"QQ theft" releases trojan virus file seek and peek at User Password

"QQ account theft 139373" (Win32.Troj. AmorBc. c.139373) is a QQ account theft Trojan. After the virus runs, the virus file is released to the program folder and self-started by using ShellExecuteHooks. By injecting the process, you can monitor the user's QQ token tool and read the LoginUinList In the QQ directory. dat obtains the user number list and deletes ewh In the QQ directory. database to trick the user into re-entering the password and other methods to steal information such as the user's QQ number and password. In addition, the virus downloads the virus file from the remote server and installs it on the user's computer, and deletes the master execution file of the QQ doctor.

"Fantastic stealing dp" (Win32.Troj. onlineGames. dp.81920) This is an account theft Trojan. Viruses generate multiple virus-related files on the customer's computer and create a registry to enable automatic startup of the virus upon startup. The virus will modify the Registry to invalidate the system firewall and automatic system update function on the customer's calculator, and steal the account information of the online game fantasy westward journey on the customer's computer.

I. Threat Level: "QQ theft 139373" (Win32.Troj. AmorBc. c.139373:★

1. Generate a file

% Programfiles % \ Common Files \ Microsoft Shared \ MSInfo \ SysWFGQQ2.dll

2. Inject processes, monitor Logon Windows for QQ users and the following URLs, steal user QQ numbers and passwords, and send them to remote mailboxes.

Http: // *** p.qq.com/clienturl_239? ADUIN = 0 & ADSESSION = 0 & ADTAG = CLIENT. QQ.1631 _ LoginWindow.0

Https: // ac *** nt.qq.com/cgi-bin/auth_forget? ForgetType = PW & PcacheTime = 1179536999

3. The virus reads LoginUinList. dat in the QQ directory to obtain the user number list.

4. Download the virus file from the remote server and install it on your computer.

Hxxp: // hm.54601_cn/kav.exe

5. The virus leaves the following malicious information

"Ymygc ....."

"Cc"

"Cckabalaji"

"Bc"

"Fuckavp"

"Don't kill me"

"Cajikaba"

Ii. Threat Level:★

1. The virus copies itself

% Windir % \ system32 \ kvmxdis.exe

And generate the following files:

% Windir % \ system32 \ kvmxacf. dll

% Windir % \ system32 \ kvmxdma. dll

% Windir % \ fonts \ armease. fon

2. Disable system firewall and automatic system update for virus modification registry.

Suggestions from Jinshan anti-virus engineers

1. It is best to install professional anti-virus software for comprehensive monitoring. We recommend that you install anti-virus software to prevent the increasing number of viruses. After installing anti-virus software, you should upgrade the software frequently, enable some main monitoring frequently (such as email monitoring), and monitor the memory, report problems to ensure computer security.

2. users who play online games and use QQ chat will increase, so all types of Trojan horses will increase. We recommend that you develop good network usage habits and Upgrade anti-virus software in time, enable Firewall, real-time monitoring, and other functions to cut off the virus transmission path and leave the virus alone.