This is a malignant virus that can be transmitted through mobile storage, with anti-virus software and downloading *s. The virus uses the method of injecting virus code into it to protect itself, making it more difficult to discover and delete it. Because its main file name "", the virus is called the "Buffalo" virus.
Quote:
File:
Size: 22069 bytes
Modified: November 5, 2007, 10:13:38
MD5: 1FA97A5E1766D6E668321838A6F3E536
SHA1: 94388083FB1CDD3003FE13046BC817AB0F6D7FD0
CRC32: 1D66BFAB
Technical details:
1. After the virus runs, release the following copy:
%systemroot%\system32\
And write to removable storage and achieve the purpose of propagation through removable storage such as USB flash drive
2. Call Cmd and change the system time to 2005-10-31
3. Delete the following keys
SYSTEM\CurrentControlSet\Control\SafeBoot\MinimalSYSTEM\ControlSet001\Control\SafeBoot\NetworkSYSTEM\ControlSet001\Control\SafeBoot\Minimal\
Destroy security mode
4. Add image hijacking project to hijack some security software to
%systemroot%\system32\
Code:
KPFW32.
KVMonXP_1.kxp
KvXP_1.kxp
5. In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Added below
<DsNiu><%systemroot%\system32\> []
The startup project achieves the purpose of starting up the computer
6. Start IE download
/UpFile/UpFace/
But the connection has expired
7. Release after the virus runs ~DsNiu!.bat Delete itself
8. The subsequent actions are also a bit more vicious for the virus. After completing the above actions, the virus will start two, write its own virus code into these two processes, and then exit the process.
These two will monitor each other, and the ones cannot be deleted at this time...
9. The virus has the text "FUCK YOU" in the body
Manual solution:
Download sreng and Xdelbox
1. Unzip all files in the Xdelbox compression package into a folder, enter c:\windows\system32\ in the box next to Add
After entering one, click the Add button next to it. The added file will appear in the big box below, and then select (press and hold ctrl) all files in the big box below at one time, right-click, click, click, restart and delete immediately
2. After restarting, open sreng
Start the project Registration form Delete the following project
<DsNiu><%systemroot%\system32\> []
And delete all red IFEO hijacking projects
Or in Sreng, system repair-advanced repair-repair safe mode
3. Finally, change the system time correctly
Quote:
File:
Size: 22069 bytes
Modified: November 5, 2007, 10:13:38
MD5: 1FA97A5E1766D6E668321838A6F3E536
SHA1: 94388083FB1CDD3003FE13046BC817AB0F6D7FD0
CRC32: 1D66BFAB
Technical details:
1. After the virus runs, release the following copy:
%systemroot%\system32\
And write to removable storage and achieve the purpose of propagation through removable storage such as USB flash drive
2. Call Cmd and change the system time to 2005-10-31
3. Delete the following keys
SYSTEM\CurrentControlSet\Control\SafeBoot\MinimalSYSTEM\ControlSet001\Control\SafeBoot\NetworkSYSTEM\ControlSet001\Control\SafeBoot\Minimal\
Destroy security mode
4. Add image hijacking project to hijack some security software to
%systemroot%\system32\
Code:
KPFW32.
KVMonXP_1.kxp
KvXP_1.kxp
5. In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Added below
<DsNiu><%systemroot%\system32\> []
The startup project achieves the purpose of starting up the computer
6. Start IE download
/UpFile/UpFace/
But the connection has expired
7. Release after the virus runs ~DsNiu!.bat Delete itself
8. The subsequent actions are also a bit more vicious for the virus. After completing the above actions, the virus will start two, write its own virus code into these two processes, and then exit the process.
These two will monitor each other, and the ones cannot be deleted at this time...
9. The virus has the text "FUCK YOU" in the body
Manual solution:
Download sreng and Xdelbox
1. Unzip all files in the Xdelbox compression package into a folder, enter c:\windows\system32\ in the box next to Add
After entering one, click the Add button next to it. The added file will appear in the big box below, and then select (press and hold ctrl) all files in the big box below at one time, right-click, click, click, restart and delete immediately
2. After restarting, open sreng
Start the project Registration form Delete the following project
<DsNiu><%systemroot%\system32\> []
And delete all red IFEO hijacking projects
Or in Sreng, system repair-advanced repair-repair safe mode
3. Finally, change the system time correctly