Tuesday, October 5, 2010

Followed by a variety of patches manually clear the new "Annie"

A reference to "Annie," the general Internet users may also remember: A vulnerability has been using Microsoft 0day big spread, a panda burning incense, which is more harmful than the worm. However, along with the Microsoft ANI vulnerability patch release, "Annie," also will disappear for some time. But "Annie" has not completely disappeared, but the "brewing" a new round of attack!

"Annie," a new variant of AN (Worm.MyInfect.an), they began to stir, resulting in a large number of users to the machine running slowly, does not work, and that a large number of variants can download Daohao Trojans, to the user's online games, online banking security great threat.

Duba lightsaber wearing anti-virus engineers said, "Annie" before the new variant of AN with different variants of the virus can copy itself to C: \ Program Files \ Common Files \ System \ driectdb.exe or \ wab32res.exe, while driectdb . exe file by adding hidden attributes, and to own and iexplorer.exe were both injected into the notepad.exe process, and then infected files and download other viruses, such as Daohao class Trojans.

The user is infected with the virus, in the absence of browser and Notepad open the case, the process will appear in the iexplore.exe, notepad.exe two processes, but can not stop there iexplore.exe, and take up a lot of memory, causing the user computer running slow, does not work.

1. Before the end of the system created by the system processes the virus (Notepad.exe Iexplore.exe), the virus itself is injected into the two processes running (Figure 1);

Figure 1

2. Use of a comprehensive anti-virus software to scan, remove the infected exe;

3. Remove virus startup items:

"EXPLORER" = "% ProgramFiles% Common FilesSystemwab32res.exe"

4. Delete the file:

% ProgramFiles% Common FilesSystemtemp.ini
% ProgramFiles% Common FilesSystemavp.ini
% ProgramFiles% Common FilesSystemtemp.txt

Recommended links:


In Addition To Resource Saving, NOD32 On What Basis Can Beef?

"Cottage" Toxic


Infomation Vertical Market Apps

"Dream Zhu Xian," common sense to make money: what equipment the most valuable?

The official version of Opera 10 September 1 showing the speed will increase 40%

Review the DB2 Viper

SYBASE Services

Easy convert mp4 to adobe flash


DivX to iPhone

Armed New rural computer

Audio And Multimedia Storage

No comments:

Post a Comment