Besides, this malicious file adopted these methods changing "imm32.dll" file, located in Windows folder, to new type of malicious file or generate itself.
Therefore, general user who plays online game needs to be careful of infection.
2. Spreading path and symptoms of infection
This case of spreading infected malicious file related normal imm32.dll patch is frequently found. And its techniques are various. One of these main purposes is giving financial damage of infected user. One of spread malicious file found lately is using vulnerability of IE and induces to leak personal information.
Currently, this malicious file is redirected from certain web site, and following image shows download window to be spread so far.
Upon execution downloaded "aa.exe", it will create additional malicious file on following path.
Furthermore, it will rename normal imm32.dll to another name and patch.
Normally patched malicious imm32.dll will try to leak user account information and forcibly stop to certain anti-virus software.
* Comparison information between normal and malicious imm32.dlls
* Control flow of malicious file and patching imm32.dll
3. How to prevent
To use your PC safely from security threats of these malicious applications, we recommend following tips "Security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function such as malicious file stated above and runs responding system 24 hours against various security threats.