Three strokes easy to yield stealth theft virus _ Internet surfing
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞
December 29, 2004, Jiangmin Antivirus Center took the lead in intercepting the first "stealth virus" BACKDOOR/BYSHELL.A, and named it "stealth thieves." After the virus is run, it is threaded into the system process and immediately deletes its own virus body to avoid killing the anti-virus software. The virus also uses technology such as hook hooks and port mappings to make the user's computer remotely controlled by hackers without symptoms.
After successful infection, the back door is bound to TCP port 138 and listens for hacker instructions, which can be done by remotely shutting down the user's computer, ending the user process, downloading user files, and so on. "Stealth thieves" will also create a global hook, monitor the user shutdown, restart, and so on, to recreate the virus files and startup items before the system shuts down, so that the virus will automatically run when the next boot.
Since the stealth thief after the operation of the removal of virus, insert the system process of the "stealth" feature, increased anti-virus software to kill the virus difficulty. But the stealth thief is not not irresistible, jiangmin anti-virus experts to the user spending on the "stolen" three strokes, can make the invisible bandit true colours, cut off the invisible bandit out of the "Black Hand."
Kill them in the first step. Timely upgrade KV2005 anti-virus software to December 29 virus library, and turn on all virus real-time monitoring (especially file monitoring), so that the first time to kill the virus file body.
Second, plugging TCP138 port. Because the virus binds the back door in TCP port 138 and listens for hacker instructions to steal the private files of the infected machine, the virus can be reduced to a maximum extent by shutting down the port. (Plugging the TCP138 port can use some firewall software settings, or use TCP/IP filtering with WIN2000 above operating system, ordinary individual users can choose to use only 80 ports)
Third, power off shutdown. Suspected of infection, "stealth thieves", the normal system shutdown or reboot, because these operations are in the virus monitoring, the virus monitoring these instructions will be in the system before the shutdown to recreate the virus files and startup items, so that the virus in the next boot automatically run. Using the immediate power off method, the "stealth thieves" virus has lost the opportunity to rewrite the file.
This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or
reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or
complaint, to firstname.lastname@example.org. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
and provide relevant evidence. A staff member will contact you within 5 working days.