Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > the virus to be related > Content
Hot Articles
Worm.Win32.AutoRun.eee a
Trojan-Downloader.Win32.
TalkTalk selects F-Secur
The machine dog presents
The resistance kills the
Trojan-PSW.Win32.OnLineG
Trojan-Downloader.Win32.
How does the Trojan Hors
Copperfasten Mail Firewa
EH20 compact escape hood
DeviceWall 5.0 extends U
Everybody may kill the p
Careful ¡°hard disk devi
Trojan-GameThief.Win32.O
Trojan-PSW.Win32.QQPass.
Recommend Articles
Trojan-PSW.Win32.QQPass.
The machine dog presents
Everybody may kill the p
Trojan-Dropper.Win32.Sma
How does the Trojan Hors
The resistance kills the
Careful ¡°hard disk devi
Trojan-PSW.Win32.OnLineG
Jinshan virus early warn
Under Professor differen
Trojan-Downloader.Win32.
08 year the first half o
Win32.Troj.OnlineGamesT.
Worm.Win32.AutoRun.eee a
07.13 viral early warnin
New Articles
EXC ears solo work safet
Comodo Internet Security
Sality polymorphic virus
Sicherheitsma?measures s
Speedy Hire used ScanSaf
The Tri-Air Developments
Gro?Britain and France a
Law enforcement is catch
The game is a very attra
Most of the new threats
Sality polymorphic virus
X6 VirusBarrier antiviru
Device Control protects
Workers anf?lliger for p
Cyber criminals use vuln
07.13 viral early warnings: ¡°dead pig downloading¡± fail-safe software, downloading massive wooden
  Add date: 07/15/2008   Publishing date: 07/15/2008   Hits: 70
Total 2 pages, Current page:1, Jump to page:
 
“dead pig downloading 147456” (Win32.Troj.EncodeXor.a.147456), this is a downloading procedure. It adopts the method which the double advancement simultaneously moves to realize protects oneself, and will destroy the massive security software's normal operation. Afterward in backstage downloading massive other wooden horse procedure.
¡¡¡¡“wooden horse resistance module 4224” (Win32.Hack.Rootkit.4224), this is a viral actuation document. It is one of some wooden horse's composition modules. It will restore system's SSDT table, will let have the active defense function to kill the poisonous software expiration.
¡¡¡¡First, “dead pig downloading 147456” (Win32.Troj.EncodeXor.a.147456)   Threat rank: ¡ï¡ï
¡¡¡¡This virus is the wooden horse downloading procedure, its principle is not complex, but the aggressivity is strong. Because it after entering the computer, the reflection will kidnap the nearly all present mainstream security software crazily, will cause the computer to lose the defense capability completely.
¡¡¡¡After this poison enters the computer, table of contents releases viral document SiZhu.exe in %WINDOWS% \ system32 under the \ (Chinese sound with “dead pig”, this filename some are inelegant, but may also see viral author's goal, is kills user's security software), simultaneously, it disseminates this document's transcription with a AutoRun.inf document the complete disk partition under the root directory. Does this, can help it to infect the user to insert to toxicant on computer's migration storage devices and so on U plate, realizes the large-scale infection.
¡¡¡¡Then, it revises the registry start item, is realized oneself starting self-starting, and adopts simultaneously moves many advancement ways, the avoidance user manual looks up kills.
¡¡¡¡Then, it establishes the reflection to kidnap, to attempt to let the Jinshan poisonous tyrant, mainstreams and so on Caba Siji, auspicious star, NOD32, Symantec, wheat coffee kill the poisonous software, as well as Jinshan cleans up the expert, 360 security bodyguards and so on safe auxiliary software paralysis.
¡¡¡¡If succeeded destroyed the security software, the virus will connect long-distance address http:/ /whh.9 ** 6.org which assigned, downloaded a viral tabulation, again according to tabulation in address downloading massive wooden horse procedure. It downloads in the wooden horse procedure, majority is the net tours, the net silver to rob the number wooden horse, possibly to user's hypothesized property, the bank deposit, the commercial secret and so on will pose the threat inestimably.
¡¡¡¡Reported about this virus's multianalysis that may consult http://vi.duba.net/virus/win32-troj-encodexor-147456-50800.html in the Jinshan virus big hundred branches
¡¡¡¡Second, “wooden horse resistance module 4224” (Win32.Hack.Rootkit.4224)   Threat rank: *
¡¡¡¡Although this virus may move independently, but it is unable alone to bring the profit for the viral author, poisonous tyrant counter-virus engineer thought that it belongs to some wooden horse document constituent, the goal is relieves some to kill the poisonous software the active defense function, is advantageous for wooden horse's next step the motion.

 
Other pages: : 1 * 2 * Next>>
Prev:Worm.Win32.AutoRun.eee analysis Next:The auspicious star company on July 16 issued that the daily computer virus and the wooden horse dis

Comment:

Category: Home > the virus to be related
Home