Alert level: ★★★☆
Activation time: random
Virus type: worm virus
Transmission method: email
Operating environment: WINDOWS 9X/NT/2000/XP
Infection target: system files
Virus introduction:
On April 23, 2003, at a time when the SARS epidemic situation was far from optimistic, Rising's global anti-virus monitoring network was also the first in China to intercept the first case of a computer virus: "SARS (Worm.Coronex)." This virus is written in assembly language. When the virus runs, it copies itself to the windows directory and names itself: "corona.exe". When the virus runs for the first time, it modifies the IE homepage and displays a dialog box titled: "SARS virus", with the content: "corona virus". The virus sends out large numbers of infected emails through email addresses, causing severe occupation of system resources so that the system cannot work normally.
Discovery and removal of the virus:
Rising Anti-Virus Software 2003 edition or Rising Online Anti-Virus can completely remove this virus. For enterprises and institutions with a LAN, it is best to use the network edition for whole-network monitoring and whole-network virus removal. Rising Anti-Virus Software version 15.32.01 and above can remove this virus. Users are advised to upgrade promptly.
In addition, users can manually remove it according to this virus's characteristics
1. The virus copies itself to the windows directory and names itself: corona.exe. Users can directly delete this file.
2. The virus adds the virus auto-start item in the registry auto-start key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run: PC-Config32 = %WinDir%\corona.exe. Users can directly delete this registry item to prevent the virus from auto-starting.
3. When the virus runs for the first time, it changes IE's homepage to: http://www.who.int/csr/don/2003_04_19/en. Users can change the homepage back in IE settings. If the modification is unsuccessful, you can use Rising's registry repair tool to repair it.
4. When the virus runs for the first time, a dialog box titled: "SARS virus", with the content: "corona virus" will also appear. Click OK to exit. If this message appears, it proves the virus is already resident in memory. At this time, users need to use Rising Anti-Virus Software's memory removal function to clear it.
5. The virus sends out large quantities of email. The sender address, subject, body text, and attachment of the email will be one of the following:
sars@hotmail.com、SARS、Severe Acute Respiratory Syndrome、sars.exe
sars2@hotmail.com、I need your help、Severe Acute Respiratory Syndrome、
corona.execorona@hotmail.com、Virus Alert!、SARS Virus、virus.exe
virus@yahoo.com、Corona Virus、honk kong、hongkong.exe
deaths@china.com、bye、deaths virus、deaths.exe
virus@china.com、SARS、SEE Ya、sars2.exe
virus2@china.com、SARS Virus、SARS Corona Virus、cv.exe
If users receive such emails, delete them directly.
Activation time: random
Virus type: worm virus
Transmission method: email
Operating environment: WINDOWS 9X/NT/2000/XP
Infection target: system files
Virus introduction:
On April 23, 2003, at a time when the SARS epidemic situation was far from optimistic, Rising's global anti-virus monitoring network was also the first in China to intercept the first case of a computer virus: "SARS (Worm.Coronex)." This virus is written in assembly language. When the virus runs, it copies itself to the windows directory and names itself: "corona.exe". When the virus runs for the first time, it modifies the IE homepage and displays a dialog box titled: "SARS virus", with the content: "corona virus". The virus sends out large numbers of infected emails through email addresses, causing severe occupation of system resources so that the system cannot work normally.
Discovery and removal of the virus:
Rising Anti-Virus Software 2003 edition or Rising Online Anti-Virus can completely remove this virus. For enterprises and institutions with a LAN, it is best to use the network edition for whole-network monitoring and whole-network virus removal. Rising Anti-Virus Software version 15.32.01 and above can remove this virus. Users are advised to upgrade promptly.
In addition, users can manually remove it according to this virus's characteristics
1. The virus copies itself to the windows directory and names itself: corona.exe. Users can directly delete this file.
2. The virus adds the virus auto-start item in the registry auto-start key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run: PC-Config32 = %WinDir%\corona.exe. Users can directly delete this registry item to prevent the virus from auto-starting.
3. When the virus runs for the first time, it changes IE's homepage to: http://www.who.int/csr/don/2003_04_19/en. Users can change the homepage back in IE settings. If the modification is unsuccessful, you can use Rising's registry repair tool to repair it.
4. When the virus runs for the first time, a dialog box titled: "SARS virus", with the content: "corona virus" will also appear. Click OK to exit. If this message appears, it proves the virus is already resident in memory. At this time, users need to use Rising Anti-Virus Software's memory removal function to clear it.
5. The virus sends out large quantities of email. The sender address, subject, body text, and attachment of the email will be one of the following:
sars@hotmail.com、SARS、Severe Acute Respiratory Syndrome、sars.exe
sars2@hotmail.com、I need your help、Severe Acute Respiratory Syndrome、
corona.execorona@hotmail.com、Virus Alert!、SARS Virus、virus.exe
virus@yahoo.com、Corona Virus、honk kong、hongkong.exe
deaths@china.com、bye、deaths virus、deaths.exe
virus@china.com、SARS、SEE Ya、sars2.exe
virus2@china.com、SARS Virus、SARS Corona Virus、cv.exe
If users receive such emails, delete them directly.
C++C++C++C++C++C++C++C++C++C++C++C++C++C++C++
C++ ☆☆☆ 中国DOS联盟成员 ☆☆☆ C++
C++ ★★★ 爱提问的红色狂想 ★★★ C++
C++C++C++C++C++C++C++C++C++C++C++C++C++C++C++
C++ ☆☆☆ 中国DOS联盟成员 ☆☆☆ C++
C++ ★★★ 爱提问的红色狂想 ★★★ C++
C++C++C++C++C++C++C++C++C++C++C++C++C++C++C++
