When a friend recently started network sharing under windows7 system, shared access could not be enabled normally. The system prompts error 1061, that is, the service cannot accept control information at this time. How is this? What about it? what can we do about it? In fact, the main reason for this problem is caused by the hazard of the worm in the system. For details, please refer to the following introduction.
analyze the reasons:
Virus Name: worm Win32.Luder.I
Other Name: W32 /Dref-U (Sophos), Win32 /Luder. I! Worm, W32.Mixor.Q@mm (Symantec), W32/Nuwar@MM (McAfee), W32/Tibs.RA (F-Secure), Trojan-Downloader.Win32.Tibs.jy (Kaspersky)
Virus Attributes: Worm
Hazard: Medium Hazard
Popularity: High
Specific:
Virus Features:
Win32/Luder.I is a worm that spreads via email and is hosted in PE files and RAR files for propagation. In addition, it also generates a Trojan to download and run other malicious programs. It is a Win32 executable that is 17,559 bytes in size.
Infection mode:
At runtime, copy Win32/Luder.I to %System%\\ppl.exe and set the file property to hidden. Then, modify the following registry key to ensure that this copy is run every time the system starts: HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\agent = “%System%\\ppl.exe. . quo;HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\agent = “%System%\\ppl.exe. . ”
Note: ‘%System%’ is a mutable path. The virus determines the location of the current system folder by querying the operating system. The default system installation path for Windows 2000 and NT is C:\\Winnt\\System32; 95,98 and ME are C:\\Windows\\System; XP is C:\\Windows\\System32.
Luder also generates and runs a file with an arbitrary name and detects Win32/Sinteri! Downloader Trojan virus. The worm also generates “kkk33ewrrt” mutexes to ensure that only one copy runs at a time.
Mode of Propagation:
Send a virus by mailing the worm from the local system to get the email address. It looks up the email address in the Windows Address Book via the following registry key: HKCU\\Software\\Microsoft\\WAB\\WAB4\\Wab File Name Next, search from ‘Z:\\’ to ‘C:\\& rsquo; on the drive Files with the following extensions:
rar
scr
exe
htm
txt
ht
a The worm performs a DNS MX (mail exchanger) query to find the appropriate mail server for each domain to send the virus. It uses a locally configured default DNS server to perform these queries. Previous12Next page Total 2 pages
windwos7 game screen screen with a black border on the edge of the solution The specific method is
SQL Server 2008 is a powerful and practical database management system, so many users will install S
Windows 7 activation status is invalid or prompts 0× 80070422 error? Many times, when the user
What should I do if the win7 boot black screen? 1. First of all, we need to call up the task manage
What can I do if the win7 system cannot change the screen saver?
What is the process of smss.exe in Win7 system?
Win7 system installer prompt error code 0xc8000222 What should I do?
Is the home self-use computer CPU good for E3 or i5?
Win7 system does not have a CD-ROM how to reinstall the system?
Win7 shutdown prompt program is still running solution
Using Win7 power management to make the ultra-pole life longer
Win7 system desktop right button is not locked to the taskbar. How to solve this option?
How to solve the computer time? Win7 system time setting method
Install the hard disk on the old computer on the new computer (the same format). Use the format
Let the Win8 system photo app display images in the computer
Win10 online push Win7/Win8.1: The global network burden is huge
Windows 10 upgrade will use pre-download push mechanism
Steps to establish an ADSL dial-up connection in Vista
What is the system process of Win10 Photo Viewer?
Tip: Add Folder to Vista Favorite Links list of
Problems with the Windows 8 keyboard Using the on-screen keyboard
How to run programs with other users under the Win8 system Metro interface
How to change the installation key of Windows 10 system
How does Win8 transfer the index file Windows.edb to non-system disk