Three strokes easy to yield stealth theft virus _ Internet surfing

Source: Internet
Author: User
December 29, 2004, Jiangmin Antivirus Center took the lead in intercepting the first "stealth virus" BACKDOOR/BYSHELL.A, and named it "stealth thieves." After the virus is run, it is threaded into the system process and immediately deletes its own virus body to avoid killing the anti-virus software. The virus also uses technology such as hook hooks and port mappings to make the user's computer remotely controlled by hackers without symptoms.

After successful infection, the back door is bound to TCP port 138 and listens for hacker instructions, which can be done by remotely shutting down the user's computer, ending the user process, downloading user files, and so on. "Stealth thieves" will also create a global hook, monitor the user shutdown, restart, and so on, to recreate the virus files and startup items before the system shuts down, so that the virus will automatically run when the next boot.

Since the stealth thief after the operation of the removal of virus, insert the system process of the "stealth" feature, increased anti-virus software to kill the virus difficulty. But the stealth thief is not not irresistible, jiangmin anti-virus experts to the user spending on the "stolen" three strokes, can make the invisible bandit true colours, cut off the invisible bandit out of the "Black Hand."

Kill them in the first step. Timely upgrade KV2005 anti-virus software to December 29 virus library, and turn on all virus real-time monitoring (especially file monitoring), so that the first time to kill the virus file body.

Second, plugging TCP138 port. Because the virus binds the back door in TCP port 138 and listens for hacker instructions to steal the private files of the infected machine, the virus can be reduced to a maximum extent by shutting down the port. (Plugging the TCP138 port can use some firewall software settings, or use TCP/IP filtering with WIN2000 above operating system, ordinary individual users can choose to use only 80 ports)

Third, power off shutdown. Suspected of infection, "stealth thieves", the normal system shutdown or reboot, because these operations are in the virus monitoring, the virus monitoring these instructions will be in the system before the shutdown to recreate the virus files and startup items, so that the virus in the next boot automatically run. Using the immediate power off method, the "stealth thieves" virus has lost the opportunity to rewrite the file.
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.