Home >Common Problem >How to crack Panda Burning Incense

How to crack Panda Burning Incense

爱喝马黛茶的安东尼
爱喝马黛茶的安东尼Original
2019-08-30 14:59:2253014browse

How to crack Panda Burning Incense

Panda Burning Incense is a worm virus variant that has mutated many times. It was written on October 16, 2006 by Li Jun, a 25-year-old native of Xinzhou District, Wuhan, Hubei Province, China, in January 2007. It hit the Internet at the beginning of the month and was mainly transmitted through downloaded files. Serious damage to computer programs and systems.

Panda Burning Incense will occupy the LAN bandwidth, making the computer slow down, and the computer will have the following symptoms:

The Panda Burning Incense virus will generate a virus named GameSetup.exe in the network shared folder File;

End the process of some applications and anti-virus software, causing the application to be abnormal, or unable to execute normally, or slow down;

The hard disk partition or U disk cannot be accessed and used;

The exe program cannot use the program icon to change into a panda burning incense icon;

The setup.exe auturun.INF file appears in the root directory of the hard disk;

At the same time, the browser will open inexplicably or closure.

Related recommendations: "FAQ"

The virus is mainly infected through browsing malicious websites, network sharing, file infection and mobile storage devices (such as USB flash drives). , among which the risk coefficient of network sharing and file infection is higher, while the risk of infection through Web and mobile storage is relatively low. The virus will start the installation on its own, generate a registration list and virus file %System%\drivers\spoclsv.exe, and generate virus files setup.exe and autorun.inf in all disks and directories. The unified application to change the icon of Panda Burning Incense is actually writing a value in the HKEY_CLASSES_ROOT branch of the registry to point all EXE file icons to one icon file.

Solution steps:

1. Disconnect the network

2. End the virus process
%System%\FuckJacks.exe

3. Delete the virus file:
%System%\FuckJacks.exe

4. Right-click the partition drive letter, click "Open" in the right-click menu to enter the partition root directory, and delete the root directory File:
\CurrentVersion\Run]
"FuckJacks"="%System%\FuckJacks.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"svohost"="%System %\FuckJacks.exe"


6. Repair or reinstall the anti-virus software

7. Use anti-virus software or a dedicated killing tool to perform a full scan, clear and recover the infected exe files
Recovery of poisoned files (only personal opinion, only tested on my own virtual machine, normal)

First, while clearing the virus files, do not delete the file that releases FuckJacks.exe under %SYSTEM% (in the registry to be cleaned).

Open and run input gpedit.msc to open Group Policy-Local Computer Policy-Windows Settings-Security Settings-Software Restriction Policy-Other Rules.

Right-click on other rules and select-New Hash Rule=Open the New Hash Rule window.

Click Browse on the file hash to find - release the FuckJacks.exe file under %SYSTEM%... Select the security level - not allowed, confirm and restart (must restart).

After restarting, you can double-click to run the program that has been infected by Panda - after running the program, the FuckJacks.exe file will create a startup item under the Run key in the registry (there will be no problem).

Double-click to run the infected program and it will be restored to its original state. After all recovery, use SRENG2 to delete the startup item of FuckJacks.exe in the registry.

The above is the detailed content of How to crack Panda Burning Incense. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn