  ghost.Detailed introduction of exe external hard drive virus

  Run ghost.Generate after exe

  ghost.exe.bat (delete itself)


  C:\Program Files\WinRAR\WinRAR.exe.tmp

   Release under each drive letter (cdefghjk)

  autorun.inf file content



  Connect to download

  Service file update = 5

  Service file address=

  Does the downloader update=4

  Number of downloads=7

  Update 2=6 external hard drive Home

  These URLs are all downloaded viruses and have not been written into the registry, but I used the disassembly to see that this thing should have modified the registry of Xunlei QQ WINRAR.

  Handling method (not including downloaded virus)

  Right click => open and enter each drive letter => delete


  It is recommended to reinstall QQ Xunlei WINRAR

  Finally I found a thing

MOV EDX,123.B4 Hello Rising, I like you~

  Can the author have a crush on Rising.

  ghost.Detailed introduction of exe external hard drive virus: