On July 8, the Jinshan poisonous tyrant whole world counter-virus monitor center issue week (7.7-7.13) virus early warning, in new net silver robs the number virus “the net silver hacker to rob the number this week 61440” the threaten seriously network silver user's account safety.
ĦĦĦĦThe security expert indicated that “the net silver hacker robs the number 61440” is an hacker robs the number procedure, robs the number wooden horse with the former net silver to be different, this virus has spent a time in the resistance security software aspect, after the movement, will replace system tabletop document explore.exe and the beep.sys document, after the replace, the user learned that the system unusual opportunity will be reduced, thus lets the virus be able to avoid looks up kills.
ĦĦĦĦThe security expert analyzes pointed out that after the virus enters the system, may release four viral documents, respectively is
ĦĦĦĦunder %WINDOWS% \ system32 \ table of contents explore.exe
ĦĦĦĦunder %Windows% table of contents ponto.DLL
ĦĦĦĦunder %Windows% table of contents 1.exe
ĦĦĦĦunder %WINDOWS% \ system32 \ drivers \ table of contents beep.sys
ĦĦĦĦThen the revision registry, advances master file 1.exe the start item, realizes starting self-starting. The similar bank account number which and the password data under and records the user accesses the net through the IE browser when to input, then the connection virus author assigns address http://www.silvana****.kit.net, will record the data transmits, causes the user net silver account number loss.
ĦĦĦĦIn recent years, under economic interest's actuation, the net silver robbed the number wooden horse quantity growth to be swift and violent. Along with kills the poisonous software as well as the bank in wooden horse Zha Sha as well as the counter-robber number technology aspect enhancement, the manufacturer who the net silver robs the number virus unceasingly is also seeking “the innovation “, “robs the number take the net silver hacker 61440” as representative, some have the resistance to kill the poisonous software function the robber number procedure to emerge unceasingly, has brought the new threat safely for the broad clathria silver user's fund.
ĦĦĦĦIt is known that in the general computer user besides needs to be vigilant “the net silver hacker this week to rob the number 61440” (Win32.Hack.Agent.61440), but also needs specially vigilant “the return to original state card destroyer 73728” (Win32.TrojDownloader.Agent.73728) and “hijacker downloading 397312” (win32. Troj.WeHit.397312) two big virus. The former is a wooden horse download procedure. After this viral movement, will revise the system file, to open the local port agreement port linked network, then the downloading virus, and will penetrate the return to original state card which on the computer will install, the movement virus, to Internet bar and so on place the computers will destroy enormously; The latter is a wooden horse downloading procedure similarly. After the movement, will destroy some to kill the poisonous software common the normal operation, then to will assign the address to download other wooden horses and so on. It will also revise the IE browser's default page, will cause the user when will start IE, will be guided the website which will assign to the viral author.
|
You are here: hacking technology
> the virus to be related
> Content
Category: Home
> the virus to be related