[Note] the software blacklist virus specifically deletes programs in the default installation path.

[Editor's note: Nowadays, many computer users are used to installing software in the default system directory, which is convenient. It is "convenient" to facilitate viruses and Trojans. It takes a few seconds to change the installation directory of the application. This not only improves computer usage habits, but also avoids further losses .]

Yesterday, the reporter received a report from shareholders Mr. Li. "Today, when I turned on my computer to prepare for stock exchanges, I suddenly found that the stock trading software commonly used in my computer was missing, but I had to download a new software, an hour was wasted before and after the result, and the best transaction time was missed, resulting in a loss of tens of thousands of yuan." Mr. Li suspected that his computer had been damaged by viruses.

Therefore, the reporter immediately consulted Kingsoft anti-virus expert Dai Guangjian. Experts said that up to now, Kingsoft drug customer service center has received dozens of similar users for help. The situation is very similar to Mr. Li, and some applications have been inexplicably deleted and cannot be used normally. It was preliminarily concluded that it may be a software Black Hand (Win32.Troj. haradong. this virus can Delete and replace a large number of files on the user's computer without the user's permission, causing losses to the user.

The software Black Hand is not specifically targeted at stock trading software. According to Dai Guangjian, after the virus runs, all Files on the user's computer will be enumerated starting from the C: \ Program Files directory, and all Files under the Program File level-1 directory will be deleted; the virus also enumerates all directories except the C: \ Program Files directory, tries to replace the enumerated Files with an image, and changes the file extension to bmp, the virus will display an image when deleting a file, asking the user to wait to confuse the user.

Experts remind users that most users prefer the default installation path C: \ ProgramFiles when installing software, and the virus uses this rule: \ Program Files are deleted and damaged. If some common software, such as 0 FFICE, QQ, and MSN, is installed in this directory, may be deleted.