Security experts in practice clear image hijacking technology viruses

2cto.com comment: security expert?

According to dodo, A-MM computer seems to be in the Terminator. After being killed and repaired by a drug overlord, the drug overlord still cannot be started. If you want to come to QQ, remotely connect to the past and check whether the problem exists. The speed limit was fixed for an hour. It was much easier to write a summary article than to fix it.

1. Pass the tools required by MM: avterminator killing, autoruns, ice blade, and process explorer.

2. Run these four tools separately. Only the exclusive tool can be started, and other tools cannot be started. Try to enter the kav2007 directory and find that the anti-virus master program cannot be started by the cleaning experts. Autoruns and Process Explorer can be run after being renamed. After the ice blade is renamed, it is closed immediately after it is opened. The same is true for drug overlord and cleaning experts.

3. Two DLL, a1d29050. dll and msacn. dll, are found on the explorer Page of autoruns. When using autoruns, You must select the project that hides the MS signature authentication, or you will be exhausted ).

Copy the two DLL files to the new folder on the desktop for backup. Then, rename process explorer and run it. Find related threads in process explorer. Find four running threads and immediately pause the virus threads.

4. The ice blade can be used normally, so process Explorer is used to kill related threads.

5. Continue to use autoruns to view the service and find 3 unknown services. However, it was confirmed afterwards that these three services had nothing to do with the operation of the drug overlord. They were Trojans that the drug overlord was able to kill.

6.access the website, and double-click uplive.exe to upgrade.

7.after the upgrade, double-click kav32.exe to perform a virus scan. More than 10 known Trojans were found. Of course, the DLL that the ice blade cannot run is a new virus.

We recommend that you fix the Registry with the avterminator after MM scans to ensure that the file is successfully cleared. This virus prevents the hidden file from being properly displayed. This avterminator Repair Tool can solve this problem.

In addition, during the use of autoruns, it is found that the virus has deleted the service registered by the drug overlord. Therefore, if the computer restarts, it will find that real-time monitoring cannot be loaded.

Summary:

Virus similar to avterminator will take anti-virus software as the first line of attack. After the attack succeeds, a bunch of Trojans will be downloaded using the downloader. In this case, after resolving the new virus, the attacker will find more than 10 Trojans.

It is expected that the hacking group using this method will be very rampant within a period of time. Please refer to avterminator's comprehensive solution for defense measures.