Analysis and Prevention of "Blue Screen messenger 92215" virus

Still a trojan that steals users' virtual wealth

The network is big, and it is no surprise. This is not the last time we have met the inexplicable blue screen and crash of our computer. At first, I thought it was a normal system blue screen, but it didn't take long before the restart, and the problem was caused by a virus? When you step into the Internet, open the search engine and search for the blue screen keywords, you will find the result.
Win32.Troj. DelfT. zy.92215 virus anatomy

The hacker process starts automatically with the system and starts to connect to the network to download other types of virus Trojans, which can damage users' computers in depth.

In fact, this virus Trojan is mainly used by netizens to watch movies, on the most popular movie download pages, the website is often attacked by web vulnerabilities, cross-site attacks, background administrator cracking, database path interception, and other means, in the end, the effect of writing Trojans into the target is achieved, so that netizens can directly download the prepared trojan virus in the background during browsing or downloading. When the virus is carried in a video or film, the system automatically activates the virus and causes the user to directly display a blue screen.

After the virus is running, the system generates a temporary Trojan backup file System6.tmp and a trojan copy System36.jup in the % program files % Common FilesMicrosoft SharedMSINFO directory on the user's computer, the virus itself will survive a new System6.ins file and add it to the startup information pointed to in ShellExecuteHooks. After completing the release, the virus will still modify the registration table and paste itself into the self-starting project into the assumer.exe process to enable follow-up. When the user starts the computer, the virus Trojan can be automatically started.

Although the virus Trojan itself has little damage to the user's operating system, the computer in the middle will automatically run on the user's computer background and connect to the specified address in the network, such as: http: // j ** st. y ****** 7.com, and began to download various viruses and Trojans without the user's knowledge to infect the user's operating system, attackers can also steal users' game accounts, online banking passwords, stock market information, and personal privacy. The harm cannot be underestimated or prevented. Once infected with this trojan, it will cause unnecessary troubles to netizens.

The trojan itself does not damage the system, but it connects to http: // j ** st. y ****** 7.com, download a large number of viruses on the specified website. If your computer suddenly blue screen, it may be its "masterpiece ". Most of the Trojans it downloads have functions such as account theft and system damage. Therefore, if the virus enters the computer system, it will cause serious damage to the system and damage to users' virtual property.

Defense methods

In the face of powerful virus and Trojan attacks, how should users prevent them? In fact, the method is very simple, as long as you pay attention to the daily network in the form of a standard, to install a regular anti-virus software, when logging on to the website should pay attention to the anti-virus software and firewall, increase awareness, try not to open a strange website, do not accept emails from strangers easily. At the same time, check the URLs and various files sent on QQ before running them in time to prevent accidents. That is to say, when increasing their self-protection, netizens should pay close attention to the latest security trends and virus warnings on the Internet, so as to minimize security risks.

Editor's note: the virus program in ghost can be isolated.