Daily Virus Report (Aug 10, 2008) - Worm.Win32.DownLoader.ia
-
RISING
Aug 10, 2008 one virus needs your attention. It is IA(Worm.Win32.DownLoader.ia). The virus downloads decades of Trojan from appointed website; drives 360Safe, McAfee and other security software can not run steadily. At the same time, virus copies viruses to each local Disk to infect Flash disk and other mobile devices. Virus add auto-run files at each disk, so, when computer users open a disk, virus will startup at once, virus also can prevent against check of anti-virus software, it is difficult to be deleted.
Name: IA (Worm.Win32.DownLoader.ia)
Warning level: Dangerous
Category: Worm
Affected System: Windows NT/2000/XP/2003
Description:
Virus can be copied to System32 directory by own, and named as thundet.exe and dllhose.exe (similar as Xunlei software’s main program), then, virus will modify registry to achieve startup with system. Virus downloads decades of Trojan from hackers’ appointed websites. At the same time, virus infects script files, add address link at the end of script files to achieve download of virus script when computer users browse a webpage. To prevent from antivirus software checks or scan, virus modifies registry to achieve Image File Execution Options, so, antivirus software can not run steadily, such as 360Safe, McAfee and other anti-virus software. At last, virus copies itself to each local disk and adds autorun.inf to make virus startup when computer users open a local disk. In this way, virus can infect Flash disk and other mobile devices, so, computer may infect this virus again, and it is difficult to be deleted.
Anti-virus experts suggest that computer users take the following measures to protect against this virus:
1. Install Rising Anti-virus, personal firewall, update in time, and at least 3 times per day for updating Rising.
2. Use Rising Vulnerability Check, patch your computer system in a timely manner as many viruses spread by taking advantage of the system exploits or vulnerabilities.
3. Do not browse suspicious websites, and suspicious inserter; turn off or delete unnecessary system services.
4. Do not receive the suspicious file from QQ, MSN, Email, etc.
5. Open auto-protect and auto-monitor function when accessing to the internet.
6. Put your account information of networks bank, networks game, MSN, QQ, Yahoo Messenger etc, into Rising Application Protection, Rising Application Protection can protect specified applications from attack by malicious programs. A user can apply rules to game software, instant messenger, etc. to customize protection.
Daily Virus Report (Feb 07, 2012)- Rootkit.Win32.Undef.cvu ()
