Anti-virus and Trojan broadcast on March 13, October 4: "QQ grand theft" interferes with normal computer operation

Jiang Min's October 4 virus broadcast: Beware of "QQ thieves" modifying the Registry to interfere with normal computer operations

Jiang min reminds you today: In today's virus, Trojan/PSW. QQPass. rqn "QQ thief" variants rqn and Troj

An/Small. das "Small dot" variant das worth noting.

Virus name: Trojan/PSW. QQPass. rqn

Chinese name: "QQ thief" variant rqn

Virus length: 385536 bytes

Virus Type: Trojan

Hazard level:★★

Affected Platforms: Win 9X/ME/NT/2000/XP/2003

Trojan/PSW. QQPass. rqn the rqn variant is one of the newest members of the "QQ thief" Trojan family. It is written in Delphi and shelled. After running the rqn variant of "QQ thief", copy itself to the specified directory of the infected computer and set the file attributes to read-only, hidden, and archived. Modify the Registry to enable automatic startup of Trojans. In the background of the infected computer, you can use the system iebrowser to inject malicious code into its memory address space and perform the download operation to hide yourself and prevent it from being scanned and killed. ". Use QQ Software icons to disguise yourself and confuse users. Modify the Registration Table Association and run automatically with the startup of the local editor program named notepad.exe. Access a specified website in the background of an infected computer to increase the access volume of some websites. A large amount of system resources infected with computers are consumed to interfere with the normal operation of computer users. In addition, the rqn variant of "QQ thief" can also be upgraded by itself.

Virus name: Trojan/Small. das

Chinese name: "small dot" variant das

Virus length: 15472 bytes

Virus Type: Trojan

Hazard level:★

Affected Platforms: Win 9X/ME/NT/2000/XP/2003

Trojan/Small. das the "Little Dot" variant das is one of the latest members of the "Little Dot" Trojan family, which is written in VC ++ 6.0. After running the das variant, copy itself to the specified directory of the infected computer and set the file attributes to hidden and archived. Modify the Registry to enable automatic startup of Trojans. Download other malicious programs and execute them automatically in the background of the infected computer. The downloaded malicious programs may include online game account theft Trojans, backdoor gray pigeons, and multi-function trojan downloads, as a result, infected computers become botnets or users' confidential information are stolen by hackers. The disk image hijacking technology is used to create the disk image hijacking file "autorun. inf" and virus program files under all the drive letters of the infected computer, and spread them using mobile devices such as USB disks. In addition, the "small dot" variant das also uses network sharing for propagation.

According to rising global anti-virus monitoring network, there is a virus worth noting today: "The legendary Terminator variant YWG (Trojan. PSW. Win32.Lmir. ywg)" virus. It is a trojan virus that steals the password of a legend game. It forces the running of multiple anti-virus software. When a user runs a legend game, the virus records the user's keyboard input and sends it to a specific mailbox.

Popular Viruses today:

"Legendary Terminator variant YWG (Trojan. PSW. Win32.Lmir. ywg)" virus: vigilance★★★Trojans are transmitted over the network, depending on the system: WIN9X/NT/2000/XP.

The virus will forcibly terminate the processes of multiple antivirus software so that they cannot run normally. The virus frequently checks the windows of the "Legend" client. If the window exists, the current mouse position is obtained, the keyboard information is recorded, and the recorded information is finally sent to the specified mailbox, to steal users' game accounts and passwords.