Daily Virus Report (Mar 6, 2009) - Backdoor.Win32.IRCbot.xag
-
RISING
Mar 6, 2009 one virus needs your attention. It is XAG (Backdoor.Win32.IRCbot.xag). The virus is a backdoor program via IRC. Hackers can remote control the infected computer via IRC program, attack other computer, and other malicious behaviour.
Name: XAG (Backdoor.Win32.IRCbot.xag)
Warning level: Dangerous
Category: Backdoor
Affected System: Windows NT/2000/XP/2003
Description:
This malicious program is a Backdoor virus and spreads through Internet. After being executed, the virus copies its executable files down to driver directory, and names itself as “wmiadapi.exe”; adds “AutoDiscovery/AutoPurge (ADAP) Service” to registry, to achieve startup with system. In addition, the virus will set a backdoor at infected computers, and automatically connect with “cftp.dawn****.info” for remote instruction. Hackers can remote control infected computer via IRC program, and take malicious behavior. It threatens computer security safe seriously. Also, the virus can modify registry key to disrupt some normal web function.
Anti-virus experts suggest that computer users take the following measures to protect against this virus:
1. Install Rising Internet Security or Rising Anti-virus, personal firewall, update in time, and at least 3 times per day for updating Rising.
2. Install Rising PC Doctor, and choose “Leaks” function to check the leaks or vulnerabilities exist in your computer operation system, patch your computer system in a timely manner as many viruses spread by taking advantage of the system exploits or vulnerabilities.
3. Do not browse suspicious websites, and suspicious inserter; turn off or delete unnecessary system services.
4. Do not receive the suspicious file from QQ, MSN, Email, etc.
5. Open RISING Active Defense and Auto-Protect function when accessing to the internet.
Daily Virus Report (Feb 07, 2012)- Rootkit.Win32.Undef.cvu ()
