Daily Virus Report (Sep 23, 2008) - Worm.Win32.DownLoad.iy
-
RISING
Sep 23, 2008 one virus needs your attention. It is IY (Worm.Win32.DownLoad.iy). This virus pretends as an image, and names itself “image” to entice computer user for click. And the virus accesses to hackers appointed websites to download decades of Trojan viruses. Also, to prevent from antivirus software scan and check functions, the virus shuts down amount of antivirus software. It is difficult to be cleaned.
Name: IY (Worm.Win32.DownLoad.iy)
Warning level: Dangerous
Category: Worm
Affected System: Windows NT/2000/XP/2003
Description:
This is a Worm and spreads through Internet. Virus pretends to be an image with a name of “image”, also, there is a long space in the name of the virus, so, this will make computer user omit its extension name EXE. The virus entices users to click. After the virus startup, it shuts down amount of security software to prevent from scan and check. Then, the virus deletes wuauclt.exe of dllcache and copies itself down to this directory with a name as wuauclt.exe; the virus deletes wuauclt.exe of system32 directory at following stage, copies itself down to system32 directory with a name as wuauclt.exe; the virus creates AUTORUN.INF and WINDOWS.PIF file at each disk driver to achieve a second startup and spread. The virus modifies registry startup option to achieve startup when computer boot-strap. Finally, the virus accesses appointed websites to download amount of viruses to local computer, then run these viruses at local device. Computer re-infected easily by this virus and, it is difficult to be cleaned.
Anti-virus experts suggest that computer users take the following measures to protect against this virus:
1. Install Rising Anti-virus, personal firewall, update in time, and at least 3 times per day for updating Rising.
2. Use Rising Vulnerability Check, patch your computer system in a timely manner as many viruses spread by taking advantage of the system exploits or vulnerabilities.
3. Do not browse suspicious websites, and suspicious inserter; turn off or delete unnecessary system services.
4. Do not receive the suspicious file from QQ, MSN, Email, etc.
5. Open auto-protect and auto-monitor function when accessing to the internet.
6. Put your account information of networks bank, networks game, MSN, QQ, Yahoo Messenger etc, into Rising Application Protection, Rising Application Protection can protect specified applications from attack by malicious programs. A user can apply rules to game software, instant messenger, etc. to customize protection.
Daily Virus Report (Feb 07, 2012)- Rootkit.Win32.Undef.cvu ()
