The one of biggest features of this malicious file is that it can infect victim's PC continuously even if this file had been removed by Anti-Virus SW.
2. Spreading path and symptoms of infection
This malicious file can be spread via file hosting web sites as same as malicious files for stealing online game account information, attachment of e-mail, and SNS.
This malicious file has the same symptom of stealing online game account information, including infecting normal file such as imm32.dll, lpk.dll to malicious.
But, tampering MBR and causing re-infecting symptom is the difference against previous version.
* MBR before tampered
* Tampered MBR
Figures above describes between before tampering and after tampering. Once MBR has been tampered, it can infect on every booting.
* Tampered MBR including reinfection code
Furthermore, additional malicious files can be generated and downloaded after being infected.
* Generated files
- C:\Windows\lpk.dll
- C:\Windows\system32\DiskSystem.exe
- C:\Windows\system32\halc.dll
- C:\Windows\system32\imm32.dll
- C:\Windows\system32\ws2sock.dll
- C:\Windows\system32\dnetcom.dll
- C:\Windows\system32\drivers\FileEngine.sys
- C:\Windows\lpk.dll
- C:\Windows\system32\DiskSystem.exe
- C:\Windows\system32\halc.dll
- C:\Windows\system32\imm32.dll
- C:\Windows\system32\ws2sock.dll
- C:\Windows\system32\dnetcom.dll
- C:\Windows\system32\drivers\FileEngine.sys
After infected additionally generated malicious files, it can steal online game account information by lpk.dll and monitor process of certain Anti-Virus SWs by FileEngine.sys.
3. How to prevent
Since, this kind of malicious file can tamper MBR, complete removing can be difficult.
In this case, we must recover MBR first as following.
* How to treat from tampered MBR
1. Use "Windows installation CD" and go to recovery mode.
2. Choose the directory to recover and type "fixmbr" Enter. And create new MBR.
3. MBR will be recovered, and malicious files can be deleted by Anti-Virus SW.
To use PC safely from security threats of these malicious attachments, we recommend following "Security management tips" for general users.
Security management tips
1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.
5. Execute downloaded file after scan with anti-virus SW.
1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.
5. Execute downloaded file after scan with anti-virus SW.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with “nProtect Anti-Virus/Spyware” for detecting such as malicious file stated above and runs responding system against various security threats.
http://bantalsilikon01.blogspot.com/
ReplyDeletejual bantal jual bantal jual bantal jual bantal jual bantal jual bantal jual bantal jual bantal jual bantal
sangkar jual sangkar jual sangkar jual sangkar jual sangkar jual sangkar jual sangkar jual
anne
cd anne jelita brenda anne caca tasya ruth
bantal web bantal bantal silikon pembicara hellow
bumbu bumbu bumbu bumbu bumbu distro distro
This is also a very good post which I really enjoyed reading.
ReplyDeleteIf you are interested in writing argumentative essays, I can recommend you to read this. I read it in college and it helped me a lot.
ReplyDeletesatta king 2018
ReplyDeletesatta king in
https://sattaking2018.in/
How long does it take to complete this article? I have read through other blogs, but they are cumbersome and confusing. I hope you continue to have such quality articles to share!
ReplyDeletehttps://19216801.in/
ReplyDelete19216801.in
19216801
After wrestling my bags (yes, multiple. Unusual for the usually carry on only girl) to the taxi stand and watching my breath freeze in mid-air for a few minutes, a cheerful Chicago cabby pulled up and loaded me in.
ReplyDeleteBackpage
Patreon
Loveawake review
Alex Wise