Daily (9/10) virus warning

"Ad download server 36864" (Win32.Hack. agent.000064) is a pop-up window for reading the specified website and obtaining and downloading other malware on the client's computer.

Win32.PSWTroj. JHOnline.139264.

I. "ad download server 36864" (Win32.Hack. agent.000064) Threat Level:★

1. Obtain the volume serial number of "C: \" on the client computer, perform an algorithm with the string specified by the virus, and calculate A string. (8-bit file name)

2. The virus goes through the "A" rule to calculate "B" and add the suffix ".exe. (8-bit file name)

3. The virus uses string B to perform an algorithm, calculate the string C, and append the suffix. dll. (8-bit file name)

4. The virus file determines whether it has been injected into the winlogon.exe and assumer.exe processes.

5. A virus creates a random system service. The service name is the same as the algorithm of the virus file name, and the name length is 8 bits.

Ii. "hot-blooded hackers" (Win32.PSWTroj. JHOnline.139264) Threat Level:★

1. After the virus runs, the virus file is derived to the system directory. After the virus runs, the DLL is loaded into the process, and the user's game account and password are stolen by reading the memory.

According to rising global anti-virus monitoring network, a virus is worth noting today: "Trojan. PSW. Win32.Asktao. This virus is written for the online game Q & A. It will try to steal users' game accounts and passwords and send the information to the website specified by the hacker, causing losses to the players of the game.

Popular Viruses today:

"Ask the Trojan horse (Trojan. PSW. Win32.Asktao)" virus: vigilance★★★, Trojan virus, which is spread by downloading malicious webpages and other Trojans, depending on the system: Windows 9x/NT/2000/XP/2003/Vista.

After the virus runs, copy it to the Windows directory named "ravasktao.exe" and generate the file named "Ravasktao. dll" in the system file directory. It will try to shut down various anti-virus software such as rising, Jiangmin, and Kaspersky. The virus automatically monitors users' computers in the background. When a user runs the Q & A game, it automatically injects itself into the main program of Q & A to record users' keyboard operations, the recorded information is sent to the website specified by the hacker to steal the account and password of the game player and cause losses to the player.