File size: 202239 bytes
MD5: 3e995b27d599883173d40cd5a04af9b2
SHA1: 0dbe1d3ae07bb5462235422537bc1b92fd33054f
packers: UPX
Test time: 2007-03-25
After running the virus sample, automatically copy the copy to the %SYSTEM% directory
%SYSTEM%\
%SYSTEM%\
Note: The batch command is not running, but its purpose is to use the batch command to delete the virus samples and itself.
The virus module is inserted into the process (by accessing the network, IP address is: 121.51.75.38, downloading the file or transmitting information about theft).
Create a service item:
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Windows_ServerDdos1
Virus name:
Windows_ServerDdos1
Solution:
1. Delete the service item
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Windows_ServerDdos1
delete:
Windows_ServerDdos1
2. Restart the computer
3. Delete
%SYSTEM%\
%SYSTEM%\ �
MD5: 3e995b27d599883173d40cd5a04af9b2
SHA1: 0dbe1d3ae07bb5462235422537bc1b92fd33054f
packers: UPX
Test time: 2007-03-25
After running the virus sample, automatically copy the copy to the %SYSTEM% directory
%SYSTEM%\
%SYSTEM%\
Note: The batch command is not running, but its purpose is to use the batch command to delete the virus samples and itself.
The virus module is inserted into the process (by accessing the network, IP address is: 121.51.75.38, downloading the file or transmitting information about theft).
Create a service item:
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Windows_ServerDdos1
Virus name:
Windows_ServerDdos1
Solution:
1. Delete the service item
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Windows_ServerDdos1
delete:
Windows_ServerDdos1
2. Restart the computer
3. Delete
%SYSTEM%\
%SYSTEM%\ �