These malicious files are being made and spreading its variants with generated simple toolkit.
Among various malicious files, we will let you know how to protect from being infected worm.
2. Spreading path and symptoms of infection
Likewise, most of online game account stealing malicious files, this malicious file seems to be generated from China.
It uses normal system file "Lpk.dll, Usp10.dll", these host files can be downloaded from tampered web site, attachment of e-mail, SNS, or messenger.
Hosts files can be set various file names and can create additional malicious files after being infected.
Upon infected, among generated additional malicious files, hra33.dll will work as a host file and will generate "Lpk.dll, Usp10.dll" continuously. Those generated file will steal online game account. Besides, it can be spread itself as a worm on same IP range or Shared folder.
Furthermore, (6-length random alphabets).exe is a cloned file of host file and can be work on booting registered as a service.
"Lpk.dll, Usp10.dll" to steal online game account and to work as a network worm can't be easily figured out .
Or we can find it on command prompt.
This will find all HDDs in a row, and if searching result is less than 4, it will be normal.
If this malicious file is located on user's PC, you can do this following process unless installed anti-virus SW.
Malicious files will be removed.
3. How to prevent
General user can hardly notice something happened in his PC.
To use PC safely from security threats of these malicious files, we recommend following "Security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Anti-Virus/Spyware for detecting such as malicious file stated above and runs responding system against various security threats.