Jinshan Poison PA: dos Virus Resurrection through easy breakthrough mainstream anti-virus software

Source: Internet
Author: User

At present, the mainstream computers are using 64-bit CPU, the operating system gradually from 32 to 64, most of the new factory PC installed 64-bit Windows 7. When people think that 16-bit programs (mostly DOS programs) will disappear, the virus breaks the peace. October 25, Jinshan poison PA Safety Center monitoring found a 16-bit DOS virus resurrection, easy to cross the mainstream anti-virus software defense.

The program, named DOS.STARTPAGE.FK, infects more than 20,000 computers a day, tampering with browser icons, locking the homepage as a 42630.com Web site navigation station, and spreading the virus mainly through websites that offer pirated movies and TV dramas.

Figure 1 Virus Modification Browser home page, create desktop IE icon

At present, the mainstream operating system and application software is more than 32-bit program (64-bit applications are gradually popular, not mainstream), 16-bit DOS program is very rare, Jinshan poison PA Security Center therefore named the virus "cross."

Fig. 2 Golden Hill poison PA killing cross dos virus

The programming tool used by virus authors is also eliminated by Quick basic, where the virus authors encapsulate 32-bit execution programs in 16-bit DOS program shells, making the mainstream antivirus defense system completely undetectable. Antivirus manufacturers generally believe that the DOS virus has disappeared, the existing defense system, mostly for 32-bit program design.

Virus to evade killing, after 16-bit shell program, will delete itself, increase anti-virus software tracking sample source difficulty. The result is the Netizen: users will find that the browser home page is always modified, with anti-virus software repair can only be effective in the short term, when downloading pirated TV dramas, will again in the Recruit.

Jinshan Poison PA Safety experts point out that because the virus breakthrough anti-virus software method is unique, in the short term is likely to have more viruses to try to travel to the DOS era. In response to this special 16-person virus, Jinshan poison PA modified the existing defense system, can completely intercept the cross virus. When users download a virus from a poisoned web page, they will also stop it immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.