Yesterday, the reporter received a was robbed, then a blank mind, I really do not know what to do! very active virus, but Mr. Zhang is likely to be called Suddenly a friend of MSN signatures to , so that it saddened.
according to antivirus experts, the recent virus for 8 of Warcraft online game, Legend, Yulgang, Westward Journey, Heaven, Legend of Martial Arts, China 2, and other online games crazy crime, resulting in substantial Players losses. to At the same time the virus will install a global hook, watch the game window, record the user account information in the background, connected to the network, the account information will be submitted to the specified page.
experts suggest that the majority of gamers, in the course of the game need to open the firewall, the firewall which automatically alerts the user tried to attack the Trojans for the game and has been blocked, for the relatively new horse, you can also access the network when the Trojans were asked to help users identify.
virus recently introduced eight online games:
system services and processes hidden virus files and viruses, allowing users to create difficulties for its killing. The virus will install a global hook, watch the game window, record the user account information in the background, connected to the network, the account information will be submitted to the specified page .
the virus is more hidden in the virus in the Explorer.exe file (mywow.dll) will search for World of Warcraft game window, if found, from the game to read the relevant information, including the game player's account, password, login server, goods, equipment, etc., and to get the information sent through the site to upload Trojans to growers, so that the user's game account is lost.
is able to release the other two viruses to steal the user's legendary legendary account of the legendary Trojan games. the virus to run after the release of two virus files:% window% 399952.dll,% window% 399952M.BMP, after the completion of will self-delete.
virus will add a registry entry from the start, so the virus can put myself in with the Windows startup 399952M.BMP into conime.exe process run, the virus did not produce a new run-time process increase the difficulty of killing, and then calls the 399952.DLL file 399952M.BMP to steal game account and password, then upload the data obtained through the website growers in the form of Trojan horse sent to the designated site, allowing users The game account and password is lost.
the release of the following files: C: WINDOWS Download svhost32.exe, and in the C: Windows system32 wldll.dll path to release a DLL file; the virus from the boot entry in the registry will also add a specific item, to start with windows. Once the virus to steal players account information sent by mail to the mailbox Trojan growers, to bring players a certain economic and moral losses.
. WulinWZ.ab)
This is a Trojan horse to steal account gamers virus. The virus will copy itself to:% system% svvosts.exe and run. Meanwhile, the release of the file% system% mywl.dll, add a specific start-item. the virus in the system creates a message hook, steal variants dh itself to the% system% ravysigie.exe and run. The virus bound to trick users into clicking a game image, the virus once you find a lot of running anti-virus software to the end of the process; the virus to steal game account and password after the connection Mary network, and use their own email engine to send to the Trojan growers.
will copy itself to C: WINDOWS system32 insthx.exe, and start adding items to their own specific item starts with windows. In addition to stealing the virus outside the player tries to obtain important information users QQ number and password, and related information is sent to the specified mailbox Trojan growers.
% system% svvost.exe, the release of a virus file to the% system% mywl.dll and delete itself. At the same time, the virus will be loaded after running a dll file, install a global hook, once you find the game window is specified for the game process, and the information is submitted to the specified URL.
No comments:
Post a Comment