Viral behavior: 1. Install or update anti-virus software immediately and scan the memory and hard drive in full (recommended to install Super Patrol). Note:% System% is a variable path. In windows95 / 98 / me, this variable refers to% Windir% \ System, and in WindowsNT / 2000 / XP / 2003 / VISTA, this variable refers to% Windir% \ System32. other: Ups Battery Pack,Ups Battery,Lithium Ups,Rechargeable Ups Battery ZHEJIANG TIANHONG LITHIUM-ION BATTERY CO.,LTD , https://www.tflbattery.com
Virus name: Backdoor.Win32.IRCBot.axj
Virus alias: MSN worm Virus type: worm Hazard level: 3
Infected platform: Windows
Virus size: 26,021 (bytes)
SHA1: 51e1f45869422b0154a76527e13ac61ead5396eb
Packing type: unknown
1. Release the file:
% Windir% \ happy2008.exe
% Windir% \ Photos1-2008.zip
Photos1-2008.zip contains the file photo151.JPEG_www.HappyNewYear.com // It is the same file as happy2008.exe 2. Modify the registry:
Registry key: HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
Registry value: Windows svchost
Type: REG_SZ
Value: happy2008.exe
3. Send the following information to friends in MSN:
Check theese out, Christmas + New year!
Hey, have u seen these Christmas images?
you gotta see this, me in my noughty santa suit !!: P
New year + Christmas pictures!: D
Happy new year xD!: D see
Heeey :) <3 Check out theese New year photos!
4. Connect to the website to download the latest files:
http: //www.*****.co.uk/data/setup.exe
This file is similar to the above function, modify the same location of the registry and modify the value to svchost.exe
Release the file:
% Windir% \ svchost.exe 32,802 (bytes)
% Windir% \ PrivatePhoto2008.zip
PrivatePhoto2008.zip contains the file Image78145-2008.jpg_www.MsnMessenger.scr // it is the same file as svchost.exe
Super patrol download address: http: //
2. According to the actual security level, the firewall should be properly considered and properly set.
3. Use the patch inspection function of Super Patrol to install system patches in time.
4. Disable or delete unnecessary accounts and set a strong password for the administrator account.
5. Disable unnecessary services.
6. Update frequently used software, especially chat tools.
7. Don't open emails of unknown origin, especially email attachments.
8. Don't download and run files from unsafe websites at will.
9. The downloaded and newly copied files must be checked for viruses first.
10. Don't easily open links or executable files from instant messaging tools.
11. When using a mobile storage medium for data access, first check it for viruses. It is recommended to use a super patrol U disk immunizer for immunization.
% SystemDrive% Disk partition for system installation% SystemRoot% =% Windir% WINDODWS system directory% ProgramFiles% Application default installation directory% AppData% Application data directory% CommonProgramFiles% Common file directory% HomePath% Current active user directory% Temp% = % Tmp% The current active user temporary directory% DriveLetter% The logical drive partition% HomeDrive% The current user's system partition
Supervisory team monitoring data shows that the MSN worm broke out again after New Year's Day. MSN is still used to spread compressed files with malicious programs, and will send some information to entice users to download and run malicious programs. The super patrol team reminds the majority of users to increase their vigilance!
1. Virus analysis:
Virus label:
Second, the solution
Recommended solution: Install Super Patrol to conduct a comprehensive virus check and kill. Super patrol users, please upgrade to the latest virus database and perform a full scan.
3. Security Recommendations