Location:
Search - folder virus
Search list
Description: 快速清理系统临时文件,增加硬盘的可使用量,并可以清除藏在临时文件夹的病毒-rapid liquidation temporary file system, increase the use of hard disk capacity, and remove hidden in the temporary folder virus
Platform: |
Size: 1363394 |
Author: 王大雷 |
Hits:
Description: 因为该变种病毒不但要攻击RPC漏洞,还会将自身复制到%system%\\Wins文件夹下,创建FTP服务和Wins Client服务。其中FTP服务开启系统的FTP功能用于传播病毒。“冲击波杀手”感染一台机器后就会使用Ping命令或ICMP echo方式探测随机产生的IP地址是否有效,如果有效便开始进行攻击。该病毒会在受感染的系统中随机使用666-765端口与攻击系统进行连接。该病毒还会检查系统版本和微软补丁包的版本号,然后根据不同的操作系统尝试从微软下载有关RPC漏洞的补丁程序,并自动运行补丁程序,给系统打上RPC漏洞的补丁。 该病毒发作后会开启上百个线程、在PING到有效的IP地址之后就会向该IP发起攻击并传播,所以该病毒传播更有效,速度更快,而且一发作便会消耗尽所有的CPU资源从而导致机器运行缓慢直至系统瘫痪。总之“冲击波杀手”给用户造成的危害将是“冲击波”的几倍。不过升级了系统以及修补了RPC漏洞的用户不会再被该病毒感染。-because the variant virus not only to attack RPC vulnerability, but also copies itself into% system% \\ Wins folder, FTP services and the creation Wins Client services. FTP services which opened the FTP function for the transmission of the virus. "Shock killer" an infected machine will be used after the Ping orders or ICMP echo mode detection randomly generated IP address whether and, if they start to attack. The virus in infected systems use random ports 666-765 and attack systems for the connection. The virus will also inspect system version and Microsoft patch version, then under different operating systems to try to download the Microsoft RPC vulnerability patches, and automatically patch to the RPC loopholes permitting system patches. The virus attacks will be opened after hu
Platform: |
Size: 3230 |
Author: heai |
Hits:
Description: 病毒吧~因为该变种病毒不但要攻击RPC漏洞,还会将自身复制到%system%\\Wins文件夹下,创建FTP服务和Wins Client服务。其中FTP服务开启系统的FTP功能用于传播病毒。“冲击波杀手”感染一台机器后就会使用Ping命令或ICMP echo方式探测随机产生的IP地址是否有效,如果有效便开始进行攻击。该病毒会在受感染的系统中随机使用666-765端口与攻击系统进行连接。该病毒还会检查系统版本和微软补丁包的版本号,然后根据不同的操作系统尝试从微软下载有关RPC漏洞的补丁程序,并自动运行补丁程序,给系统打上RPC漏洞的补丁-virus because it was not only the variant of the virus to attack RPC vulnerability, but also copies itself into% system% \\ Wins folder, FTP services and the creation Wins Client services. FTP services which opened the FTP function for the transmission of the virus. "Shock killer" an infected machine will be used after the Ping orders or ICMP echo mode detection randomly generated IP address whether and, if they start to attack. The virus in infected systems use random ports 666-765 and attack systems for the connection. The virus will also inspect system version and Microsoft patch version, then under different operating systems to try to download the Microsoft RPC vulnerability patches, and automatically patch to the RPC loopholes permitting system patches
Platform: |
Size: 2244 |
Author: 美美 |
Hits:
Description: 因为该变种病毒不但要攻击RPC漏洞,还会将自身复制到%system%\Wins文件夹下,创建FTP服务和Wins Client服务。其中FTP服务开启系统的FTP功能用于传播病毒。“冲击波杀手”感染一台机器后就会使用Ping命令或ICMP echo方式探测随机产生的IP地址是否有效,如果有效便开始进行攻击。该病毒会在受感染的系统中随机使用666-765端口与攻击系统进行连接。该病毒还会检查系统版本和微软补丁包的版本号,然后根据不同的操作系统尝试从微软下载有关RPC漏洞的补丁程序,并自动运行补丁程序,给系统打上RPC漏洞的补丁。 该病毒发作后会开启上百个线程、在PING到有效的IP地址之后就会向该IP发起攻击并传播,所以该病毒传播更有效,速度更快,而且一发作便会消耗尽所有的CPU资源从而导致机器运行缓慢直至系统瘫痪。总之“冲击波杀手”给用户造成的危害将是“冲击波”的几倍。不过升级了系统以及修补了RPC漏洞的用户不会再被该病毒感染。-because the variant virus not only to attack RPC vulnerability, but also copies itself into% system% \ Wins folder, FTP services and the creation Wins Client services. FTP services which opened the FTP function for the transmission of the virus. "Shock killer" an infected machine will be used after the Ping orders or ICMP echo mode detection randomly generated IP address whether and, if they start to attack. The virus in infected systems use random ports 666-765 and attack systems for the connection. The virus will also inspect system version and Microsoft patch version, then under different operating systems to try to download the Microsoft RPC vulnerability patches, and automatically patch to the RPC loopholes permitting system patches. The virus attacks will be opened after hu
Platform: |
Size: 3072 |
Author: heai |
Hits:
Description: 病毒吧~因为该变种病毒不但要攻击RPC漏洞,还会将自身复制到%system%\Wins文件夹下,创建FTP服务和Wins Client服务。其中FTP服务开启系统的FTP功能用于传播病毒。“冲击波杀手”感染一台机器后就会使用Ping命令或ICMP echo方式探测随机产生的IP地址是否有效,如果有效便开始进行攻击。该病毒会在受感染的系统中随机使用666-765端口与攻击系统进行连接。该病毒还会检查系统版本和微软补丁包的版本号,然后根据不同的操作系统尝试从微软下载有关RPC漏洞的补丁程序,并自动运行补丁程序,给系统打上RPC漏洞的补丁-virus because it was not only the variant of the virus to attack RPC vulnerability, but also copies itself into% system% \ Wins folder, FTP services and the creation Wins Client services. FTP services which opened the FTP function for the transmission of the virus. "Shock killer" an infected machine will be used after the Ping orders or ICMP echo mode detection randomly generated IP address whether and, if they start to attack. The virus in infected systems use random ports 666-765 and attack systems for the connection. The virus will also inspect system version and Microsoft patch version, then under different operating systems to try to download the Microsoft RPC vulnerability patches, and automatically patch to the RPC loopholes permitting system patches
Platform: |
Size: 2048 |
Author: 美美 |
Hits:
Description: 快速清理系统临时文件,增加硬盘的可使用量,并可以清除藏在临时文件夹的病毒-rapid liquidation temporary file system, increase the use of hard disk capacity, and remove hidden in the temporary folder virus
Platform: |
Size: 1362944 |
Author: 王大雷 |
Hits:
Description: 一个清除系统垃圾的bat程序,可以清楚大量的系统垃圾,特别是IE文件夹的垃圾和临时文件,这里面往往有病毒。-A clear system of garbage bat procedures, a large number of systems can clearly rubbish, especially IE folder garbage and temporary files, which tend to have the virus inside.
Platform: |
Size: 1024 |
Author: zhaochundong |
Hits:
Description: 这是一个网络资源管理器,实现互联网,也就是浏览器方式下的、类似WINDOWS资源管理器的功能。使用互联网方式有很多好处,方便安全,不需要共享文件夹,从而使由于共享带来的病毒传播。安全保密性不高,文件传递不方便的问题得到了解决-This is a network resource manager, the realization of the Internet, that is, the browser mode, similar to WINDOWS resource management functions. There are many ways to use the benefits of the Internet to facilitate the safe, do not need a shared folder, so that sharing brought about as a result of the spread of the virus. Security confidentiality is not high, the document inconvenient transfer problem has been resolved
Platform: |
Size: 239616 |
Author: 发放日 |
Hits:
Description: 该程序能自动恢复U盘因感染病毒后被隐藏的文件文件夹。
症状为所有文件文件夹都看不到,在其他机器上打开隐藏显示可以看到。
推荐操作:将程序拷贝到U盘运行即可。该程序须在无毒机器上使用。-The program can automatically resume the U disk had been infected with the virus was hidden files folder. Symptoms folder for all documents have not seen in other machines open the show can be seen hidden. Recommended steps: program are copied to the disk U can run. The procedure to be used in drug-free machine.
Platform: |
Size: 1024 |
Author: 缪明明 |
Hits:
Description: 该文件夹里面重点描述了CIH病毒的源码和原理,及作者个人的一些信息。值得一看-Focus inside the folder describes the CIH virus source and principle, and the author of some of the information. Worth a visit
Platform: |
Size: 38912 |
Author: ggsddu_1997 |
Hits:
Description: 感染当前文件夹的test.com文件
并删除当前文件夹的del.txt文件
显示预设的字符串 -Infection in the current folder and delete the current test.com file folder documents show del.txt default string
Platform: |
Size: 1024 |
Author: wt |
Hits:
Description: 文件夹图标病毒源代码,曾经发表在邪八上的。
功能:监控系统,把磁盘一级目录下的文件夹隐藏,并复制自身为文件夹名,当用户点击时,先自己运行,在正常打开隐藏的文件夹。还会释放一个小后门,在4444端口监听-Folder Virus,
simple and powerful
Just Enjoy it!
Platform: |
Size: 80896 |
Author: 李风 |
Hits:
Description: 文件夹图标病毒通用专杀工具,可以极为快速的清除电脑里的文件夹图标病毒,还你一个干净的系统。-Folder virus killer
Platform: |
Size: 44032 |
Author: 李风 |
Hits:
Description: VB防止打印店病毒。自动开机启动 防治利用U盘传播的病毒。如过文件夹被恶意更改,会自动修复。-VB virus to prevent the print shop. Automatically control the use of U-boot disk to start the spread of the virus. If the folder had been malicious changes, will be automatically repaired.
Platform: |
Size: 2131968 |
Author: luonian |
Hits:
Description: windows下病毒原理演示代码,无攻击性。(如:在c根目录下生成一个空文件夹)为防备杀毒软件查杀,内容已加密,解密密码zrb 内部exe文件已改为txt格式 可直接txt打开阅读代码也可改为exe运行尝试-principle demonstration of the virus under the windows code, non-offensive. (Eg: in c root to generate an empty folder) to prepare for killing anti-virus software, as encryption, decryption exe file password zrb internal txt format has been changed to open direct txt can be changed to read the code try to run exe
Platform: |
Size: 34816 |
Author: hwl |
Hits:
Description: 工具原理:
1·遍历文件夹,扫描“是PE&会显示图标”的文件,选择其ICON_GROUP的第一个图标资源作判断
2·枚举该图标里的所有尺寸的图片,与Pattern中的相应尺寸的图片 比较每个像素的RGB,容差在某个范围内,则认为HIT
3·当该图标的某个尺寸的图片的所有像素HIT的百分比在某个范围内,则认为图标HIT,即认为是文件夹图标病毒
优势:
相比 通过提取文件CRC来判断一个文件夹病毒,通过图标来判断更为可控,更为迅速。而且,调整好几个阀值之后,理论上不会误报。-Tools principles: 1 · Traverse Folder to scan " is the PE & will show the icon" document, select the first icon in its ICON_GROUP resources to determine 2 · enumerate all the dimensions of the icon inside the picture, and Pattern in the corresponding size of the picture compares each pixel RGB, in a context of tolerance, then that HIT 3 · When the icon image to a size of HIT percentage of all pixels within a confined area, then that icon HIT, which is a folder icon that viruses advantage: compared to extract the files through the CRC to determine if a folder virus, through the icon to determine a more controllable, more rapidly. Moreover, the adjustment of several thresholds, the theory is not false positives.
Platform: |
Size: 2541568 |
Author: 周荣誉 |
Hits:
Description: 1KB shortcuts folder virus removal special attachment
Platform: |
Size: 204800 |
Author: dongting |
Hits:
Description: 易语言文件夹病毒专杀工具源码可以有效除掉文件夹病毒-Yi language folder virus Zhuanshagongju source can effectively get rid of the folder virus
Platform: |
Size: 3072 |
Author: 何辉 |
Hits:
Description: 防御伪装文件夹病毒,Designed By LJN-Defende the fake folder virus
Platform: |
Size: 1024 |
Author: LJN |
Hits:
Description: 总体下来,能查杀exe文件夹病毒文件,但无法清除它在c:\F10S 目录下的 ctfmon.exe 与 svchost.exe 和它生成的启动组的快捷方式。
由于条件的限制,我也乏天回术。它将自己的句柄写入到 系统关键的进程 winlogon 中。
源码中有个UnLocker的类、本来想清掉它的句柄删除文件,但是发生个很无奈的 0xC0000005(STATUS_ACCESS_VIOLATION)错误。最后我很无耻的放弃了。
另外 附加 LPK查杀。基本上它创建的服务,打开的进程,注入的线程,文件都能查杀。
源码中有个SysService类。用来枚举系统服务的、测试过程中发生个未知的错误。
无奈之下也无耻的放弃了。最后使用了CMD的SC命令来卸载服务。-Overall down, killing exe folder virus file, but you can not clear it in the c: \ F10S directory, the ctfmon.exe and the svchost.exe and it generates the Startup group shortcut. Due to constraints, I also spent days back surgery. It write your own handle to the key process winlogon. A UnLocker class in the source code, originally wanted cleared its handle to delete files, but are helpless of 0xC0000005 (STATUS_ACCESS_VIOLATION) of errors occurred. Finally, I am shameless abandon. Addition additional LPK killing. Basically it created the service, open process, injected threads, files can be killing. Source in SysService class. Services used to enumerate the system, unknown error occurred during the test. In desperation shameless abandon. Finally, use the CMD SC command to uninstall the service.
Platform: |
Size: 658432 |
Author: 猪蹄 |
Hits: