Supervisory team monitoring data shows that the MSN worm broke out again after New Year's Day. MSN is still used to spread compressed files with malicious programs, and will send some information to entice users to download and run malicious programs. The super patrol team reminds the majority of users to increase their vigilance!
1. Virus analysis:
Virus label:
Virus name: Backdoor.Win32.IRCBot.axj
Virus alias: MSN worm Virus type: worm Hazard level: 3
Infected platform: Windows
Virus size: 26,021 (bytes)
SHA1: 51e1f45869422b0154a76527e13ac61ead5396eb
Packing type: unknown

Viral behavior:
1. Release the file:
% Windir% \ happy2008.exe
% Windir% \ contains the file // It is the same file as happy2008.exe 2. Modify the registry:
Registry key: HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
Registry value: Windows svchost
Type: REG_SZ
Value: happy2008.exe
3. Send the following information to friends in MSN:
Check theese out, Christmas + New year!
Hey, have u seen these Christmas images?
you gotta see this, me in my noughty santa suit !!: P
New year + Christmas pictures!: D
Happy new year xD!: D see
Heeey :) <3 Check out theese New year photos!
4. Connect to the website to download the latest files:
http: //www.*****
This file is similar to the above function, modify the same location of the registry and modify the value to svchost.exe
Release the file:
% Windir% \ svchost.exe 32,802 (bytes)
% Windir% \ contains the file Image78145-2008.jpg_www.MsnMessenger.scr // it is the same file as svchost.exe

Second, the solution
Recommended solution: Install Super Patrol to conduct a comprehensive virus check and kill. Super patrol users, please upgrade to the latest virus database and perform a full scan.
Super patrol download address: http: //
3. Security Recommendations

1. Install or update anti-virus software immediately and scan the memory and hard drive in full (recommended to install Super Patrol).
2. According to the actual security level, the firewall should be properly considered and properly set.
3. Use the patch inspection function of Super Patrol to install system patches in time.
4. Disable or delete unnecessary accounts and set a strong password for the administrator account.
5. Disable unnecessary services.
6. Update frequently used software, especially chat tools.
7. Don't open emails of unknown origin, especially email attachments.
8. Don't download and run files from unsafe websites at will.
9. The downloaded and newly copied files must be checked for viruses first.
10. Don't easily open links or executable files from instant messaging tools.
11. When using a mobile storage medium for data access, first check it for viruses. It is recommended to use a super patrol U disk immunizer for immunization.

Note:% System% is a variable path. In windows95 / 98 / me, this variable refers to% Windir% \ System, and in WindowsNT / 2000 / XP / 2003 / VISTA, this variable refers to% Windir% \ System32. other:
% SystemDrive% Disk partition for system installation% SystemRoot% =% Windir% WINDODWS system directory% ProgramFiles% Application default installation directory% AppData% Application data directory% CommonProgramFiles% Common file directory% HomePath% Current active user directory% Temp% = % Tmp% The current active user temporary directory% DriveLetter% The logical drive partition% HomeDrive% The current user's system partition


Ups Battery Pack,Ups Battery,Lithium Ups,Rechargeable Ups Battery