virus Name: trojan-PSW.Win32.Magania.rxk
Manual Solution:
1. Manually delete the following files
% SystemRoot% \ system32 \ cjvesk.dat
% SystemRoot% \ system32 \ bvkiwp1.dat
% SystemRoot% \ system32 \ bvkiwp2.dat
% SystemRoot% \ system32 \ bvkiwp3.dat
% SystemRoot% \ system32 \ bvkiwp4.dat
% SystemRoot% \ system32 \ bvkiwp5.dat
% ProgramFiles% \ hgreag \ elijnixxb.dll (random name)
Variable declaration:
% SystemDriver% system partition, usually “C: \”
% SystemRoot% WINDODWS directory, usually “C: \ Windows”
% Documents and Settings% user’s documents directory, usually “C: \ Documents and Settings”
% Temp% temp folder, usually “C: \ Documents and Settings \ current user name \ Local Settings \ Temp”
% ProgramFiles% system program the default installation directory, typically: “C: \ ProgramFiles”
Analysis of the virus:
(1), to create a snapshot of the process, through search process “360tray.exe”, “ravmond.exe”, “qqpctray.exe” process, if the sign were found.
(2) determine whether there is% SystemRoot% \ system32 \ cjvesk.dat, if you exit the program, use the file to indicate whether the machine is running a virus.
(3), were created in the system directory under the file “bvkiwp1.dat”, “bvkiwp 2.dat”, “bvkiwp 3.dat”, “bvkiwp 4.dat”, “bvkiwp 5.dat”, the configuration information are written into five files created and set to hidden attribute.
(4), create the directory “% ProgramFiles% \ hgreag \”, and in this directory, create elijnixxb.dll (random name), the release of the virus code to the file.
(5), by calling the LSP system function WSCEnumProtocols, WSCInstallProvider, WSCWriteProviderOrder network protocol installed xvzgnwowz.dll chain to the system to update the installation of all service providers in order to customize the service providers ranked in the forefront of all agreements, this winsock-based implementation, all programs are loaded xvzgnwowz.dll.
(6), and if we find there is a security system into the software process, then exit the program directly, or delete itself after exiting the program.
(7), by WSP series WSPSend () function, such as the interception of the game account passwords and other network users to send data to the hacker specified address.
Viruses create files:
% SystemRoot% \ system32 \ cjvesk.dat
% SystemRoot% \ system32 \ bvkiwp1.dat
% SystemRoot% \ system32 \ bvkiwp2.dat
% SystemRoot% \ system32 \ bvkiwp3.dat
% SystemRoot% \ system32 \ bvkiwp4.dat
% SystemRoot% \ system32 \ bvkiwp5.dat
% ProgramFiles% \ hgreag \ elijnixxb.dll (random name)
Virus access to the network:
www.sz ***. com: 54325/anquan
In case you didn’t know Jeanette Winterson who once stated the quote – What you risk reveals what you value.
aboves…
Thanks! Will probably be nice to anyone who usess it, including myself. Sustain the nice work for positive ill take a look at extra posts.. Hey very nice blog!! more please great….
[...]I saw this really great post today.[...]…
I have honestly never read such overwhelmingly good content like this. I agree with all points and ideas. This info is really great. Although unrelated to my blog, worth linking to…
Car Warranty News and Reviews…
[...]while the web sites we connect to underneath are not related to ours, but are worth checking out[...]…
Online Article……
[...] ….. [...]……
Miss America 2011…
[...]in the following are a couple of urls to internet pages that we connect to because we think these are really worth checking out[...]…
gol videoları…
iddaa tahminleri…
superbahis…
superbahis giriş…
ukash kart…
ukash…
borsa…
borsa haberleri…
salamura depo…
prefabrik konutlar…
prefabrik ev…
iki katlı prefabrik…
emlak…
emlak ilanlari…
oo nice work…
very ncy…
müzikforum…
müzik forum…
Arabalar…
Araba resimleri…
film izle…
dizi izle…
toptan mallar…
toptan mallar…
film izle…
film izle…
Thanks for this info. Every now and then this hell of a virus crashes into my computer and i am usually left with formatting my disks. but this post helped me a lot. So, thanks for sharing.
Btw my site is . Maybe you can pay a visit.