Panda burning incense on the virus with the virus was frozen and gradually away from the people's perspective, the online panda code of widespread than Panda burning incense in the covert, anti-killing ability, ability to infect, spread and strong Trojan Downloader many more Panda Internet open burning incense code may be used as some assignments to write viruses. On this basis, there Nosey recently wrote a new variant, the use of poison Pa Panda cottage version of LOGO for the icon.
The following is a detailed analysis of the virus:
1, the virus information
Virus Name: win32.bmw.j.75783
Virus body size: 74.0 KB (75,783 bytes)
Virus type: Panda burning incense varieties
Second, the virus acts
This is a variant of a panda burning incense, icons hegemony disguised as poison to confuse the user, it will download and execute other viruses.
1. The virus will delete the boot security software programs and services.
2. Every 1 second to add your own startup items, and documents show the registry keys hidden damage.
3. Every six seconds under each drive (A and B drive excluded), delete the autorun.inf where the file or folder, and create the autorun.inf and the corresponding. Exe file.
4. Every 6 seconds to stop part of the security software and services, remove the part of the security services and boot software since the launch of the project.
5. Every 10 seconds to close the following processes, and add the image taking, point ntsd-d
avp.exe rav.exe rsagent.exe ravmon.exe ravmond.exe
ravstub.exe ravtask.exe ccenter.exe 360tray.exe 360safe.exe
6. Every 30 minutes to download a Trojan http://www.xxxxxx08.com/down/down.txt.
7. Virus infection extension exe, pif, com, src file, the file itself attached to the head, and the extension htm, html, asp, php, jsp, aspx files to add a URL, Once the user opens the file, IE will continue to write in the background Click the URL to increase traffic purposes. And the web of loopholes, the new variant of the virus will be downloaded and run.
Infection exclude the following files in the folder
WINDOW Winnt winrar system32 Documents and Settings System Volume Information Recycled
Windows NT WindowsUpdate Windows Media Player Outlook Express Internet Explorer NetMeeting
Common Files ComPlus Applications Messenger InstallShield Installation Information MSN
Microsoft Frontpage Movie Maker MSN Gamin Zone
NTDETECT.COM and rar suffix is not infected file.
Infection after infection in the directory created Desk_top_.ini file, the current system time within which to write.
Recommended links:
DAT to MP4
MOD Converter
Astronomy a lifelong hobby
MOD To MPG
No comments:
Post a Comment