General processing method of U disk parasite virus

"U disk Parasite" Variant HDU can be passed through U disk, a device such as a mobile hard drive propagates, setting the folder in the mobile storage device to "hidden" and creating a virus file with the same name and folder icon as the folder, thereby tricking the user into clicking, thus increasing their chances of infection and concealment.

"U disk Parasite" Variant hdu is one of the newest members of the Worm family, using "Microsoft Visual Basic 5.0/6.0", and shell-protected processing. "U disk Parasite" Variant HDU after running, will be copied to the infected computer system "%systemroot%system32" directory, renamed "Down.exe", but also in the same directory to release other malicious script files, Almost all of its malicious functions are implemented through batch instructions.

"U disk Parasite" Variant HDU will force the registry to tamper with the "Show system hidden Files" feature in the system and also close the Windows Security Center service. Copy the System file "At.exe" to "Systen32.exe", copy "cmd.exe" to "SVCH0S.exe" and "Systen.exe", and copy "Ping.exe" to "Expl0rer". EXE ". Start the Scheduled Tasks service, adding a large number of scheduled tasks from 9 o'clock to 0 o'clock every day to automate the execution of malicious batch files. Using the system's own FTP tool, connect hacker designated download Address "auto555.33*.org", download Malicious program "1.RMVB" and automatically invoke run. Email will also be sent regularly to the hacker's designated e-mail to record the infection.

For the above virus, give the following recommendations:

1, the best installation of professional anti-virus software for comprehensive monitoring and timely upgrade virus code base. It is recommended that users will often open a number of major monitoring, such as mail monitoring, memory monitoring, etc., in order to prevent the current prevalence of viruses, trojans, unwanted programs or code to attack user computers.

2, please do not open the attachment in the mail, especially the message of unknown origin. Enterprise-Class users can open the monitoring system on the common mail server platform, intercept the virus at the Mail gateway, and ensure the security of the mail client.

3, Enterprise-class users should be in a timely manner to upgrade the control center, and advised the relevant management personnel in due course to carry out the whole network killing virus. In addition, to ensure enterprise information security, you should close the shared directory and set up a strong password for the administrator account, do not set the administrator password to null or too simple password.

4, users in the computer before the use of U disk, as far as possible to the U disk for anti-virus treatment, to a certain extent, reduce the risk of poisoning.