Alert MSN Sexy chicken spread virus

Jiangmin 8th virus Broadcast

Jiangmin today to remind you: I-worm/msn in today's virus. DROPBOT.D "MSN Sexy Chicken" Variant D and Trojan/agent.brth "proxy Trojan" variant Brth noteworthy.

English name: I-worm/msn. Dropbot.d

Chinese name: "MSN Sexy Chicken" Variant D

Virus Length: 32768 bytes

Virus type: Network worm

Hazard Level: ★★★

Impact Platform: Win 9x/me/nt/2000/xp/2003

I-worm/msn. DROPBOT.D "MSN Sexy Chicken" Variant D is one of the newest members of the "MSN Sexy Chicken" Network worm family, written by Microsoft Visual C + + 6.0. "MSN Sexy Chicken" Variant D runs, replicates itself to the "%systemroot%\" directory of the infected computer system, renames "Kysvr.exe", and sets the file properties to read-only, system, and hide. "MSN Sexy Chicken" Variant D can be spread through mobile storage devices and MSN. A mobile storage device that is connected to a background monitoring system that creates a folder with read-only, system, hidden properties in the root directory when it is found to be connected to a new mobile storage device. recycler\ s-1-6-21-2434476501-1644491937-600003330-1213, set the folder icon to the Recycle Bin icon, copy it to it and rename it to "Autorunme.exe". At the same time, the automatic running configuration file "Autorun.inf" is also created under the root directory of the mobile storage device to achieve the purpose of using the system AutoPlay function to propagate. "MSN Sexy Chicken" Variant d is a network worm that destroys activity by receiving IRC server instructions. Listen for hacker instructions, launch DDoS attacks on designated IP addresses, send poison zip packets to the MSN contacts of infected computer users, and download other malicious programs. Among them, the download of malicious programs may be stolen number of Trojans, backdoor procedures, remote control Trojans, to be infected with computer users to create a greater degree of loss and varying degrees of threat. In addition, "MSN Sexy Chicken" Variant D will be in the infected computer registry startup key to add the value of the way to achieve the network worm boot automatically.

English Name: Trojan/agent.brth

Chinese name: "Agent Trojan" variant Brth

Virus Length: 45778 bytes

Virus type: Trojan Horse

Danger level: ★

Impact Platform: Win 9x/me/nt/2000/xp/2003

Trojan/agent.brth "Agent Trojan" variant Brth is "proxy Trojan" family in one of the newest members, the use of "Borland Delphi 6.0-7.0" prepared. "Agent Trojan" variant Brth run, will be copied to the infected computer system "%systemroot%\system32\" directory, covering the system program "Verclsid.exe", at the same time, in the "%userprofile%\local Settings\temp\ directory to release a malicious DLL feature component and set its properties to system, hide. "Agent Trojan" variant Brth after running, will be through batch file to delete itself, thereby eliminating traces, improve their survival chances. "Agent Trojan" variant Brth release of the DLL function component is a special steal "legendary" network game member account Trojan Horse program, will be infected with the computer background monitoring system is running process. Once some of the specified processes are found, will be through the message hook, memory interception and other technology to steal the game account, game password, location, role level, money quantity, warehouse password and other information, and in the background will be stolen to the player confidential information sent to the hacker designated site, Causes the game player's account information and so on loses, has caused the different degree property loss. In addition, "Agent Trojan" variant Brth will modify the system registry, in order to achieve after the boot from the boot.

For the above virus, Jiangmin Antivirus Center recommends a broad range of computer users:

1, please immediately upgrade Jiangmin antivirus software, open a new generation of intelligent graded high-speed anti-virus engine and monitoring, to prevent the current prevalence of viruses, trojans, unwanted programs or code to attack user computers.

2, Jiangmin KV Network version of users, please upgrade the control center in time, and suggest relevant management personnel in due course to carry out the whole network to check the virus, to ensure enterprise information security.

3, Jiangmin anti-virus software to enhance the virtual machine shelling technology, can be a variety of mainstream shell and difficult "flower command shell", "uncommon shell" virus for shelling, effective removal of "shell virus."

4, open jiangmin anti-virus software system monitoring function, the function can be used to download malicious programs virus, forcibly tamper with the system time, injection process and other malicious programs such as the monitoring and automatic intervention, processing, effectively curb the unknown virus to the system caused by interference and damage, Increased the ability of the computer to prevent the unknown virus to a greater extent.

5, Jiangmin Antivirus software has a strong self defense system, can effectively prevent the "drive-level virus" shutdown and destruction of anti-virus software, to ensure that all the functions of anti-virus software fully play for the protection of the system and data security laid a solid foundation.

6, the River Civil Defense horse Wall, can be the first time to find and prevent Trojan virus with malicious Web pages, can automatically collect malicious Web site and Add feature library, prevent the spread of the Web Trojan, effectively protect the user's Internet security.

7, fully open the Bootscan function, in the system before the start of antivirus, clear self-protection and anti-attack anti-virus software malicious virus.

8, disables the system the automatic playback function, prevents the virus to infect the computer through the U disk, the mobile hard disk, the MP3 and so on mobile storage device.

9, suspected to have been poisoned users can use Jiangmin free online search virus for viruses to verify. Free online virus search address: http://online.jiangmin.com/chadu.asp

For more detailed virus technical information, please call Jiangmin Company's Technical Service hotline 800-810-2300 and 010-82511177 for consultation, or visit jiangmin website http://www.jiangmin.com for online inspection.