source file of the virus.
I saw the situation about the logo1_.exe virus on the Internet. Based on my experience in removing the virus in actual conditions, I will give reference to netizens who have this virus. I have referred to the posts of "Net Star" and other netizens. It is not my original work, but I can only help everyone to eliminate this hateful virus as soon as possible.
I saw the situation about the logo1_.exe virus on the Internet. Based on my experience in removing the virus in actual conditions, I will give reference to netizens who have this virus. I have referenced the posts of "Netstar" and other netizens. It is not my original work. It can only help everyone to clear this hateful virus as soon as possible:
About logo1_.exe
Basic introduction
Virus name
Virus alias virus..62976
net-worm.
Viral type worm (network worm)
Virus discovery date 2004/12/20
Influence platform windows 95/98/me, windows nt/2000/xp/2003
risk assessment
Dissemination degree: Medium
Destruction degree: Medium
Main symptoms:
1. It occupies a lot of network speed, making the machine extremely slow to use.
2. All exe files will be bundled. As soon as the application is used, the icon under winnt will become the application icon accordingly.
3. Sometimes some program boxes pop up from time to time, sometimes the application will make an error when it is moved together, and sometimes it will be forced to exit when it is started.
4. In the Internet cafe, I only felt that the win2k pro version, the server version and the xp system were not infected.
5. Can bypass all restore software.
Detailed technical information:
After the virus is run, a file named "named" will be generated in %windir% at the same time in the Windws root directory.
%windir%
The worm will generate the following key values in the system registry:
auto = 1
Stealing password
The virus attempted to log in and steal the password of the online game Legend 2 in the infected computer, and sent the game password to the implanter of the * virus.
Prevent the following antivirus software from running
The virus attempts to terminate the run of the following processes, mostly antivirus software processes. Including Kabaski, Kingsoft's Drugs. Rising et al. 98% of antivirus software run. Domestic software is killed by viruses after being poisoned, and it is a virus that kills it - antivirus software. Such as Kingsoft, Rising, etc. Which software can recognize viruses. But he was killed shortly after he was recognized. Change the %system%driversetchosts file by writing text information. This means that when an infected computer browses many sites (including numerous anti-virus sites), the browser redirects to 66.197.186.149.
The virus infects computers running the Windows operating system and spreads through open network resources. Once installed, the worm will infect the .exe file in the infected computer. The worm is a Windows Pe executable file of size 82k. Propagating the worm through the local network will copy itself to the following network resources:
admin$
ipc$
symptom
The worms infect all .exe files. However, it does not infect files with the following strings in the path:
program files
common files
complus applicati
documents and settings
netmeeting
outlook express
recycled
system
system volume information
system32
windows
windows media player
windows nt
windowsupdate
winnt
The worm will delete the processes listed below from memory:
z
Internet cafes were damaged by this virus and caused large-scale lock-up machines to be paralyzed. The degree of harm can be compared with the top ten love backdoor variants in the world. The virus can be spread through the Internet and has a transmission cycle of 3 minutes. If the newly built system is in a poisoned network environment, as long as the machine is online, it will definitely be hit within 3 minutes. After being hit, you install it. Rising, skynet, symantec, mcafee, gate, kill, nav, wait for kill
No virus software can remedy your system. The virus file logo1_.exe is the main virus, and it automatically generates the required virus attack.
Waiting for documents. Once these files are derived. He will quickly infect the core processes of the system such as explore and so.exe
The executable file, typical appearance symptoms are the symptoms of Legend, Bubble Hall, etc. game icons change color. At this time, the system resource availability rate is extremely low. Every time you restart, the virus will attack once.
The virus is very fatal to Internet cafes where the recovery software fails to be installed in time, and its network spread is very fast and effective. The old version of antivirus software cannot be detected, and the new version cannot be completely killed. Once a machine in the Internet cafe is infected with this virus, all unpoisoned machines in the Internet cafe are in danger. Due to the onset of the virus, it is stored in memory. And spread through. Therefore, even if the restore elves are installed, the restore card machine will be infected. After you restart the system can be restored. But once you turn on the computer, you will still be infected. Virus attacks will generate additional viruses and so on. They are all very powerful backdoor programs. It is similar to plug-in viruses, but its power is more than 50 times that of plug-in viruses. Under the win98 platform, changing the virus is relatively less harmful. The win2000/xp/2003 platform is fatal to the Internet cafe system. The system is extremely stuck. After you restart, you will find that all the .exe programs in your game are infected with the latest antivirus software and have been killed. Except that the system can barely run. You can't run the rest.
Virus cleaning methods
If the virus does not occur, it can be completely solved. If it occurs, don't kill viruses. Just recover the disk.
1. Find the registry
auto = 1
Delete the downloadwww primary key
2. Find
winlogo item
Delete the c: after the winlogo item
Next, put hkey_local_machine]software/microsoft/windows/currentversi /runonce/runonceex
One of the two is also
c:
Delete all the above. Be careful not to delete the default key values (if you delete them, you will be responsible for the consequences)
If there are no key values above, skip this step directly.
Three End the process
Press the "ctrl+alt+del" key to pop up the task manager, find the logo1_.exe and other processes, and end the process. You can use Green Eagle's process management software department.
More convenient. Find the process (note that the 5th letter is the number 0, not the letter o), select it after finding it and click "End Process"
To end (if the process runs again, you need to do this step).
Four-install antivirus software
Do not restart after installation (remember) directly upgrade the virus library. After upgrading, delete all poisonous files in the c:winnt directory. Then run
Antivirus software begins to be antivirus.
After killing. There are also several things that cannot be deleted by antivirus software to write down. Because different systems have different names. So it's hard to explain here
It's gone. Write it down by yourself. , and reboot and anti-virus. Remember the end of the suspicious process. Otherwise, the antivirus software will not be able to clean the virus. And the heaviest
Note: Set the virus that the antivirus software cannot remove to delete files. Generally, you have to repeat the virus 3-5 times before you can kill it completely.
five. Check out the antivirus system.
Many system files are missing. The system is in a dangerous state. If you have ghost backup. Recover at this time. The system is clean and lossless. If not, please run the sfc command to check the file system. The specific operation is to run - enter the cmd command to enter the dos prompt. -Enter sfc
/scannow -- A prompt to put it in the system CD. --Put it in. Then wait slowly. Look at the results. The antivirus effect is significant. The poison is completely killed. But after killing the poison, many games can't be played. After a while, I didn't know what I was busy with. Be depressed. Then re-made the system. Who says that poisoning is the antivirus system of the Internet cafe and the prevention after reinstalling the system? Some netizens may feel that it is difficult to clear it up when dealing with the virus, or they cannot reinstall the system, but they have been infected with the same virus for a short time, so it is the best to have an immune program.
The immunization program will be announced as follows, for netizens to download and use: It is recommended to turn off the default sharing when building the system. Close ipc$ admin$ Close 554 Close icmp routing. Set passwords for all members of the administrator group. It is best to add the English download address to the number
The above operations are just to block the spread. If you are afraid of getting infected with this virus during use, you also need to follow the following operations, so that even if the virus is infected, the main virus program cannot be run. Of course, the operations mentioned here are actually for win2000 systems. For other systems, you can refer to the operations:
Run Open Group Policy
Click User Configuration - Management Module - System - Specify that the program point that is not enabled for Windows running. Then click Display Add logo1_exe, which is the source file of the virus.
One more step to do
I tried the above method, but it didn't work. He missed another step. He searched in the c disk (note that the latter one is one, and he had been mixed up before) and deleted the relevant content in the registry.
The above is reproduced online, now let me talk about my processing process
Weijin will create 15 files in the system directory WINDOWS or WINNT directory: logo_1.exe, logo1_.exe, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , There is also a randomly launched defense software, which can automatically bind the native IP, MAC address, gateway IP, and MAC address, without manual operation, and can also play a certain preventive effect on arp. If you need it, you can add my QQ or go to my forum to inform me.
Virgin virus, congratulations on being hit, but don’t be afraid, nothing is amazing. After killing me, I deliberately downloaded the viral body for research! ! !
1. Restart and press F8 to enter the safe mode (it is okay if you don’t need to enter. Some files cannot be deleted if you don’t enter the safe mode)
2. It is recommended to use "Jiangmin Weijin Virus Special Kill" and run -regedit-edit-search-logo1_.exe and repeat several times to manually delete it.
3. Open My Computer -- Tools -- Folder Options -- Check it out "Show the contents of system folders", check it out "Hide protected operating system files", and select "Show all files and folders" below to confirm.
4. Delete all files in the following three folders:
c:\\windows\\temp\\
C:\\Documents and Settings\\Administrator\\Local Settings\\Temp
C:\\Documents and Settings\\Administrator\\Local Settings\\Temporary Internet Files
5. Open c:\\windows\\ arrange the files according to the modification time and delete all the files generated during the recent poisoning period (be careful about this, see if the time is very far away, it should be a system file. If it starts to produce on the day you are poisoned, and it is an exe file or something, then delete it), including the .log log file!
6. Open c:\\windows\\system32\\ and do the same operation as 6. Also, delete the virus name file. Just in these two folders, if you can't find it, click the virus name on it and search!
Be sure to pay attention that software must be coordinated with manual deletion. Software alone cannot do it.
References:/download/