"Porter" exploits vulnerabilities to attack remote computer systems

The "Porter" variant DF (Win32.Hack. VanBot. df.733184.0FDE9678) is a hacker program that exploits the vulnerability for malicious attacks.

The "BHO tampered with" variant AV (Win32.Adware. BHO. av.113439) is a malicious software download tool that tamper with the browser's helper object BHO.

1. The threat level of the DF (Win32.Hack. VanBot. df.733184.0FDE9678) variant of "Porter:★★

The virus uses the vulnerability to launch malicious attacks on remote computers, and uses its own password dictionary to crack weak passwords to spread the virus. At the same time, it will enable the virus port on the infected computer so that hackers can take over all functions of the computer. It can also shut down the windows system security center and built-in firewall; Search chat windows of chat tools such as AIM, MSN, Yahoo, ICQ, and send virus information to spread itself out. We recommend that you promptly upgrade the antivirus software virus database and enable the real-time anti-virus function to protect your computer security.

After the virus runs, release the msnrav.exe file, modify the registry, disable the system's security center and built-in firewall, connect to the IRC server, and receive remote commands from hackers.

Ii. Threat Level of the "BHO tampered with" variant AV (Win32.Adware. BHO. av.113439:★

This virus will destroy the browser's auxiliary object BHO, inject it into the system process, connect to a specific site, download and run multiple viruses and other rogue software, and cause the advertisement window to pop up continuously, computer Operation slows down and leakage of private information on the Internet. We recommend that you first use Kingsoft cleaning experts to clear and then use anti-virus software to detect and kill residual files.

After the virus runs, release the uninst.exe and other virus files, modify the registry, and enable Automatic startup upon startup. Inject the cpush0.dll virus file into the IEXPLORE. EXE process and download a large number of viruses to the temporary directory.

Suggestions from Jinshan anti-virus engineers

1. It is best to install professional anti-virus software for comprehensive monitoring. We recommend that you install anti-virus software to prevent the increasing number of viruses. After installing anti-virus software, you should upgrade the software frequently, enable some main monitoring frequently (such as email monitoring), and monitor the memory, report problems to ensure computer security.

2. Update security patches frequently. Most Network Viruses spread through system vulnerabilities, such as shock waves and shock waves. We recommend that you regularly download the latest security patches from the Microsoft website to take effective measures.