Beijing Information Security Assessment Center and Kingsoft Antivirus jointly released the popular virus on December 17, 2004.
Today, users are reminded to pay special attention to the following viruses: "Demon" () and "Red Ribbon Variation F" ().
The "Demon" hacking tool, which will copy itself to multiple directories of the system. The virus uses a variety of common methods to obtain operation rights. Once the user is infected with this virus, the virus will destroy some of the user's data and allow hackers to remotely illegally manipulate the infected machine.
"Red Ribbon Variety F" worm virus, which is spread through email and mIRC. When the virus occurs, a message box for successful Windows updates will pop up to deceive the user and use extremely tempting emails to lure the user to open it, thus causing more user machines to infect the virus.
1. "Demon" () Threat level: ★★
According to Kingsoft Anti-Virus Engineer's analysis, the virus will copy itself to multiple directories of the system. The virus uses a variety of common methods to obtain the operation rights and generates files in the root directory of each writable logical disk. Every time the user opens the logical disk, the virus runs quietly automatically. The virus also loads itself into the startup item of the registry. Every time the computer is turned on, the virus will be run, and the associated program of the text file is modified to point to itself. In this way, the virus will run quietly every time the user opens the text file. Then it closes Windows Task Manager, Registry Editor, Process Viewer, Excel application, Word application, program containing the string "play" and ".exe", and command-line window program. This virus will cause the Word document that users have worked hard to edit, and the Excel table is instantly lost. Users cannot close it with Windows Task Manager, users cannot edit the registry, users cannot open the command line window, and they cannot run software with "play".
Kingsoft Antivirus Antivirus Experts recommend users: Please do not easily run files that have not been processed by antivirus software after downloading from the Internet. It is strongly recommended that you first use the latest virus library to scan and then decide whether to run it.
2. "Red Ribbon Variation F" () Threat Level: ★★
According to Kingsoft Antivirus Antivirus Engineer, this is a worm that is spread through email and mIRC. When the virus occurs, a message box for successful Windows update will pop up to deceive the user, and copy five copies of the virus to the root directory of the C drive, add a startup item in the registry to realize the virus's startup self-start. The virus will also write two batch commands to C:\, one of which says "With a fool no season spend, or be counted as his freind." and the other is to format the C drive. By changing the mIRC script configuration file, the mIRC system establishes connection with virus files and expands the virus's transmission pathway. The virus will also generate an html file C:\inetpub\wwwroot\. When the user opens the page, the virus file will be opened. The virus collects email addresses in the Outlook Express address book, and then sends the virus as an attachment in the name of Microsoft. The email is extremely deceptive, and users may be deceived to open the attachment, thereby infecting the virus.
Kingsoft Anti-Virus Expert reminds users: The best way to prevent email viruses is not to easily open unfamiliar emails with attachments. If you must open them, please pay attention to using anti-virus software to detect before opening them. Pay attention to regularly upgrading the antivirus software to the latest version, turn on the email monitoring function at any time, and develop a good sense of security prevention.
Kingsoft Antivirus Antivirus Engineer reminds you: Please upgrade the Antivirus until December 17, 2004 to fully process the virus. If Kingsoft Antivirus is not installed, you can log in to / use Kingsoft Antivirus's online drug check or Kingsoft Antivirus download version to prevent the virus from invading.
Today, users are reminded to pay special attention to the following viruses: "Demon" () and "Red Ribbon Variation F" ().
The "Demon" hacking tool, which will copy itself to multiple directories of the system. The virus uses a variety of common methods to obtain operation rights. Once the user is infected with this virus, the virus will destroy some of the user's data and allow hackers to remotely illegally manipulate the infected machine.
"Red Ribbon Variety F" worm virus, which is spread through email and mIRC. When the virus occurs, a message box for successful Windows updates will pop up to deceive the user and use extremely tempting emails to lure the user to open it, thus causing more user machines to infect the virus.
1. "Demon" () Threat level: ★★
According to Kingsoft Anti-Virus Engineer's analysis, the virus will copy itself to multiple directories of the system. The virus uses a variety of common methods to obtain the operation rights and generates files in the root directory of each writable logical disk. Every time the user opens the logical disk, the virus runs quietly automatically. The virus also loads itself into the startup item of the registry. Every time the computer is turned on, the virus will be run, and the associated program of the text file is modified to point to itself. In this way, the virus will run quietly every time the user opens the text file. Then it closes Windows Task Manager, Registry Editor, Process Viewer, Excel application, Word application, program containing the string "play" and ".exe", and command-line window program. This virus will cause the Word document that users have worked hard to edit, and the Excel table is instantly lost. Users cannot close it with Windows Task Manager, users cannot edit the registry, users cannot open the command line window, and they cannot run software with "play".
Kingsoft Antivirus Antivirus Experts recommend users: Please do not easily run files that have not been processed by antivirus software after downloading from the Internet. It is strongly recommended that you first use the latest virus library to scan and then decide whether to run it.
2. "Red Ribbon Variation F" () Threat Level: ★★
According to Kingsoft Antivirus Antivirus Engineer, this is a worm that is spread through email and mIRC. When the virus occurs, a message box for successful Windows update will pop up to deceive the user, and copy five copies of the virus to the root directory of the C drive, add a startup item in the registry to realize the virus's startup self-start. The virus will also write two batch commands to C:\, one of which says "With a fool no season spend, or be counted as his freind." and the other is to format the C drive. By changing the mIRC script configuration file, the mIRC system establishes connection with virus files and expands the virus's transmission pathway. The virus will also generate an html file C:\inetpub\wwwroot\. When the user opens the page, the virus file will be opened. The virus collects email addresses in the Outlook Express address book, and then sends the virus as an attachment in the name of Microsoft. The email is extremely deceptive, and users may be deceived to open the attachment, thereby infecting the virus.
Kingsoft Anti-Virus Expert reminds users: The best way to prevent email viruses is not to easily open unfamiliar emails with attachments. If you must open them, please pay attention to using anti-virus software to detect before opening them. Pay attention to regularly upgrading the antivirus software to the latest version, turn on the email monitoring function at any time, and develop a good sense of security prevention.
Kingsoft Antivirus Antivirus Engineer reminds you: Please upgrade the Antivirus until December 17, 2004 to fully process the virus. If Kingsoft Antivirus is not installed, you can log in to / use Kingsoft Antivirus's online drug check or Kingsoft Antivirus download version to prevent the virus from invading.