System Process--Disguised Virus
Destruction method: Password destruction V8.10. Also known as "password stutter"
Stealing various passwords for users, including: game password, LAN password, Tencent QQ account and password, POP3 password, Win9x cache password and dialing account, etc. The password stolen by this * horse is very wide and has a huge potential threat to the majority of Internet users.
Phenomenon: 1. The system is running in the process, please note that it is a lowercase letter.
2. Search for this program, not the PROGRAMME folder located under the C drive, but the WINDOWS32 folder.
Special killing
Solution: 1. Go to C:\\WINDOWS\\system32 and completely delete it.
2. In the registry, find HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion
\\Run "mssysint"= , delete its key value
Operation principle:
1. 1. The virus copies itself to the system directory and named it ""
2. Add registry startup key:
HKEY_LOCAL_MACHINE Software\\Microsoft\\Windows\\CurrentVersion
\\Run “mssysint”=
2. After the virus in the system is running, release "" and connect the global message hook through the "AddHook" and "DelHook" provided by the dynamic connection library to intercept various inputs from the user. Obtain various passwords of the user from it.
3. The virus uses memory maps "PwdBox" and "PowerSpider" as running marks to prevent itself from running repeatedly.
4. Download "http://***/download/"
5. Send letters via "".
This virus encrypts the information in the sent email. If you do not have a password, you cannot see the information in it.
Destruction method: Password destruction V8.10. Also known as "password stutter"
Stealing various passwords for users, including: game password, LAN password, Tencent QQ account and password, POP3 password, Win9x cache password and dialing account, etc. The password stolen by this * horse is very wide and has a huge potential threat to the majority of Internet users.
Phenomenon: 1. The system is running in the process, please note that it is a lowercase letter.
2. Search for this program, not the PROGRAMME folder located under the C drive, but the WINDOWS32 folder.
Special killing
Solution: 1. Go to C:\\WINDOWS\\system32 and completely delete it.
2. In the registry, find HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion
\\Run "mssysint"= , delete its key value
Operation principle:
1. 1. The virus copies itself to the system directory and named it ""
2. Add registry startup key:
HKEY_LOCAL_MACHINE Software\\Microsoft\\Windows\\CurrentVersion
\\Run “mssysint”=
2. After the virus in the system is running, release "" and connect the global message hook through the "AddHook" and "DelHook" provided by the dynamic connection library to intercept various inputs from the user. Obtain various passwords of the user from it.
3. The virus uses memory maps "PwdBox" and "PowerSpider" as running marks to prevent itself from running repeatedly.
4. Download "http://***/download/"
5. Send letters via "".
This virus encrypts the information in the sent email. If you do not have a password, you cannot see the information in it.