National Computer Virus Emergency Response Center through the monitoring of Internet, recently appeared a malicious backdoor program variants BackdoorPoison.SAK, remind the user be careful beware.
has the signature of the executable file is loaded into memory DLL hijacked by the variant, so as not to be anti virus software to detect the internal structure, mistakenly believe that the executable process is safe.
The variant ofafter the operation, will detect the system environment of infected, temporary directory name, release the temporary file. At the same time, will release the documents more malicious programs in the system directory, then the malicious program files into the file system and a remote process creates a thread to execute code, to the Cheap NBA Hats system dynamic load the driver, and the new registry key Inexpensive NHL Jerseys value entry.
in addition, injected into the system files the malware will create Cheap college basketball jerseys a browser IE process and its loading into the IE process, to communicate with the remote host specified. Modify registry related operations within the IE process, let cheap jerseys for sale every time the system will automatically load operation of remote control software service is started, and connect to the server.
in infected the malicious backdoor program variants of computer users, the National Computer Virus Emergency Response Center immediately upgrade anti-virus software in the system, a comprehensive anti-virus. The uninfected users suggested that open system anti-virus software "monitoring" function, from the active defense of various operation of the registry, system process, memory, network Cheap shirts etc.. (reporter Zhang Jianxin, Yuan Shuai)
相关的主题文章:
没有评论:
发表评论