Daily Virus Report (Oct 3rd, 2008) - Trojan.DL.Win32.Mnless. bel
-
RISING
Oct 3rd, 2008 one virus needs your attention. It isBEL (Trojan.DL.Win32.Mnless. bel).The virus spreads through Internet. The virus shuts down a large numbers of anti-virus software, and downloads varieties of Trojan, viruses from the website which hackers appointed, and startup these viruses at local computer. It makes computer users suffer.
Name: BEL (Trojan.DL.Win32.Mnless. bel)
Warning level: Dangerous
Category: Trojan
Affected System: Windows NT/2000/XP/2003
Description:
This is a Trojan downloader. Virus releases kisawids.sys、systemIdle.exe and Winxp.dll file at local computer after startup. Also, the virus shut down a large number of anti-virus software process and add relevant registry hijack process, so, the virus can escape from the check of antivirus software. The virus modifies registry key value to achieve startup with system. The virus deletes hosts file and send mac address of local computer to http://w.qq-uc.cn/getmac.jsp for an infection statistics. The virus deletes %systemroot%\system32\down.sys after been loaded, and downloads virus file named as down.sys to infected computer. This virus is difficult to be cleaned and brings trouble to computer daily use.
Anti-virus experts suggest that computer users take the following measures to protect against this virus:
1. Install Rising Anti-virus, personal firewall, update in time, and at least 3 times per day for updating Rising.
2. Use Rising Vulnerability Check, patch your computer system in a timely manner as many viruses spread by taking advantage of the system exploits or vulnerabilities.
3. Do not browse suspicious websites, and suspicious inserter; turn off or delete unnecessary system services.
4. Do not receive the suspicious file from QQ, MSN, Email, etc.
5. Open auto-protect and auto-monitor function when accessing to the internet.
6. Put your account information of networks bank, networks game, MSN, QQ, Yahoo Messenger etc, into Rising Application Protection, Rising Application Protection can protect specified applications from attack by malicious programs. A user can apply rules to game software, instant messenger, etc. to customize protection.
Daily Virus Report (Feb 07, 2012)- Rootkit.Win32.Undef.cvu ()
