Name: Worm.Win32.KillAV.b
Warning level: Dangerous
Detection Date: Mar 6, 2008
Description Date: Mar 14, 2008
Behavior: Worm
Affected System: Windows XP/NT/Server 2003/2000
Spreading: Medium
Damage: Low
Effected RISING: 20.35.30
Technical Details:
This is a Worm written by Delphi. After the virus startup, it will build a mutex to make sure that there is only one copy runs in system. The virus will check Internet connection, if there it is, then, the virus will take the following behavior.
After find the Internet connection, the virus will list the current window. If there is a window with a anti-virus software or security tool, the virus will shut the window down. Then, the virus will search AVP or 360 processes, if there it is, the virus will regulate system date, and shut down AVP monitor. After rescind system protection, the virus will browse some websites with bug, download and run Trojan at local computer. In addition, the virus will add a normal name of antivirus soft ware or tool at directory of SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options, to decline these software or tool. At last, the virus will write auto-un script file to each local disk, to achieve the aim of spreading.
Anti-virus experts suggest that computer users take the following measures to protect against this virus:
1. Install Rising Anti-virus, personal firewall, update in time, and at least 3 times per day for updating Rising.
2. Use Rising Vulnerability Check, patch your computer system in a timely manner as many viruses spread by taking advantage of the system exploits or vulnerabilities.
3. Do not browse suspicious websites, and suspicious inserter; turn off or delete unnecessary system services.
4. Do not receive the suspicious file from QQ, MSN, Email, etc.
5. Open auto-protect and auto-monitor function when accessing to the internet.
6. Put your account information of networks bank, networks game, QQ etc, into Rising Application Protection, Rising Application Protection can protect specified applications from attack by malicious programs. A user can apply rules to game software, instant messenger, etc. to customize protection.
