Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > the virus to be related > Content
Hot Articles
Worm.Win32.AutoRun.eee a
Trojan-Downloader.Win32.
TalkTalk selects F-Secur
The machine dog presents
The resistance kills the
Trojan-PSW.Win32.OnLineG
Trojan-Downloader.Win32.
How does the Trojan Hors
Copperfasten Mail Firewa
EH20 compact escape hood
DeviceWall 5.0 extends U
Everybody may kill the p
Careful ¡°hard disk devi
Trojan-GameThief.Win32.O
Trojan-PSW.Win32.QQPass.
Recommend Articles
Trojan-PSW.Win32.QQPass.
The machine dog presents
Everybody may kill the p
Trojan-Dropper.Win32.Sma
How does the Trojan Hors
The resistance kills the
Careful ¡°hard disk devi
Trojan-PSW.Win32.OnLineG
Jinshan virus early warn
Under Professor differen
Trojan-Downloader.Win32.
08 year the first half o
Win32.Troj.OnlineGamesT.
Worm.Win32.AutoRun.eee a
07.13 viral early warnin
New Articles
EXC ears solo work safet
Comodo Internet Security
Sality polymorphic virus
Sicherheitsma?measures s
Speedy Hire used ScanSaf
The Tri-Air Developments
Gro?Britain and France a
Law enforcement is catch
The game is a very attra
Most of the new threats
Sality polymorphic virus
X6 VirusBarrier antiviru
Device Control protects
Workers anf?lliger for p
Cyber criminals use vuln
Chinese military telegram brain illness disseminates news poisonously: The advertisement springs the
  Add date: 08/22/2008   Publishing date: 08/22/2008   Hits: 4
Total 3 pages, Current page:1, Jump to page:
 
The Chinese armed forces information reminds you: Recently presented several kind of new computer viruses, the harm web cam, was worth everybody taking seriously, Hua Jun summarized the newest virus which several viral softwares issued to disseminate news, hoped that everybody strengthened the guard, the safety-conscious:

¡¡¡¡Jinshan:

¡¡¡¡First, “the advertisement springs 302080” (Win32.Troj.Agent.ie.302080) to threaten the rank: ¡ï¡ï

¡¡¡¡This advertisement wooden horse has kidnaps the function. After it releases the document, immediately traversal the RUN key value (is also registry automatic start item) under all items, and will kidnap by its name establishment reflection. Thus, so long as the user start computer, the virus can move automatically. If kills the poisonous software to be weak to the registry monitoring ability, they also have the possibility to kidnap, become the paralysis.

¡¡¡¡When kidnaps successfully, the viral connection assigns the long-distance address, downloads own updating file, according to updating file's in instruction, springs the website page which the viral author assigns, the force user browsing, brushes the current capacity for these websites.

¡¡¡¡The poisonous tyrant may automatic Zha Shagai be poisonous, has installed the poisonous tyrant's computer user to be possible not to need to worry. Is familiar with manual kills document BO1011.exe which the poisonous user please note it to release, as well as it grows document msns*.dll (* represents a stochastic production digit), fanti.sys and regti.sys. They are hidden under %WINDOWS% tables of contents. Moreover, fanti.sys and regti.sys will also have the transcription to duplicate to %WINDOWS% \ system32 \ drivers in the \ table of contents.

¡¡¡¡Reported about this virus's multianalysis that may consult http://vi.duba.net/virus/win32-troj-agent-ie-302080-50829.html in the Jinshan virus big hundred branches

¡¡¡¡Second, “the adulteration kills soft downloading 106156” (Win32.Troj.GuiseAV.rs.106156) to threaten the rank: ¡ï¡ï

¡¡¡¡This wooden horse downloading has the cheating suspicion. After it enters the user computer, will tamper with the user the screen protection, will collapse the picture with the viral bringing screen saver analogous system, frightens so-called which the user downloading virus author will assign “to kill the poisonous software”.

¡¡¡¡After the virus enters the system, releases ph first [stochastic character] .bmp, lph [stochastic character] .exe, with blph [stochastic character] .scr to %WINDOWS% \ system32 under \ table of contents. Then own data writing system registry, realizes starting self-starting.

¡¡¡¡At the same time, the virus revised the data which the system screen protects, brings the screen saver arrangement it to give the system. The virus cheats depends entirely on this screen to guarantee the procedure. It seems collapses with the system, the blue screen to halt the time picture to be entirely alike, but will be many a window, the request user will download one so-called to kill the poisonous software to solve this collapse event.

 
Other pages: : 1 * 2 * 3 * Next>>
Prev:Black and white network on July 25 viral early warning Next:Jinshan daily virus early warning: The cheating suspicion kills soft downloading

Comment:

Category: Home > the virus to be related
Home