Daily (9/9) virus warning qqhuaxia account theft Trojan steals QQ Password

"Hacker aq" (Win32.Troj. onlineGame. aq.49152) This is a trojan program that steals "QQ", "QQGAME", and "westward journey 2" from customers' computers, this trojan finds the anti-virus software window by searching the window and sends a closed message to it to prevent the customer from detecting the virus.

"126 email theft" (Win32.PSWTroj. small. cy.86259) This is a trojan that steals customers' 126 email addresses. After stealing information, the trojan will also download and run the trojan program from the specified Trojan URL on the client's computer.

1. Threat Level: "aq of the hacker" (Win32.Troj. OnlineGame. aq.49152:★

1. The virus is automatically deleted. Create a thread, enumerate the processes on the client computer, obtain the process ID of RavMon.exe, and then compare the process IDs obtained by the rising window class.

If they are the same, the virus sends a close message to the window.

2. Send a close message to the warning window through Kaspersky's automatic defense.

3. The virus will steal the account information of "QQ", "QQGAME", and "webgame" westward journey 2 "on the customer's computer and send it to the specified receiving URL.

Hxxp: // www. mir7.cc/dahuaboss99/lin. asp? Id = xx & p = xx & q = xx & lck = xx & srv = xx & js1 = xx & id1 = xx & dj1 = xx & pc = xx

Ii. "126 email account theft" (Win32.PSWTroj. Small. cy.86259) Threat Level:★

1. Added files:

% ProgramFiles % \ Common Files \ Microsoft Shared \ MSInfo \ System16.ins

% ProgramFiles % \ Common Files \ Microsoft Shared \ MSInfo \ System16.jup

% ProgramFiles % \ Common Files \ Microsoft Shared \ MSInfo \ System16.tmp

2. Find the window class "ListBox" and "b187145" on the client's computer.

For example, you can find the following window class name and window Name:

ListBox-b187145

ListBox-bg87x8e

Then go to the specified Trojan download URL:

Hxxp: // www.1 * 1 **. com/d ** n/* s.exe

Hxxp: // www.1 * 1 **. com/d ** n/* h.exe

According to rising global anti-virus monitoring network, there is a virus worth noting today: "qqhuaxia account theft Trojan (Trojan. PSW. Win32.QQHX)" virus. This virus is written for the online game "qqhuaxia". It will attempt to steal users' game accounts and passwords and send the information to the hacker's designated mailbox, causing losses to the players of the game.

Popular Viruses today:

"Qqhuaxia account theft Trojan (Trojan. PSW. Win32.QQHX)" virus: degree of vigilance★★★, Trojan virus, which is spread by downloading malicious webpages and other Trojans, depending on the system: Windows 9x/NT/2000/XP/2003/Vista.

The virus is written in Delphi and the UPack is shelled. The qhbpri. dll file is generated in the system directory (C: \ Windows \ system32 by default. The virus modifies the Registry Startup project to automatically run as the system starts. The virus automatically monitors users' computers. When a user opens the "qqhuaxia" game, it is automatically injected into the game process and serves to steal users' accounts and passwords, the information is sent to the hacker's designated mailbox, causing losses to players in the "qqhuaxia" game.

Jiang Min's September 8 virus broadcast: The latest variant of "nilag" secretly monitors users' keyboard operations and steals users' private information

Jiang min reminds you today that among the viruses today, Trojan/PSW. Nilage. bcb "nilag" variants bcb and TrojanSpy. Delf. aji "TrojanSpy. Delf" variants aji deserve attention.

Virus name: Trojan/PSW. Nilage. bcb

Chinese name: "nilag" variant bcb

Virus length: 53760 bytes

Virus Type: Trojan

Hazard level:★★

Affected Platforms: Win 9X/ME/NT/2000/XP/2003

Trojan/PSW. Nilage. bcb "nilagge" variant bcb is one of the latest members of the "nilagge" Trojan family, which is written in Delphi 6.0-7.0. After the "nilag" variant bcb runs, it copies itself to the system directory of the infected computer and renames it. Modify the Registry to enable automatic startup of Trojans. Create a keyboard and mouse hook in the background of the infected computer to secretly monitor the window opened by the user. The title of the window is "Lineage Windows Client" (heaven login window) the system records users' keyboard operations, steals players' accounts, passwords, and other information, and sends the information to the email address specified by the hacker.

Virus name: TrojanSpy. Delf. aji

Chinese name: "TrojanSpy. Delf" variant aji

Virus length: 16421 bytes

Virus Type: spyware Trojans

Hazard level:★

Affected Platforms: Win 9X/ME/NT/2000/XP/2003

TrojanSpy. Delf. aji the "TrojanSpy. Delf" variant aji is one of the latest members of the "TrojanSpy. Delf" Trojan family and is written in Delphi 6.0-7.0. After the aji variant of "TrojanSpy. Delf" runs, modify the Registry to enable automatic startup of Trojans. Monitor the title of a window opened by a gamer in the background of an infected computer, and steal information about players such as the game account and password of online game tianlong Babu, the stolen gamer information is sent to the specified site of the hacker, causing losses to the player.