As is known to all, sunway viruses typically infect executable files within the computer.
Through some observations we can find that the principle of the virus here is file binding, so theoretically all executables will be infected. So after this type of virus, all programs must be updated to avoid the same mistakes. But in the infected file we find this peculiar phenomenon--some of the icons are blurred.
Poisoned icons (Fig. 1)
The normal icon (Figure 2)
What is the cause of this? With that in question, I opened the icon for the original program.
It is not difficult to see the icon in the picture is poisoned after the icon, but this document is not poisoned to talk about poisoning? The original AH icon Designer or should be responsible, or design habits, usually create multiple icons in different system environment, different icon display size to correct, clear display icon, so will build a variety of icon color mode, a variety of shape size.
Let's look at the original icon so that the concept of icon size is more profound.
Understanding these, we do some explaining to the principle of the next virus bundle. A virus bundle that is packaged and merged with a normal file usually reads the icon for the normal file, and it chooses the first icon of the file to read, which is the icon we see in Figure 2.
In this case, if the first location icon for some files is small, then the icon will be magnified when your screen display icon is larger than the size of the icon. You may ask why some of the icons do not become blurred, and the following will be explained in a simple example.
In the above two pictures, we see two identical icons, one is the icon of the poisoned file, the other is the icon of the normal file. But no different?
That's true. According to the previous paragraph, we learned some ways to read the virus icon, so can we guess that the designer of the file icon only set a 256-color icon for the file, and did not consider the 16-color icon?
Our conclusions are confirmed by this diagram.
Smart readers may think, why (Figure 1) in the "Unit conversion elf." The software its icon is gone, become a strange icon, and if the machine's poisoned friends can not be difficult to find, some of the files of the icons have become that strange look? Do they have the same place? Are they a spoof of the virus writers? We still follow the idea of the previous text, open look at the normal file icon.
It is easy to find from the image above that the author of the file icon did not make a second icon for the icon in a different size or color pattern, but built an icon for the file.
Perhaps the virus writer's negligence, he wrote the virus bundle is not recognized only one icon of the file icon, "Think this file does not have an icon", so use the homemade icon instead.
As a result, our initial guess was that virus writers only infected files with an icon color pattern, and a shape size, without fully considering the display of icons for different system environments. As a result of the virus infected files, the file icon will become blurred this phenomenon.