Go homepage(回首页)
Upload pictures (上传图片)
Write articles (发文字帖)

The author:(作者)hpmailer
published in(发表于) 2013/12/1 20:40:50
Malicious Trojan horse programs new variants coming out of the Internet，

Malicious Trojan horse-Trojan-IT information new variants coming out the Internet Malicious Trojan horse programs new variants coming out of the Internet

National computer virus emergency response center by monitoring the Internet found that the recent emergence of new variants of malicious Trojan horse programs Trojan_ServStart.PF.

The variant runs, will copy itself to the infected OS system directory, rename the executable file, its file name is randomly generated. The variant will open the service control manager of the infected operating system, creates a process service is started. Meanwhile, the variant gets infected operating systems cache directory, rename the virus file to a log file, and set-restart to remove.

The variants to obtain the infected operating system information (such as computer name, operating system version, processor type, memory size, and so on), then sends it to a malicious attacker on a specified host, eventually leading to the infected operating system receives and executes malicious code instructions sent from remote hosts.

In addition, the variant forced infected operating systems the Web server specified in active connection to access the Internet and downloads other Trojan horses, viruses, and other malicious programs.

For computers that are already infected with the malicious program variants users, national computer virus emergency response Center recommends the immediate upgrade of antivirus software, a comprehensive antivirus. Users who were not infected with antivirus software recommended open systems "System Monitor" function, from the registry, system processes, memory, network, and other aspects of various operations to active defense.

恶意木马程序新变种现身互联网 - 木马程序 - IT资讯
恶意木马程序新变种现身互联网

国家计算机病毒应急处理中心通过对互联网的监测发现，近期出现恶意木马程序新变种Trojan_ServStart.PF。

该变种运行后，将其自身复制到受感染操作系统的系统目录下，重命名为可执行文件，其文件名是随机生成的。该变种会打开受感染操作系统的服务控制管理器，创建一个自启动的进程服务。与此同时，该变种获取受感染操作系统缓存目录，将病毒文件移动重命名为一个日志文件，并设置重启删除。

该变种获取受感染操作系统的相关信息(诸如：计算机名、操作系统版本、处理器类型、内存大小等)后，随即将其发送到恶意攻击者指定的主机上，最终导致受感染操作系统接收并执行来自远程主机发送的恶意代码指令。

另外，该变种会迫使受感染的操作系统主动连接访问互联网络中指定的Web服务器，下载其他木马、病毒等恶意程序。

针对已经感染该恶意程序变种的计算机用户，国家计算机病毒应急处理中心建议立即升级系统中的防病毒软件，进行全面杀毒。对未感染的用户们建议打开系统中防病毒软件的“系统监控”功能，从注册表、系统进程、内存、网络等多方面对各种操作进行主动防御。

赞