Viral symptoms:
Antivirus software is disabled, hidden files cannot be displayed, the start command msconfig cannot be run, and many auxiliary software cannot be run either. After running EXE and SCR files, they are infected by viruses.
Software used for manual detection:
SRENG software and XDELBOX software
Quote:
Virus name: *-Downloader..****
Virus type: *
Virus MD5: 2ccd81d7d358778b11de9303e0097d2d
Case type: UPX
Writing language: Borland Delphi 6.0 - 7.0
Virus running
Generate process:
Code:
C:\WINDOWS\system32\
C:\WINDOWS\system32\
Release the file
Code:
C:\WINDOWS\system32\ (This call executes the infection of the local area network and creates a file: %system32%\, writes the virus information into this file)
(This process will also open the port and connect to the network to download the *!!! It's really hateful)
C:\WINDOWS\system32\
C:\WINDOWS\system32\ (This process generates a file)
C:\WINDOWS\system32\
And there are ANTO hidden files in each disk root directory
Double-clicking the hard disk will also cause the virus to run. Please right-click - open
Modify the registry
Code:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
""="C:\WINDOWS\system32\"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
""="C:\WINDOWS\system32\"
[HKLM\software\microsoft\windows\currentversion\explorer\advanced\folder\hidden\showall]
"checkedvalue"=dword:00000000
Search for windows to try to close antivirus software and auxiliary software
Try to close antivirus software and auxiliary software processes
Search for infected .exe/.scr files other than system disk.
The infected .exe/.scr file is replaced directly.. The size is: 81,928 bytes.. In this way, all .exe/.scr files cannot be restored. After running the infected exe file, the virus will be released!
Can be spread through the regional network ()
Manual deletion method:
1: Close the system restore and clear the IE temporary folder
2: Enter safe mode
Terminate process
3: Use XDELBOX software to suppress regeneration on the hook and delete the following files:
Code:
C:\WINDOWS\system32\
C:\WINDOWS\system32\
C:\WINDOWS\system32\
C:\WINDOWS\system32\
4: Open SRENG software and delete the following startup during startup:
Code:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
""="C:\WINDOWS\system32\"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
""="C:\WINDOWS\system32\" .
------SRENG software in system repair-select all-repair
-----Or open the registry and start running-REGEDIT-Modify the key
HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\explorer\Advanced\Folder\Hidden\SHOWALL, change the CheckedValue key value to 1
----- Some virus variants will delete this CheckedValue directly. Just create another one yourself like the following (step: delete the CheckedValue key value, right-click to create a new - Dword value - name it "CheckedValue", modify the key value to 1)
--Start again
----------Manually delete the AUTO hidden files under each disk
------Restart (Don't click infected EXE or SCR files!!)
------In safe mode, antivirus software scans and deletes virus-reinfected files and cooperates with 360 repair system
--Restart OK
Antivirus software is disabled, hidden files cannot be displayed, the start command msconfig cannot be run, and many auxiliary software cannot be run either. After running EXE and SCR files, they are infected by viruses.
Software used for manual detection:
SRENG software and XDELBOX software
Quote:
Virus name: *-Downloader..****
Virus type: *
Virus MD5: 2ccd81d7d358778b11de9303e0097d2d
Case type: UPX
Writing language: Borland Delphi 6.0 - 7.0
Virus running
Generate process:
Code:
C:\WINDOWS\system32\
C:\WINDOWS\system32\
Release the file
Code:
C:\WINDOWS\system32\ (This call executes the infection of the local area network and creates a file: %system32%\, writes the virus information into this file)
(This process will also open the port and connect to the network to download the *!!! It's really hateful)
C:\WINDOWS\system32\
C:\WINDOWS\system32\ (This process generates a file)
C:\WINDOWS\system32\
And there are ANTO hidden files in each disk root directory
Double-clicking the hard disk will also cause the virus to run. Please right-click - open
Modify the registry
Code:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
""="C:\WINDOWS\system32\"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
""="C:\WINDOWS\system32\"
[HKLM\software\microsoft\windows\currentversion\explorer\advanced\folder\hidden\showall]
"checkedvalue"=dword:00000000
Search for windows to try to close antivirus software and auxiliary software
Try to close antivirus software and auxiliary software processes
Search for infected .exe/.scr files other than system disk.
The infected .exe/.scr file is replaced directly.. The size is: 81,928 bytes.. In this way, all .exe/.scr files cannot be restored. After running the infected exe file, the virus will be released!
Can be spread through the regional network ()
Manual deletion method:
1: Close the system restore and clear the IE temporary folder
2: Enter safe mode
Terminate process
3: Use XDELBOX software to suppress regeneration on the hook and delete the following files:
Code:
C:\WINDOWS\system32\
C:\WINDOWS\system32\
C:\WINDOWS\system32\
C:\WINDOWS\system32\
4: Open SRENG software and delete the following startup during startup:
Code:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
""="C:\WINDOWS\system32\"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
""="C:\WINDOWS\system32\" .
------SRENG software in system repair-select all-repair
-----Or open the registry and start running-REGEDIT-Modify the key
HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\explorer\Advanced\Folder\Hidden\SHOWALL, change the CheckedValue key value to 1
----- Some virus variants will delete this CheckedValue directly. Just create another one yourself like the following (step: delete the CheckedValue key value, right-click to create a new - Dword value - name it "CheckedValue", modify the key value to 1)
--Start again
----------Manually delete the AUTO hidden files under each disk
------Restart (Don't click infected EXE or SCR files!!)
------In safe mode, antivirus software scans and deletes virus-reinfected files and cooperates with 360 repair system
--Restart OK