This article is a mirror article of machine translation, please click here to jump to the original article.

Architect_Programmer_Code Agriculture Network»Architect Other Technologies Safe offense and defense Beware of the Wanke Cloud snap software virus Trojan!
View: 47939|Reply: 15

[Virus Analysis] Beware of the Wanke Cloud snap software virus Trojan!

[Copy link]
Posted on 12/4/2017 8:57:35 PM | | | |
Today, some people uploaded some Wanke Cloud snap-up software from the group, and in the afternoon, they found that some people's were discovered"Playing with guest coins" was stolen!!!!

Thousands of people have already been stolen from playing guest coins, please check your wallets quickly!!!!!



As shown in the figure above, the exe software is bundled with a virus, and after running the software, the program will release the virus to c:/system sll (automatically created hidden folder), as shown in the figure below:



As long as you click Run, you can't clean up and kill it with 360 website guards, computer butlers, Kingsoft drug tyrants, etc.! The Trojan is written by a .net program, and the following is the configuration file of the sll.exe virus, as shown in the figure below:





The domain name of the backdoor is: safe.hgzvip.net




Interim Solution:

1: Open Task Manager or open 360 Security Guard or QQ Computer Manager, and find a network connection in more tools
(Take 360 Security Guard as an example)


See if there are any sll.exe processes!!!!!! , if any, end the process first!!!!!!!!!!

2: In the PC Control Panel - Appearance and Personalization - File Explorer Options, Settings, Show Hidden Files, Folders and Drives



3: Click "My Computer" to find the System Sll folder under the C drive,Remember to compress the backup!! Be sure to compress the backup first, it will be regarded as retained evidence, and then,Try deleting or renaming the folder!!!!!



If there is a stolen guest coin, please reply to the post, report and call the police together to see if it can be dealt with!!!

1: As for the reason for the theft of the guest coin, it may be that the virus Trojan uploaded the wallet key first, and then recorded the keystroke log and uploaded it to the designated server!

2: Some people also say that it was the virus Trojan that stole the wallet key and then brute-force cracked the password.

3: The official document is replaced by the thief, and the password will be sent to the server of the account thief when the user transfers money!








Previous:Gain an in-depth understanding of Java's garbage collection mechanism
Next:A development tool essential for a good full-stack engineer

Related Posts
Posted on 12/5/2017 9:07:30 AM |
Horrible            
Posted on 12/6/2017 2:14:26 PM |
I wipe so hard, don't you still have a password? How to steal it?
Posted on 1/9/2018 9:49:17 PM |
Good person, I'll support you! Knowledge benefits the masses and condemns which pests harm people.
Posted on 12/4/2017 9:01:56 PM From the phone |
Good person, I'll support you! Knowledge benefits the masses and condemns which pests harm people.
Posted on 12/4/2017 9:37:45 PM |
The technical means are really clever
Posted on 12/4/2017 10:10:55 PM |
Support Administrators
Condemn the liars
Posted on 12/5/2017 2:49:31 PM |
Support LZ, good guys!
Posted on 12/6/2017 10:12:35 AM |
Support circles
Posted on 12/6/2017 2:16:17 PM |
I am afraid that the scammers are educated
Posted on 12/10/2017 11:34:01 AM |
Fortunately, I haven't bought an old hen yet
Disclaimer:
All software, programming materials or articles published by Code Farmer Network are only for learning and research purposes; The above content shall not be used for commercial or illegal purposes, otherwise, users shall bear all consequences. The information on this site comes from the Internet, and copyright disputes have nothing to do with this site. You must completely delete the above content from your computer within 24 hours of downloading. If you like the program, please support genuine software, purchase registration, and get better genuine services. If there is any infringement, please contact us by email.
Mail To:help@itsvse.com