[Warning] Malicious file which changes ws2help.dll(System file)

1. Information

INCA Internet Security Response Center's Emergency Response Team has detected changing ws2help.dll to malicious file from Jan 1, 2012. Malicious hackers are still distributing new malicious files for obtaining online game user's account especially on weekends. It changes normal system file to malicious, and it disturbs regular work of some Anti-Virus products.
Furthermore, it uses Flash Player and JAVA exploit, users need to be careful on using internet and must up-to-date its latest security update.

Various Patched Type malicious files, which changes core system file of Windows OS, are spreading in South Korea, especially, changing ws2help.dll file to malicious is the most popular.

INCA Internet Security Response Center's Emergency Response Team detected malicious file which changes ws2help.dll to malicious file on internet news, file sharing site.

[Warning] An error occurred on booting while being infected tampering system files.

[Warning] A malicious file masqueraded as a Melon player is spreading.

[Warning] Variant malicious files changing Windows system files are increasing

[Warning] Spreads various malicious file with being tampered Korean social commerce web site

Since INCA Internet Security Response Center added "GD(Generic Detection)" function to determine various variants of malicious file on our product, our value user will be safe from its variants without latest pattern update.

◎ Trojan/W32.Forwarded.Gen

Malicious file distributors are continuously changing malicious file for bypass against Anti-Virus'
detection. INCA Internet Security Response Center is going along with that trend.

2. Spreading path and symptoms of infection

Former malicious file we detected on Feb and Mar 2011 was type of changing normal imm32.dll system file to malicious with executing all functions on system file of normal imm32.dll.
Another type was loading normal file which was changed its file name by Push -> Call command on Export functions.

Such as these examples above, patching system DLL file is prevalent, and some of malicious files causes unexpected exception on Anti-Debugging, then it can cause BSOD finally.

Following figure is forwarding procedure of ws3help.dll with using Export Address Table function of ws2help.dll.

Anti-Virus software must replace original system files on reboot while treating malicious ws2help.dll.
If it deletes replaced malicious file and does not replace, it can cause abnormal procedure.

These malicious files are spreading over news site, file sharing site, social commerce site, and forums especially on weekends.

Especially, using JAVA exploit is prevalent these days; therefore, users need to renew for latest update.

3. How to prevent

We have mentioned various damage cases such as stealing online game account information and unexpected IE quit.

To be safe from those threats, nProtect product added "2011-06-23.01 pattern version" and can detect with "Generic diagnosis/treat technique".

Following URLs are for official web site of each product.

To use PC safely from security threats of these malicious attachments, we recommend you download latest security updates and obey following "Security management tips" for general users.

※ Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function “ON”
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.

※ INCA Internet (Security Response Center / Emergency Response Team) provides Generic diagnosis/treat and runs responding system against various security threats.


  1. Much as I, an expert paper typer, am for the idea of net neutrality, it might be a good idea to see what TeleCom's do with it. If for no other reason that at the moment, it is what it is. And once cooler heads prevail, I'm pretty sure the pendulum will swing the other way. So no worries :) That being said, with the internet being the mouth-piece for a LOT of people, and the added fact that in large parts of the US there is basically no choice in provider, this could allow the telecom companies to decide who gets to exercise their 1. Amendment rights. If allowed to continue, I'm sure other players would roll out infrastructure, but I can imagine a nightmare scenario where your choice of ISP decides whether or not you even have access to sites promoting a certain political view, and are exposed to other views than the ones you already subscribe to. At least with net neutrality, you would be guaranteed the option of checking out Breitbart or Salon, if the inclination should arrive.

  2. From this blog page you will get all the info and tips on how to write great research paper. Do not waste your time and check it out

  3. ACMarket is a free mobile app that acts as a marketplace for apps and games designed for the Android system that has been cracked.
    Ac Market
    Ac Market Apk
    ac market ios
    ac market downloading
    ac market latest version

  4. Seeking psychology research writing services are very common nowadays since there are very many students in need of Psychology Coursework Writing Services and psychology assignment writing services.

  5. It is important for business management assignment help seekers to find the best Business Management Writing Services from a reputable business management paper writing service provider for their custom business management essay services.

  6. Wales publications are well-known publishing solution providers in various disciplines in the UK, Wales Publications serving to scientific organizations worldwide. Contact us for further information and know our best services and deals to achieve your goal.The fast submission process includes rapid publication research in UK that includes unique rapid process, inhouse peer review and 100% acceptance guarantee.

  7. I appreciate you spending some time and energy to put this content together. I once again find myself personally spending a significant amount of time both reading and commenting.
    I am Bella Brownz From Las Vegas and I am working in an NGO for many years. If anyone looking for Assisted Living Homes Colorado so then suggests you The Gardens Care Homes as per your requirement. This Organization assists citizens of Colorado in better comprehending adult daycare, assisted living, and home care costs throughout the state.