Modified: May 8, 2008, 18:52:32
MD5: 7009AC302C6D2C6AADEDE0D490D5D843
SHA1: 0E10DA72367B8F03A4F16D875FEA251D47908E1E
CRC32: DCE5AE5A
After the virus runs:
1. Release one to the %system32%\drivers, copy a copy of the overlay, then load the driver and restore the SSDT hook, causing the active defense function of some antivirus software to fail.
2. End the process of many antivirus software and security tools
Such as:
Quote:
...
3. Copy yourself to \config\systemprofile\ and %system32%
4. Start an IE process and connect to the network
Go to http://***./ for infection statistics
Download http://***./ to %system32%\ This file should be a list of *s that need to be downloaded
But the link has expired
5. Image hijacking many antivirus software and security tools and some other popular viruses:
Quote:
KVMonXP_1.kxp
~.exe
6. Create a registry startup project
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<LoveHebeAA><C:\WINDOWS\system32\>
Achieve the purpose of starting up your own
7. Create a timer to start the virus itself every 1800 seconds
Cleaning method:
1. Restart the computer and enter
In safe mode (continuously press F8 after booting up, then an advanced menu will appear and select the first item. Safe mode will enter the system)
Open sreng:
Start the project, registry, delete the following project
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<LoveHebeAA><C:\WINDOWS\system32\>
Remove all red IFEO projects
2. Delete the following file C:\WINDOWS\system32\
3. Use antivirus software to clear other *s downloaded by viruses