"Stolen" (dream of OnlineGames Microsoft Office 2010
PSWTroj Win32. J 14848) this is a Trojan virus, basically steal "dreamy west" account and password.
"Advertising download device" (Win32. 394615 Navi. Something. This is a advertising virus.
A, "stolen" (dream of OnlineGames. PSWTroj Win32. J 14848) threat level: u
The virus main function is to the west "stealing" fantastic account information.
1. The virus generated "LYMANGR. DLL" file on your computer will enumeration customers Microsoft Office is helpful.
search online game "process, the process of fantasy west" wish. Exe. Then enumerates the process of the module, if not found another file is by writing MSDEG32. DLL the memory way is injected into the virus document for the j exe. Office 2010 is my favorite.
2. Created in customer computer socket and binding to "2 * * * * * * * * * 9.2 * 4.1 2.1. 3"
3. Designated receiving site:
HXXP: / / www.5151la.com/mh2007/post2007kj.asp/? Server xx&gameid = xx&pass = = xx&pin = xx&wupin = xx&role = xx&equ = cash: xx xx&other = Build with silver: HXXP: / / : the xx Microsoft Office 2010 is so great.
www.raceswd.com/cs03/post.asp/? Server xx&gameid = xx&pass = = xx&pin = xx&wupin = xx&role = xx&equ = cash: xx deposit amount xx&other = Build: xx:
Second, "advertising download device" (Win32. 394615) Navi. Something. 9:28 threat level:
Virus after the operation will release file to the system folder and generate registry keys, BHO browser, according to the search results in the background sqlite affect the normal Internet advertising, user. In addition, the viruses use sqlite to manage and update its own database files.
1. Modify win. Ini file, insert the following content
[svrhost vercheck = 1188957373 sqlcheck =]] 1188957373 install = 1188957373
2. Use sqlite to manage and update its own database files Outlook 2010 is powerful.
HXXP: / / bar6. Old5. Com
3. BHO browser, according to the search results in the background sqlite affect the normal Internet advertising, user
HXXP: / / www.100x10000.com/xxxx.html HXXP: / / baidu. 3628. Com HXXP: / / www.xc100.com
Jinshan antivirus engineer advised Microsoft outlook 2010 is convenient!
PSWTroj Win32. J 14848) this is a Trojan virus, basically steal "dreamy west" account and password.
"Advertising download device" (Win32. 394615 Navi. Something. This is a advertising virus.
A, "stolen" (dream of OnlineGames. PSWTroj Win32. J 14848) threat level: u
The virus main function is to the west "stealing" fantastic account information.
1. The virus generated "LYMANGR. DLL" file on your computer will enumeration customers Microsoft Office is helpful.
search online game "process, the process of fantasy west" wish. Exe. Then enumerates the process of the module, if not found another file is by writing MSDEG32. DLL the memory way is injected into the virus document for the j exe. Office 2010 is my favorite.
2. Created in customer computer socket and binding to "2 * * * * * * * * * 9.2 * 4.1 2.1. 3"
3. Designated receiving site:
HXXP: / / www.5151la.com/mh2007/post2007kj.asp/? Server xx&gameid = xx&pass = = xx&pin = xx&wupin = xx&role = xx&equ = cash: xx xx&other = Build with silver: HXXP: / / : the xx Microsoft Office 2010 is so great.
www.raceswd.com/cs03/post.asp/? Server xx&gameid = xx&pass = = xx&pin = xx&wupin = xx&role = xx&equ = cash: xx deposit amount xx&other = Build: xx:
Second, "advertising download device" (Win32. 394615) Navi. Something. 9:28 threat level:
Virus after the operation will release file to the system folder and generate registry keys, BHO browser, according to the search results in the background sqlite affect the normal Internet advertising, user. In addition, the viruses use sqlite to manage and update its own database files.
1. Modify win. Ini file, insert the following content
[svrhost vercheck = 1188957373 sqlcheck =]] 1188957373 install = 1188957373
2. Use sqlite to manage and update its own database files Outlook 2010 is powerful.
HXXP: / / bar6. Old5. Com
3. BHO browser, according to the search results in the background sqlite affect the normal Internet advertising, user
HXXP: / / www.100x10000.com/xxxx.html HXXP: / / baidu. 3628. Com HXXP: / / www.xc100.com
Jinshan antivirus engineer advised Microsoft outlook 2010 is convenient!
RSS Feed