Panda Burning Incense is a worm virus variant that has mutated many times. It was written on October 16, 2006 by Li Jun, a 25-year-old native of Xinzhou District, Wuhan, Hubei Province, China, in January 2007. It hit the Internet at the beginning of the month and was mainly transmitted through downloaded files. Serious damage to computer programs and systems.
Panda Burning Incense will occupy the LAN bandwidth, making the computer slow down, and the computer will have the following symptoms:
The Panda Burning Incense virus will generate a virus named GameSetup.exe in the network shared folder File;
End the process of some applications and anti-virus software, causing the application to be abnormal, or unable to execute normally, or slow down;
The hard disk partition or U disk cannot be accessed and used;
The exe program cannot use the program icon to change into a panda burning incense icon;
The setup.exe auturun.INF file appears in the root directory of the hard disk;
At the same time, the browser will open inexplicably or closure.
Related recommendations: "FAQ"
The virus is mainly infected through browsing malicious websites, network sharing, file infection and mobile storage devices (such as USB flash drives). , among which the risk coefficient of network sharing and file infection is higher, while the risk of infection through Web and mobile storage is relatively low. The virus will start the installation on its own, generate a registration list and virus file %System%\drivers\spoclsv.exe, and generate virus files setup.exe and autorun.inf in all disks and directories. The unified application to change the icon of Panda Burning Incense is actually writing a value in the HKEY_CLASSES_ROOT branch of the registry to point all EXE file icons to one icon file.
Solution steps:
1. Disconnect the network
2. End the virus process
%System%\FuckJacks.exe
3. Delete the virus file:
%System%\FuckJacks.exe
4. Right-click the partition drive letter, click "Open" in the right-click menu to enter the partition root directory, and delete the root directory File:
\CurrentVersion\Run]
"FuckJacks"="%System%\FuckJacks.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"svohost"="%System %\FuckJacks.exe"
6. Repair or reinstall the anti-virus software
7. Use anti-virus software or a dedicated killing tool to perform a full scan, clear and recover the infected exe files
Recovery of poisoned files (only personal opinion, only tested on my own virtual machine, normal)
First, while clearing the virus files, do not delete the file that releases FuckJacks.exe under %SYSTEM% (in the registry to be cleaned).
Open and run input gpedit.msc to open Group Policy-Local Computer Policy-Windows Settings-Security Settings-Software Restriction Policy-Other Rules.
The above is the detailed content of How to crack Panda Burning Incense. For more information, please follow other related articles on the PHP Chinese website!