Thursday, September 23, 2010

The latest trends in "Westward Journey 3" Daohao Trojan



Recently, micro-point active defense software automatically capture a special Pirates of the Westward Journey's Daohao Trojan "Trojan-PSW.Win32.OnLineGames.dgiv", according to micro-point anti-virus, anti-family introduction, users of the Trojan, it will appear "Westward Journey 3 "game for no reason shut down, enter the user name, password, secret security phenomenon when the game is running slow, will eventually lead to virtual property theft by hackers.

This Trojan runs, using the process of injection, load dynamic library files, installed global message hook to get user input "User Name", "password" and "close protection" and other information, and use the command line to achieve self-delete. Lee successfully steal user input "User Name", "password" and "close protection" and other information, the Trojan will use the web form receipt of the letter, sent to the hacker specified page.

Preventive measures

Have installed the software using the micro-point active defense of users without any settings, micro point of active defense will automatically protect your system from the invasion and destruction of the virus. Whether you have upgraded to the latest version of the micro-point active defense can effectively clear the virus. If you do not have to micro-point active defense software upgrade to the latest version of the software micro-point active defense after the discovery of the virus alarm you find the "Unknown Trojan", please select the delete processing (Figure 1);






Figure 1 Micro-point active defense software automatically capture unknown virus (not upgrade)

If you have active defense micro-point upgrade to the latest version of the software, micro-point alarm you find the "Trojan-PSW.Win32.OnLineGames.dgiv", please select Delete (Figure 2).






Figure 2 micro-point active defense intercepted known viruses after the software upgrade

The point is not to use micro-active defense software users, micro-point anti-virus experts suggest:

1, do not download unknown site, unofficial version of the software to install, to avoid the virus by binding of the way into your system.

2, anti-virus software as soon as possible characteristics of your database upgrade to the latest version of killing, and open the firewall blocking access network anomalies, such as still abnormal Please note that timely and professional security software vendor contact for technical support.

3, open the windows automatic update, time lay a patch.

Micro-point active defense is not installed the software manual solution:

1, manually delete the following files:

% SystemRoot% Fontstwsrcwed.dll

% SystemRoot% Fontsd091015.dat

2, manually delete the following registry value:

Key: HKEY_CLASSES_ROOTCLSID (DF12F8AB-9A00-469C-B9D4-425C1BE3E1E6)

Key: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks

Value: (DF12F8AB-9A00-469C-B9D4-425C1BE3E1E6)

Key: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad

Value: C: WINDOWSFontstwsrcwed.dll

Data: (DF12F8AB-9A00-469C-B9D4-425C1BE3E1E6)

Variable declaration:

% SystemDriver% system where the partition, typically "C:"

% SystemRoot% WINDODWS directory, usually "C: Windows"

% Documents and Settings% user documentation directory, usually "C: Documents and Settings"

% Temp% temp folder, usually "C: Documents and Settings current user name of the Local SettingsTemp"

% ProgramFiles% system program default installation directory, typically: "C: ProgramFiles"







Recommended links:



Ad Blockers comparison



Students this year, real salary levels Jiemi fresh



the basis of how Effective management of



Cool my music Box, to create your music kingdom



VB.NET enumeration EFFICIENCY with new



MKV to Xbox 360



3 Accounting In A Drama, Colorful Festival Foshan Accounting



Talent On: A NEW Maxima



QuickTime to MPEG



VIP Guests Have The Start Menu



Articles about Strategy And War Games



Essays on CMMI [1]



DVR-MS TO MPEG



No comments:

Post a Comment