Stolen Wood Mamagna

Jiangmin September 18 Virus broadcast

English Name: trojan/delf.jxk

Chinese name: "Trojan/delf" Variant jxk

Virus Length: 90112 bytes

Virus type: Trojan Horse

Danger level: ★

Impact Platform: Win 9x/me/nt/2000/xp/2003

MD5 Check: 6331b682f40d3e3e91b8b3e8ee6afdc0

Feature Description:

Trojan/delf.jxk "Trojan/delf" Variant jxk is the "trojan/delf" Trojan family in one of the newest members, the use of "Borland Delphi 6.0-7.0" writing, and through the shell protection treatment. After the "Trojan/delf" variant jxk runs, it replicates itself to the "%systemroot%\system32\" directory of the infected system and renames "KoepSafe.exe". Iterates through all the running processes in the current system and attempts to end them once the process of the specified security software and system Tools is discovered. Finds the window title in the current system and, once found, contains the specified string (such as "antivirus", "Watch", "Trojan", and so on), tries to close its window to protect itself. The "Trojan/delf" variant jxk forcibly deletes key values in the registry, causing the system to disable the "Show system hidden Files" feature. At the same time, using the registry to hijack image files interferes with the normal operation of a large number of security software. In the infected system background connection hacker specifies the site "http://hx52*.net/", reads the address stored in the file "List.txt", and then downloads the malicious program and automatically invokes the run. Among them, the downloaded malicious program may be the network game theft Trojan Horse, remote control Trojan or malicious advertising programs, to the user caused a different degree of loss. In addition, the "Trojan/delf" variant jxk will add key values to multiple startup entries in the system registry to enable the Trojan to run automatically.

English Name: Trojan/vaklik.bov

Chinese name: "Pseudo granule" variant Bov

Virus Length: 49152 bytes

Virus type: Trojan Horse

Hazard Level: ★

Impact Platform: Win 9x/me/nt/2000/xp/2003

MD5 Check: b069957cff29a6df98d92067956cfb7f

Feature Description:

Trojan/vaklik.bov "pseudo-particle" variant Bov is one of the newest members in the "pseudo-particle" Trojan family, which is written in advanced language and protected by shell. The "pseudo-particle" variant Bov will traverse all windows in the current system in the background of the infected computer, and will close the window by sending a specific message once it discovers that the specified security software window exists. If it cannot be closed, it exits and runs, thus achieving the goal of self-protection. "Pseudo-particle" variant BOV will locate the installation location of the software by reading the registry, looking for sensitive data stored in the installation folder of "ICQ", "CuteFTP", "Opera", "Batmail" and many other mail managers, instant chat software, Web browsers, FTP administration tools, And the data sent to the hacker's designated receiving page, resulting in the disclosure of private information users, may suffer from varying degrees of loss.

For the above virus, Jiangmin Antivirus Center recommends a broad range of computer users:

1, please immediately upgrade Jiangmin antivirus software, open a new generation of intelligent graded high-speed anti-virus engine and monitoring, to prevent the current prevalence of viruses, trojans, unwanted programs or code to attack user computers.

2, Jiangmin KV Network version of users, please upgrade the control center in time, and suggest relevant management personnel in due course to carry out the whole network to check the virus, to ensure enterprise information security.

3, Jiangmin anti-virus software to enhance the virtual machine shelling technology, can be a variety of mainstream shell and difficult "flower command shell", "uncommon shell" virus for shelling, effective removal of "shell virus."

4, open jiangmin anti-virus software system monitoring function, the function can be used to download malicious programs virus, forcibly tamper with the system time, injection process and other malicious programs such as the monitoring and automatic intervention, processing, effectively curb the unknown virus to the system caused by interference and damage, Increased the ability of the computer to prevent the unknown virus to a greater extent.

5, the River Civil Defense horse Wall, can be the first time to find and prevent Trojan virus with malicious Web pages, can automatically collect malicious Web site and Add feature library, prevent the spread of the Web Trojan, effectively protect the user's Internet security.

6, fully open the Bootscan function, in the system before the start of antivirus, clear self-protection and anti-attack anti-virus software malicious virus.

7, Jiangmin anti-virus software to add a powerful heuristic scanning, can inspire scanning more than 90% of the unknown virus.

8, Jiangmin for the infection Delphi compiler environment and application of the "Delphi attack" virus launched a Kill tool, please the vast number of Delphi developers and netizens immediately download and scan the system, so as to avoid becoming the source of virus transmission and by the virus infection. Download Address:

9, suspected to have been poisoned users can use Jiangmin free online search virus for viruses to verify. Free online virus Search Address:

For more detailed virus technical information, please call Jiangmin Company's Technical Service hotline 800-810-2300 and 010-82511177 for consultation, or visit jiangmin website for online inspection.