Dec 16, 2008 one virus needs your attention. It is SJ (Worm.Win32.VB.sj). This malicious virus has an icon similar with folder of Windows system. After being executed, the virus copies its executable files in Windows system root directory in large amount. Also, the virus modifies the place of Windows Start Menu and homepage of IE browser, so, the virus can download varieties viruses to infected device. It is difficult to be cleaned.
Name: SJ (Worm.Win32.VB.sj)
Warning level: Dangerous
Category: Worm
Affected System: Windows NT/2000/XP/2003
Description:
This malicious virus written by VB language, and has an icon which is similar with folder of Windows system. After being executed, the virus copy its executable files in Windows system root directory in large amount, names these malicious files with different names, and replace some system files. The malicious virus release "Autorun.inf” file in system root directory; when user open Windows directory and system32 directory, the virus shuts down this folder and forbidding accessing, and this can make the virus away from cleaning virus manually. Also, the virus modifies the place of Windows Start menu, when user move the mouse cursor to the Start menu, the Start menu will move randomly to forbid "click” behaviour. The malicious virus modifies registry key values to achieve being launched with Windows system start; changes homepage of IE browser, to achieve the aim of downloading viruses to infected device, and this makes victim device gets re-infected easily. This malicious virus is difficult to be deleted.
Anti-virus experts suggest that computer users take the following measures to protect against this virus:
1. Install Rising Anti-virus, personal firewall, update in time, and at least 3 times per day for updating Rising.
2. Use Rising Vulnerability Check, patch your computer system in a timely manner as many viruses spread by taking advantage of the system exploits or vulnerabilities.
3. Do not browse suspicious websites, and suspicious inserter; turn off or delete unnecessary system services.
4. Do not receive the suspicious file from QQ, MSN, Email, etc.
5. Open auto-protect and auto-monitor function when accessing to the internet.
6. Put your account information of networks bank, networks game, MSN, QQ, Yahoo Messenger etc, into Rising Application Protection, Rising Application Protection can protect specified applications from attack by malicious programs. A user can apply rules to game software, instant messenger, etc. to customize protection.
