On October 10, Rising Global Anti-Virus Monitoring Network intercepted a worm virus that spreads with QQ and MSN, sending "FUNNY.EXE" files to online friends, and users will poison. The virus will shield 937 mainstream websites, which may cause Win98 crash. Also, this virus will use MSN, QQ and other crazy send information, which is likely to promote a website.
Rising anti-virus experts reminded that when the user receives the suspicious document sent by QQ, MSN friends, be sure to use the latest version of anti-virus software to kill virus, version 16.47.30 Rising software can completely remove this virus. In addition, Rising also released a free "MSN scammer" virus killing tool, and "QQ virus" special killing tool. First, virus assessment
1. Virus Chinese Name: MSN Liar
2. Virus English name: Worm.MSN.Funny
3. Virus type: Worm virus
4. Virus Hazard Level: ★★★★
5. Viral communication route: QQ / MSN instant messaging tool
6. Virus dependencies: Windows 9X / NT / 2000 / XP
Second, the damage of the virus
1. Under the Windows 2000 / XP system, the virus will modify the system file HOSTS, shield 937 websites, and turn to WWW. ** 78p.com when using the user to log in to WWW. ** 78p.com, causing users to get normally online.
2. Under the Windows 98 system, the virus will replace the system file Rundll32.exe, which may cause the system to shut down, and crash.
3. Use MSN, QQ crazy to send advertising information, and deceive users to log in to WWW. ** 78p.com website.
4. Send "Funny.exe" file to MSN and QQ friends to spread itself.
Third, technical analysis
1. The virus is written in Visual Basic language, and the shell is added with Aspack2.12.
2. After running, the virus will copy itself into the Windows directory, the virus file is named "Rundll32.exe", and copy itself into the system directory, the file name is IExplorer.exe, Explorer.exe, respectively.
3. Modify the registry to achieve random self-start.
4. After the virus is running, several processes will run at the same time, form a dual process protection, and it is difficult to end in the task manager.
5. Send a newly opened bar, gather at night, here to introduce WWW. ** 78p.com, remember to call me "," friends, pay more attention to rest, you can relax here Www. ** 78p.com "," We also come to a word, watch MM, www. ** 78p.com, enough! Oh! "," Japanese people in the Nanjing Massacre! Resolutely boycott Japanese goods Www. ** 78p.com "," Ten countries that threaten to China! List WWW. ** 78p.com "," I have seen the most beautiful video MM (don't see you don't regret), www. ** 78p.com "," Chinese Peasant Survey "page blood tears, the central transfer from Netease, www. ** 78p.com".
6. Send a file named funny.exe to MSN, QQ friends, which is a virus.
7. If the user uses the WIN 2000 / XP system, the virus will modify the HOSTS file, shield 937 mainstream websites, automatically turn to WWW. ** 78p.com when using the user to log in to these websites.
8. If the user uses the WIN 98 system, the virus covers the system file Rundll32.exe, which may cause the system anomaly. If you are running, you can't shut down normally. If you restart, you can't enter your desktop, all operations cannot be done.
Fourth, viral solution:
Upgrade
Rising company will conduct emergency upgrades on the same day, the upgrade software version number is 16.47.30, the version of Rising anti-virus software can thoroughly kill "MSN Liar" virus, Rising anti-virus software Standard Edition and network version of users can log in directly to Rising The website (www.rising.com.cn/) Download the upgrade package to upgrade, or use the intelligent upgrade function of Rising anti-virus software. 2. Use a special killing tool
In view of the characteristics of the virus, Rising Company also provides free virus killing tools for users who have no anti-virus software in their hands, "MSN scammers" virus killing tool download address: it.rising.com.cn/service/technology/rs_msn .htm. "QQ virus" special killing tool download address is IT.RISING.CN/Service/technology/rs_qqmsender.htm.
3. Use the online anti-virus and download version
Users can also use Rising's online anti-virus and download products to remove the virus. These two products are paid by mobile phones. Users can log in to Online.rising.com.cn/ Use online anti-virus products, or log in to http: // GO.RISING.COM.CN/ Use the download version.
4. Call for help
If you encounter other problems about the virus, users can call Rising anti-virus emergency calls: 010-82678800 to seek help from antivirus experts!
V. Safety Suggestions:
1. Establish a good habit. For example: Do not open some of the unknown emails and accessories, don't pay some sites that don't know much, don't perform software from Internet download, these necessary habits will make your computer safer.
2. Close or delete unwanted services in your system. By default, many operating systems install some auxiliary services, such as FTP clients, Telnet, and web servers. These services provide an attacker that is convenient, and it is not too much to use, and if they delete them, it can greatly reduce the possibility of attacked.
3. Regularly upgrade the safety patches. According to statistics, 80% of network viruses are spread through system security vulnerabilities, like Walp king, shock waves, vibration waves, etc., so we should regularly go to Microsoft website to download the latest security patches to prevent it.
4. Use complex passwords. There are many network viruses to attack the system by guessing simple passwords, so using complex passwords will greatly improve the safety factor of the computer.
5. Quickly isolate the infected computer. When your computer discovers the virus or abnormality, it should be disconnected immediately to prevent more infections from the computer, or become a propagation source, and infect other computers again.
6. Understand some virus knowledge. This allows new viruses and takes appropriate measures in time to make their own computer from virus damage at critical moments. If you can understand some registry knowledge, you can see if you have a suspicious key value of the registry's self-start item; if you know some memory knowledge, you can often see if there is a suspicious program in memory.
7. It is best to install professional anti-virus software for comprehensive monitoring. Today, the use of anti-virus software is an increasingly economical choice, but the user should be upgraded frequently after installation of anti-virus software, and some main monitoring frequently open (such as mail monitoring), memory monitoring Wait, I have to report the problem, so that I can really protect the safety of the computer.
8. Users should also install personal firewall software for anti-black. Due to the development of the network, the hacker attack problem facing the user's computer is getting more serious. Many network viruses use hackers to attack user computers, so users should also install personal firewall software, set the security level to medium, high In this way, it can effectively prevent hacker attacks on the network. The killing tool for this virus can be downloaded on http://down1.tech.sina.com.cn/download/download/download/11693.SHTML.
