Daily Virus Report (Nov 27, 2008) - Dropper.Win32.Undef.gh
-
RISING
Nov 27, 2008 one virus needs your attention. It is GH (Dropper.Win32.Undef.gh). The virus spreads through Internet, and it is a typical virus dropper. This virus uses the icon of IE Browser as camouflage; extract other virus program, and the extracted virus program can break ‘exe’ files. In case an ‘exe’ file has been broken, it can’t be reverted. This malicious virus program threatens computer security safe.
Name: GH (Dropper.Win32.Undef.gh)
Warning level: Dangerous
Category: Backdoor
Affected System: Windows NT/2000/XP/2003
Description:
This is a typical virus dropper Trojan, and spreads through Internet. This virus uses IE icon as camouflage; extracts other virus programs, and these viruses files use icon of WinRAR as camouflage. This malicious virus program retracts its executable files into Windows Program Files directory, which use WinRAR icon as camouflage. And this virus creates shortcut at the directory “C:\Documents and Settings\All Users\Start\All Programs\Startup”; this shortcut transfers to the virus programs in Windows directory; and this makes the virus launched with Windows reboot each time. The virus programs with WinRAR icon is damaging, and these virus programs search “EXE” file, then write their code into this “EXE” file and cover its code. This changed “EXE” file becomes a virus program, after being launched, this virus program start up, and this “EXE” file can not be reverted. This malicious virus program threatens computer security safe seriously.
Anti-virus experts suggest that computer users take the following measures to protect against this virus:
1. Install Rising Anti-virus, personal firewall, update in time, and at least 3 times per day for updating Rising.
2. Use Rising Vulnerability Check, patch your computer system in a timely manner as many viruses spread by taking advantage of the system exploits or vulnerabilities.
3. Do not browse suspicious websites, and suspicious inserter; turn off or delete unnecessary system services.
4. Do not receive the suspicious file from QQ, MSN, Email, etc.
5. Open auto-protect and auto-monitor function when accessing to the internet.
6. Put your account information of networks bank, networks game, MSN, QQ, Yahoo Messenger etc, into Rising Application Protection, Rising Application Protection can protect specified applications from attack by malicious programs. A user can apply rules to game software, instant messenger, etc. to customize protection.
Daily Virus Report (Feb 07, 2012)- Rootkit.Win32.Undef.cvu ()
