According to the December 9 AVG China Laboratory published the latest weekly data show: In the past week, a ". URL "extension virus bull, the direct threat to the vast number of game players account password security."
The virus uses the Windows Picture file Tile attribute icon, and steals other program's digital signature, confuses the user, deceives the user clicks to run.
After the virus is executed, the folder named%program files% is created under the Program Files folder, and the following files are released.
1. Cest.bat is used to start the virus program 1026.
2. Dest.bat is used to create a service that is automatically run with the computer starting up.
3.1024 and 1026 are the same file, which is actually a dynamic library file, because the virus will change its extension to ". URL, so its icon and Web page shortcuts are the same. And by default, the system hides this extension, even if the "Hide extensions for known file types" in the folder option is turned off, and the extension cannot be displayed. It is easy to make users think that the file is a Web page shortcut and there is no threat.
4. Laass.exe is an executable file that loads a dynamic library file with a name of 1026.
Virus execution, will detect and end a variety of kill soft process, so that the user machine into a puppet machine, so as to achieve the purpose of stealing network game accounts and passwords. According to AVG China Laboratory data show, currently has a lot of players d*f, the world * and other popular online games, have become the object of attack.
AVG Antivirus 2012 permanent free Chinese version can effectively detect and prevent this type of virus, if the user is not careful poisoning, you can take the following steps.
1. End the process named Laass.exe in Task Manager;
2. Delete the service item named Winaudio;
3. Delete the "program Files%program files%" folder and all files under that folder;
4. Restart the computer to completely remove the virus;
To avoid easy poisoning, AVG recommends a broad range of users:
1. When viewing picture files, please make sure that the extension name is JPG, BMP, and so on, and then double-click to view;
2. Even if its extension name is JPG, BMP, but for unknown files virus scanning is also necessary.