However, we are posting again after finding another malicious file which creates malicious svchost.exe.
Since this malicious file can leak personal information, user needs special attention to be careful on downloading and executing from the internet.
2. Spreading path and symptoms of infection
Found malicious file at this time has its new features with creating another malicious svchost.exe in Windows system folder and acting except normal imm32.dll patch.
Besides, this, injected in certain online games, messenger, Internet Explorer, tries to sniff login information and send to certain external site.
Currently, this malicious file, as we mentioned earlier post, is being infected after downloaded from hacked web page or vulnerability of certain web browser.
This following figure is one of spread malicious files..
Upon execution downloaded lala.exe, it will create malicious svchost.exe in Windows system folder. Generated svchost.exe file will download .TXT file which contains server path to download additional malicious files and download files from that path.
* Information file containing malicious file distribution server
* Malicious file spreading Domain IP
Malicious svchost.exe and imm32.dll files are injected certain file generated by lala.exe. And it will be working after injected certain online game, messenger, and Internet Explorer.
Furthermore, malicious svchost.exe can incapacitate some of Korean anti-virus softwares. This following figure is the list of process.
* Before and after process status on being infected by malicious files
Upon execution those malicious files, it will create additional malicious file and set itself work on rebooting.
* Preferences of normal and malicious imm32.dll file
* Preference of malicious svchost.exe
* Registry registered information
3. How to prevent
To use your PC safely from security threats of these malicious applications, we recommend following tips "Security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function such as malicious file stated above and runs responding system 24 hours against various security threats.