On September 6, September 20, the anti-Virus center of Jiangmin technology intercepted a webpage receiver Virus that was spread on a fake Microsoft website. autorun. dr), the virus will infect web files, insert malicious website connection to it, and use multiple system vulnerabilities to download more than 20 malicious online game Trojans, steal the account and password of game players, it brings huge losses to players.
According to Jiang Min's anti-virus expert, the webpage receiver virus is compiled using the Delphi tool. After the virus runs, a virus route crsss.exe is created. The process points to % WinDir % \ System32 \ crsss.exe and the file size is 62512 bytes. The following auto-start items are added to the Registry to run the virus simultaneously with the Windows operating system.
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run]
"Crsss" = % WinDir % \ system32 \ crsss.exe
The virus will also search for the hard disk with the extension *. htm ,*. html ,*. asp ,*. aspx ,*. php ,*. jsp web page script file, insert a malicious website http://mlcro-soft.cn/?###.htmto it. This malicious website is pseudo-installed as a Microsoft website, which is extremely powerful. The virus will also generate the c.txt file on the system directory system32. the virus will download and execute these online game Trojans. Once the user clicks the poisoned web page, the malicious web page can use MS06-014, MS06-046, MS07-017 and other system vulnerabilities to download and execute more than 20 malicious web game Trojans, steal the game player account and password, it brings huge losses to players.
According to Jiang Min's anti-virus expert, the webpage receiver virus will also be transmitted through the USB flash drive, MP3, mobile hard drive, and other mobile storage devices to generate autorun.infand niu.exe virus files. This way, when you double-click the USB flash drive, the virus will be activated, to infect the system. The virus also forcibly modifies the IE homepage, and sets the homepage as an http: // mlcro-soft. cn/update.htm infected website, so that the user will be infected with the virus as soon as he opens the IE browser. The virus also destroys the key values in the registry of the operating system, so that the system cannot display hidden files.
For this virus, the anti-virus center of Jiangmin technology has urgently upgraded the virus database. You only need to upgrade it to the virus database on January 1, September 20 to intercept the virus intrusion.
[Content navigation] |
Page 1st: the website receiver trojan has to be prevented from counterfeiting the Microsoft website |
Page 2nd: the website receiver trojan has to be prevented from counterfeiting the Microsoft website |