Grid virus occurs regularly, and enterprise users do not need to panic (attached to kill download)

Grid virus (incaseformat) broke out today. After the computer was attacked, all files except the system C drive were deleted. Qi’anxin CERT judged that the virus is an old virus many years ago, and it is not spread on the Internet. Qi’an Xintianqing can support the killing and prevention of this virus. Users who have installed Tianqing will not be affected and do not need to panic.

The Qi Anxin security team found that the Grid virus spreads through U disk and other mobile storage media, and has the ability to delete files regularly. The “incaseformat.txt” text document is created in the root directory of the disk.

Qi Anxin security experts said that there are four facts that need to be paid attention to about the outbreak of the Grid virus:

1. Today is a “virus attack event”, not a “virus spread event”. This virus is like a “time bomb”, if it lurks in the machine, it will strike today.

2. The virus has no network spread, so there is no need to panic. It is an old virus spread through U disk and file sharing. It first appeared a few years ago, and generally computers without anti-virus software will be attacked.

3. Because the virus occurs regularly, if the computer is not turned on today, it is recommended to turn on the antivirus again tomorrow.

4. For the computer that has been recruited, put the special killer on the U disk and start it. After the antivirus is completed, you can ask a professional company to restore the data.

 Virus related information

【Malicious program family】



#incaseformat.txt, #tsay.exe, #ttry.exe

【Family Details】

Virus Type: Worm

Transmission method: U disk hides the normal folder and replaces it with the sample parent of the same name

Behavioral characteristics:

1. Copy the copy to C:windowstsay.exe, C:windowsttry.exe after running

2. Create registry startup items

3. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunOncemsfsa C:windowstsay.exe

4. After restarting, run the parent file in the startup item, delete all files on the drive letter other than the system disk, and release the file incaseformat.txt with a size of 0kb.

 Security Advice

1. Improve employees’ safety awareness, use anti-virus software to scan for viruses before using the USB flash drive; you can also prohibit unknown mobile storage devices from entering the intranet through the control function.

2. Improve the coverage of anti-virus software on the intranet, ensure that anti-virus software is installed on major terminals and servers, and regularly update the virus database to the latest.

3. For accidentally infected terminals, use Qi’an Xintianqing to conduct a comprehensive inspection and killing. Before killing, confirm whether the trust zone is an unknown file, and then perform a full scan after clearing the trust zone.

Users who have not installed Qi’an Xintianqing can use Qi’anxin’s “incaseformat” killing tool to scan the system and remove the virus. After cleaning the virus, try to use a professional data recovery tool or find a third-party data recovery company for data recovery.

The download address of the killing tool:

Author: Yoyokuo