Jinshan anti-Virus 20041217_ daily _ Internet surfing

Beijing Information Security Evaluation Center, Jinshan Poison PA jointly released the December 17, 2004 popular virus.

Today, users are reminded to pay special attention to the following viruses: "Demon" (Win32.Hack.Evil) and "Red Ribbon variant F" (WORM.REDESI.F).

"Demon" hacker tool, the virus will copy itself to the system in multiple directories, the virus uses a variety of commonly used methods to obtain the right to run. Once the user has the virus, the virus destroys some of the user's data and allows the hacker to illegally manipulate the infected machine remotely.
The "Red Ribbon variant F" worm, which spreads through email and mIRC, will pop up a successful Windows Update message box to deceive users and entice users to open them with seductive mail, causing more user machines to infect the virus.



First, "Demon" (Win32.Hack.Evil) Threat Level: ★

According to Jinshan Poison Bully anti-virus engineer analysis, the virus replicates itself to multiple directories in the system, and the virus uses a variety of commonly used methods to get the right to run and generate Autorun.inf files at the root of each writable logical disk, and the virus silently runs automatically each time a user opens a logical disk. The virus also loads itself into the registry's startup entry, runs the virus every time it starts, and modifies the text file's affiliate program to point to itself so that the virus runs silently each time the user opens a text file. It then closes Windows Task Manager, Registry Editor, Process Viewer, Excel application, Word application, programs that contain the string "Play" and ". exe", and the Command Line window program. The virus will cause users to work hard to edit the Word document, the Excel table is instantly lost, users can not use Windows Task Manager to close it, users can not edit the registry, users can not open the Command Line window, and can not run with "play" software.
Jinshan Poison Bully Antivirus experts recommend users: please do not easily run from the Internet after downloading without anti-virus software processing files, it is strongly recommended that you use the latest virus library of the poison PA to scan, and then decide whether to run.



Ii. "Red Ribbon variant F" (WORM.REDESI.F) Threat Level: ★

According to Jinshan Poison PA Anti-Virus engineer introduced, this is a transmission through the e-mail and mIRC worm virus. The outbreak of the virus will pop up a successful Windows Update message box to deceive users, and five copies of the virus to the C-packing directory, add a startup in the registry, to achieve the virus boot from the start. The virus also writes two batch commands to the C:\autoexec.bat, one showing "with a fool no season spend, or is counted as his freind." And the other is format C. By changing the mIRC script configuration file, the MIRC system is linked to the virus file, extending the way the virus is transmitted. The virus also generates an HTML file C:\inetpub\wwwroot\default.htm, and when the user opens the page, the virus file is opened. The virus collects e-mail addresses in the Address Book of Outlook Express, and then sends the virus as an attachment in Microsoft's name, which is deceptive and the user is likely to be deceived into opening the attachment to infect the virus.
Jinshan Poison bully Anti-Virus experts to remind users: the best way to prevent mail viruses is not easy to open with the attachment of unfamiliar messages, if you must open, please note the use of anti-virus software detection and then open. Pay attention to the timely upgrade of anti-virus software to the latest version, at any time to open the message monitoring function, to develop a good sense of safety precautions.



Jinshan Poison PA Anti-Virus engineer reminds you: Please upgrade the poison PA to December 17, 2004 the virus library can completely handle the virus. If you do not install Jinshan poison PA, you can login to http://online.kingsoft.com/use Jinshan poison pa online search virus or Jinshan poison PA download version to prevent the virus intrusion.