My-Battery.ca

 
Find hidden in the QQ “ghost”
If you have friend somehow can send you some files such as “Video Girl” links to your conveyor virus, do not blame your friends to deliberately make trouble because he is also a victim, his QQ by the virus attacks, automatically radiated toxic. Vanguard of anti-crime issue from Suzhou, Wang Qiang is necessary to ferret out hidden in the QQ “ghost”, but also a clean and Netsky.
Anti-crime Vanguard: Wang Qiang City: Suzhou
Using the system: Windows XP SP2 descriptions of the symptoms
Shortly after the Internet today, received a number of QQ friends rave information, which makes me very puzzled. One asked to know, but they have received my QQ sent the information of all kinds of mess with the virus file, and also with the news. And the name of the virus file also varied, and made me very puzzled, do not QQ stolen? Then re-apply a QQ number, together with a friend, and within three minutes, it received the request to receive the file. And with virus files. Is my QQ virus attacks? Think of a few days to install a downloaded program, an error window pop up. Was not feel right, so an immediate anti-virus, but did not find any virus, it now appears certain is this program in “trouble”.
Find the clues to open the Task Manager to view, find a file called “the Rundll32.exe process. Common applications rarely call the Rundll32.exe, the most commonly used Rundll32.exe that some rogue software, or Trojan backdoor, It seems that the Rundll32.exe most suspicious.HP Probook 4720s battery
Click the “Start” menu, search for files or folders “command, and then find the Rundll32.exe” keyword. The results also found in the system directory of the SYSTEM and SYSTEM32 folder Rundll32.exe trace. By resolution of the file icon, I soon found a suspicious file, because fake Rundll32.exe actually to WINRAR icon (Figure 1).
Figure 1 find a suspicious file, I began to prepare to find the start of the virus. Run the Registry Editor, the same search for “the Rundll32.exe” keyword, the results did not find a suspicious startup items. Since there is no suspicious startup items, I decided to remove the virus, restart the system and then check the system processes, and did not find the Rundll32.exe this process, QQ is good news to friends, when I start the “hateful” the process of appeared. Rid of the virus
It seems that the QQ virus did not imagine so simple, it must be a file protection technology, so that when a file is deleted, other documents will soon generate a Rundll32.exe file a copy of. Just observation and the previous inspection, I think this QQ virus not start with the system to start, followed by the start of QQ. QQ installation directory then immediately came to check and then find a WINRAR files as icons name “TIMPlatform.exe”, in addition also found that a named “TIMP1atform.exe (Note 1 is not L) file (Figure 2).
Figure from 2 TIMPlatform.exe (note that not 1) use QQ and TM external application development interface management procedures, belonging to the QQ 2004 edition,HP EliteBook 2760P battery to become an integral part of the underlying core modules. View of the file attributes, found “TIMP1atform.exe” This document is developed by Tencent. It seems this QQ viruses changed its name to be formal TIMPlatform.exe the “TIMP1atform.exe, the virus itself instead of QQ in the program. Order to completely remove the virus, the system by the time properties of the system search function “TIMPlatform.exe search results also found that the two documents. The first end the Rundll32.exe this process, and then just found out that the two documents and the Rundll32.exe, TIMPlatform.exe removed. Then modified virus TIMP1atform.exe “restore” TIMPlatform.exe.
Detection, the system again and found the association of the registry Chinese and executable files to be changed immediately to repair it through the Super Rabbit, the ultimate success of the virus is completely cleared from the system.Thinkpad 600 Battery
With the gradual increase of QQ users, QQ has also become more and more breeding grounds for viruses. In fact, a little some programming capabilities of the user will be able to write a similar virus, even if it can not write can transform someone else to write the virus to spread. It also makes this type of virus size is getting smaller and smaller, more efficient, endless variety of new viruses or variants, it makes a lot of anti-virus software now struggling to cope with, it is difficult for killing the first time.
Wang Qiang in checking suspicious files, first of all proceed from the system directory, did not completely remove the virus, check the other directory, and ultimately successfully cleared the virus itself. We face the hazards of this virus can also use anti-virus software manufacturers to develop Zhuanshagongju for killing. QQ Thief killing tools QQKAV, QQ tail Zhuanshagongju (Figure 3), can easily deal with these common QQ virus.
Figure 3 Previous Home Next