Poison sleeve and net Silver thief variant

Jiangmin 9.19 Virus Broadcast

English Name: Hoax.Bravia.mu

Chinese name: "Poisonous sleeve" variant mu

Virus Length: 40960 bytes

Virus type: Prank virus

Hazard Level: ★

Impact Platform: Win 9x/me/nt/2000/xp/2003

MD5 Check: 0fe2f59cf79c3bcb79abf5e77beb7631

Feature Description:

Hoax.Bravia.mu "Poison Sleeve" variant mu is the "poisonous set" prank virus family in one of the newest members, the use of high-level language writing, and through the shell protection treatment. "Poison Sleeve" variant mu after running, will be infected in the system "%systemroot%\system32\" directory release after the shell protection of malicious program "Braviax.exe", in "%systemroot%\system32\dllcache\" The directory releases the malicious driver "Figaro.sys" and copies it to the "%systemroot%\system32\drivers\" directory and the "%systemroot%\system32\dllcache\" directory, replacing the system files "Beep.sys". It turns off system File Protection when replacing system files, thereby improving its concealment by not causing the system to eject the warning message. The "Poison Sleeve" variant MU uses the malicious driver to turn off the self-protection of the security software while terminating its process, causing the computer system to lose security software protection. Tamper with the registry, shutting down Automatic Updates, firewalls, security centers, and other services for infected computers. Connect hacker designated URL "http://pcredirok*t.com/?wmid=1019&d=1&it=2& amp;s=3", download a "PC security 2009" fake antivirus software. The software prompts the user that the computer has security issues such as Trojans, and that a phishing "Windows Security Center" prompts the user not to have virus protection software to trick the infected system users into buying the program. In addition, the "Poison sleeve" variant MU will be launched automatically by adding the key value "Braviax" in the registry startup entry of the infected system.

English Name: trojan/banker.banker.dd

Chinese name: "NET silver thief" variant DD

Virus Length: 40658 bytes

Virus type: Trojan Horse

Hazard Level: ★

Impact Platform: Win 9x/me/nt/2000/xp/2003

MD5 Check: 964428402852E0B760F0B9641A82B8DC

Feature Description:

Trojan/banker.banker.dd "NET Silver Thief" variant DD is one of the newest members of the "net Silver burglar" Trojan family, which is written in high-level language, and has been treated by shell protection. "NET Silver Thief" variant DD runs, will connect hacker specified server address, download encrypted profile "Http://www.chn*.cn/cpaad." MDB ", and according to its settings download" Cool Music Box "," PPS Olympic Video Version "" Candy Browser "" Broadcast PA player "," Easy browser 1166 Special Edition "," Uusee network TV 2008 "and so on application software. The software is then forced to install according to the profile, and the resulting desktop icon, the program information from the Start menu, the windows that hide the software, and the tray icon, are set to boot up, which blinds the user. In this way, hackers maliciously spread the software and seek illegal economic benefits from it.