Jinshan Poison PA: dos Virus Resurrection through easy breakthrough mainstream anti-virus software

At present, the mainstream computers are using 64-bit CPU, the operating system gradually from 32 to 64, most of the new factory PC installed 64-bit Windows 7. When people think that 16-bit programs (mostly DOS programs) will disappear, the virus breaks the peace. October 25, Jinshan poison PA Safety Center monitoring found a 16-bit DOS virus resurrection, easy to cross the mainstream anti-virus software defense.

The program, named DOS.STARTPAGE.FK, infects more than 20,000 computers a day, tampering with browser icons, locking the homepage as a 42630.com Web site navigation station, and spreading the virus mainly through websites that offer pirated movies and TV dramas.

Figure 1 Virus Modification Browser home page, create desktop IE icon

At present, the mainstream operating system and application software is more than 32-bit program (64-bit applications are gradually popular, not mainstream), 16-bit DOS program is very rare, Jinshan poison PA Security Center therefore named the virus "cross."

Fig. 2 Golden Hill poison PA killing cross dos virus

The programming tool used by virus authors is also eliminated by Quick basic, where the virus authors encapsulate 32-bit execution programs in 16-bit DOS program shells, making the mainstream antivirus defense system completely undetectable. Antivirus manufacturers generally believe that the DOS virus has disappeared, the existing defense system, mostly for 32-bit program design.

Virus to evade killing, after 16-bit shell program, will delete itself, increase anti-virus software tracking sample source difficulty. The result is the Netizen: users will find that the browser home page is always modified, with anti-virus software repair can only be effective in the short term, when downloading pirated TV dramas, will again in the Recruit.

Jinshan Poison PA Safety experts point out that because the virus breakthrough anti-virus software method is unique, in the short term is likely to have more viruses to try to travel to the DOS era. In response to this special 16-person virus, Jinshan poison PA modified the existing defense system, can completely intercept the cross virus. When users download a virus from a poisoned web page, they will also stop it immediately.