The virus aims to brush shells advertising traffic, pop-up a large number of sex and violence sites, but its destruction will lead poisoning in the computer losses.
Virus Behavior:
1. The virus by examining the window, the window name in the security software to its list of the name of the same name, then send the message, close the window (such as cleaning, process, warning, etc. keywords), so that antivirus software will not work properly.
2. Release% sys32dir% \ Com \ LSASS.EXE,% sys32dir% \ Com \ SMSS.EXE,% sys32dir% \ xpserver.dll and other documents, add the registry to start the project, delete IFEO, destruction of safe mode
The virus acts of vandalism:
1. Destroy all the photo files, the virus load, it will traverse and modify the drive except C drive other than the existence of GIF, gif, jpg, JPG format, such as 1.gif, changed its name to "1. (A large segment space). exe ", the contents of the file has been virus program to read:
Connect to the network when the virus downloaded the new version of the virus, pictures have been destroyed;
No clusters for the current version of the virus, the original image file is completely destroyed.
2: Malicious destruction of executable program
In addition to C-virus will attempt to overwrite the disk drive other than the sub-region of all exe files will be re-written for the virus, the head of data, the executable file is corrupted. If there is no backup, will not be restored.
3: The virus will search deleted gho file
This virus will search the suffix of. GHO,. Gho file and then delete (gho format is a key ghost backup of the file, delete this file to restore the system through the ghost that is not possible)
No comments:
Post a Comment