Analysis and detection of online game viruses of jianxia

Dance the sword with wine, and boast the swordsman. Laugh at the rivers and lakes to see how many people can attack me. Can I laugh at the world without a sword? The online gaming virus is like the broken-box grass of the swordsman, killing one beautiful chivalrous dream after another.
Virus: jianxia Virus
For games: jianxia online edition and jianxia world
Virus hazard: stealing game accounts and Virtual Equipment

Jianxia virus Principle

After running the jianxia virus, the main file and underlying driver file of the virus will be released in the system directory, and then the Registry ShellExecuteHooks and some self-starting projects will be modified to achieve self-starting at startup (figure 1 ). After a virus is connected, a batch of processing is established to automatically delete the virus and overwrite the normal input method ctfmon.exe to disable or damage the security tool.

After the preceding operations are completed, the virus inserts the stolen DLL into multiple processes and continuously searches for the swordsman game window, when players log on to the game, they steal private information such as the password of their swordsman account and repository password and send it to a remote space.

Kill the swordsman Virus

The English name of the jianxia virus contains the words JX (jianxia. What should we do if the swordsman virus enters the computer accidentally? The following describes general solutions.

Step 1: If the anti-virus software can still be used, restart the computer to go to the safe mode for anti-virus. If you are lucky, you can quickly kill the virus. If you are not lucky, what if anti-virus software finds a virus but cannot kill it? See step 2. If anti-virus software can not be used normally, you can log on to the online virus detection system http://shadu.baidu.com/freetools/index.jsp (Figure 2), online search for what virus files are.

Step 2: Use the virus checking system to find a virus file (for example, jxym.dll%beep.sys%ctfmon.exe). Then run the process management tool "ice blade" and click "Download" to view the module information of all processes and find jxym. click "Force release" after dll (Figure 3 ).

Step 3: Upload the program to the system32 and dllcache directories.

Step 4: Clear the Temporary Folder and IE Temporary Folder, Run "SREng", click "Download", and click "system repair> advanced repair> Automatic Repair ". Restart the computer, press F8 to enter the safe mode with network connection, Upgrade anti-virus software to the latest virus database, and then completely eliminate virus residues.

Appendix: methods to prevent online gaming viruses

First, use a security auxiliary tool with the Web Trojan Interception Function.
Second, keep the antivirus software updated daily.
Third, use account protection tools to log on to the game.
Fourth, change the password of the game regularly.
Fifth, visit websites on weekdays, especially pornographic websites. pornographic websites are the "base camp" for viruses ".