Post By
Facebook has appeared in the new version of Virus Spam via Messenger. Persons who get stuck will send friends in Friendlist files named Videomp4.zip. The victims do not prevent download this file and then extract will immediately lose Account.
Dangerous people should be careful! Below is a tutorial that I just found on BKAV to treat this virus.
First, you will need PChunter software. Link: https://forum.bkav.com.vn/forum/may-tinh/kinh-nghiem-thu-thuat/13603-update-64bit-cong-cu-ho- Trojan-virus-bang-antivirus-rootkit-virus-rootkit 13191-Update-64bit-Virus-bang-hand-virus-XueTr- Anti
Type 1: mediafire. com / ******* / img **. jip. exe or. pif
This type of feature, they will create fake svchosts.exe file in appdata directory (vista +7) or application data (XP).
Look at the tool, you can see the svchosts are printed in blue, it is the fake svchosts. So what now? Right-click it, select delete file after termination and then right-click again, select force kill as done.
Well, that's not finished yet. You press R to enter the run dialog box, type regedit and then enter. Access by path:
Type 2: k22. Rubber, file picture format + month + date + number (Example: April20Picture36-JPG)
This type is slightly different, it will create iqs.exe file at C: \ windows
virus microsoft impersonation should not print in color as in Figure, but not escape. Some cases are still blue.
Kill is similar to type 1, right-click iqs, select delete file after termination and then right click again, select force kill.
Also fix the registry again. You press R to enter the run dialog box, type regedit and then enter. Access by path:
Delete key microsoft firevall engine (path virus)
Path
Delete: C: \ windows \ iqs.exe
* Note: To open the appdata folder, select RUN and type:% APPDATA% Then hit Enter.
Dangerous people should be careful! Below is a tutorial that I just found on BKAV to treat this virus.
First, you will need PChunter software. Link: https://forum.bkav.com.vn/forum/may-tinh/kinh-nghiem-thu-thuat/13603-update-64bit-cong-cu-ho- Trojan-virus-bang-antivirus-rootkit-virus-rootkit 13191-Update-64bit-Virus-bang-hand-virus-XueTr- Anti
Type 1: mediafire. com / ******* / img **. jip. exe or. pif
This type of feature, they will create fake svchosts.exe file in appdata directory (vista +7) or application data (XP).
Look at the tool, you can see the svchosts are printed in blue, it is the fake svchosts. So what now? Right-click it, select delete file after termination and then right-click again, select force kill as done.
Well, that's not finished yet. You press R to enter the run dialog box, type regedit and then enter. Access by path:
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run- Delete microsoft corp key (with virus path).
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Terminal Server \ Install \ Software \ Microsoft \ Windows \ CurrentV ersion \ Run
HKEY_USERS \ S-1-5-21-1292428093-436374069-854245398-1003 \ Software \ Microsoft \ Windows \ CurrentVersion \ Run
Type 2: k22. Rubber, file picture format + month + date + number (Example: April20Picture36-JPG)
This type is slightly different, it will create iqs.exe file at C: \ windows
virus microsoft impersonation should not print in color as in Figure, but not escape. Some cases are still blue.
Kill is similar to type 1, right-click iqs, select delete file after termination and then right click again, select force kill.
Also fix the registry again. You press R to enter the run dialog box, type regedit and then enter. Access by path:
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Terminal Server \ Install \ Software \ Microsoft \ Windows \ CurrentV ersion \ Run
HKEY_USERS \ S-1-5-21-1292428093-436374069-854245398-1003 \ Software \ Microsoft \ Windows \ CurrentVersion \ Run
Delete key microsoft firevall engine (path virus)
Path
HKEY_LOCAL_MACHINE \ SYSTEM \
CurrentControlSet \ Servic es \ SharedAccess \ Parameters \ FirewallPolicy \ Standard Profiles \ AuthorizedApplications \ List
Delete: C: \ windows \ iqs.exe
* Note: To open the appdata folder, select RUN and type:% APPDATA% Then hit Enter.
5 comments
Hello! thanks for sharing :D
Pleasure😂
thanks you
Dope!
Thanks.