Viking/Viking new variants, Trojan-PSW.Win32.WOW.do, etc. (1)

Source: Internet
Author: User

EndurerOriginal
1Version

Yesterday (July 19) at pm, a friend said that rising computer self-check always found viruses over the past few days.Trojan. psw. Agent. adw,Trojan. psw. zhengtu. CC.

After the examination, we found that the symptoms were similar to the descriptions described in Rising's report on the wikin worm:

------------------------------
The virus scans all shared computers in the LAN, tries to guess their passwords, and tries to infect these computers. Virus propagation, scanning, and network downloads consume a large amount of resources. As long as a computer in the LAN is poisoned, the whole network may run abnormally or even cause network congestion.

According to the analysis by the rising Technical Department, after the "Bo of the wikin worm variant enters the user's computer, the system downloads and installs programs such as "westward journey Trojan", "Jianghu Trojan", "Mixi virus", and "Warcraft Trojan" over the Internet, and tries to steal the account, password, and equipment of the above-mentioned online games. At the same time, the virus will also download and install a QQ tail virus, then use the QQ of the computer that has been poisoned to send spam information, and use the machine to spread the virus.
(Reference: more than 10 enterprises with nine thousand internet users attacked by Weijin Worm
Http://it.rising.com.cn/newSite/Channels/info/virus/virus/200606/05-171222684.htm)
------------------------------

Detected Viking automatically downloaded "misi virus (rising Name:Trojan. psw. lmir. kgs", QQ tail virus (rising Name:Trojan. psw. qqrobber. ACV), And named "Warcraft Trojan (Kaspersky:Trojan-PSW.Win32.WOW.do)"......

The most terrible thing is to infect the EXE file and increase the file size.31,148Byte, the EXE file icon becomes rough; when the infected EXE file is run, it will automatically create a file namedVidll. dll, The size is25,600 bytesFile ......

At the same time, the whole local area network becomes violent and slow.

Rising stars and drug overlord are all banned ~

Report the suspicious files found to rising ~

I couldn't think of Rising's fast action this time. At four o'clock P.M. today (July 20), I received replies from rising one after another. It was indeed a new variant of Viking:Worm. Viking. AA(Name of rising)

Subject: virus report email analysis result-streamline Ticket No.: 3026889
Dear customer!
Your email has been received. Thank you for your support for rising.

We have analyzed your problems and files in detail. The following are the analysis results of the files you uploaded:
1. File Name: rundl132.exe
Virus Name:Worm. Viking. AA
We will solve the problem in the newer version 18.36.32. Please upgrade your rising software to version 18.36.32 and open the monitoring center to completely eliminate the virus. If a problem is found during the test, we will postpone the upgrade from version 1 to version 2.

**************************************** *****************
Kaspersky reports rundl132.exeWorm. win32.viking. r
**************************************** *****************

Subject: virus report email analysis result-streamline Ticket No.: 3026895
Dear customer!
Your email has been received. Thank you for your support for rising.

We have analyzed your problems and files in detail. The following are the analysis results of the files you uploaded:
1. File Name: svch0st.exe
Virus Name:Trojan. DL. Small. msg
We will solve the problem in the newer version 18.36.32. Please upgrade your rising software to version 18.36.32 and open the monitoring center to completely eliminate the virus. If a problem is found during the test, we will postpone the upgrade from version 1 to version 2.

Subject: virus report email analysis result-streamline Ticket No.: 3026899
Dear customer!
Your email has been received. Thank you for your support for rising.

We have analyzed your problems and files in detail. The following are the analysis results of the files you uploaded:
1. File Name: svhost32.exe
Virus Name:Worm. Viking. AA
We will solve the problem in the newer version 18.36.32. Please upgrade your rising software to version 18.36.32 and open the monitoring center to completely eliminate the virus. If a problem is found during the test, we will postpone the upgrade from version 1 to version 2.

Subject: virus report email analysis result-streamline Ticket No.: 3026880
Dear customer!
Your email has been received. Thank you for your support for rising.

We have analyzed your problems and files in detail. The following are the analysis results of the files you uploaded:
1. File Name: ntdhcp.exe
Virus Name:Trojan. psw. qqrobber. ACV
We will solve the problem in the newer version 18.36.41. Please upgrade your rising software to version 18.36.41 and open the monitoring center to completely eliminate the virus. If a problem is found during the test, we will postpone the upgrade from version 1 to version 2.

Subject: virus report email analysis result-streamline Ticket No.: 3026896
Dear customer!
Your email has been received. Thank you for your support for rising.

We have analyzed your problems and files in detail. The following are the analysis results of the files you uploaded:
1. File Name: winsvc.exe
Virus Name:Trojan. VB. VDA
We will solve the problem in the newer version 18.36.40. Please upgrade your rising software to version 18.36.40 and open the monitoring center to completely eliminate the virus. If a problem is found during the test, we will postpone the upgrade from version 1 to version 2.

The analysis and processing process is relatively long. Put it in the second part.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.