Regarding the symptoms, I first searched for relevant information online. First, I need to display hidden files.
In this:HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\explorer\
Advanced\Folder\Hidden\SHOWALL, change the CheckedValue key value to 1
It is still useless, and the hidden file is still not displayed. After careful observation, it found that the virus has a more ruthless trick: after modifying the registration expression to the purpose of the hidden file, for the sake of safety, it deleted the originally valid DWORD value CheckedValue, created an invalid string value CheckedValue, and changed the key value to 0 (as shown in the figure). In this way, you think that changing 0 to 1 will make everything go well, but the fault is still the case! It is no wonder that the above phenomenon occurs.
The correct way is: first check whether the type of CheckedValue is REG_DWORD, and if not, delete the "little ghost" CheckedValue (for example, in this "case", the CheckedValue of type REG_SZ should be deleted). Then right-click "New" --> "Dword Value", name it CheckedValue, and modify its key value to 1, so you can select "Show all hidden files".
After some operation just now, I can see the hidden files in my computer. If the above method is invalid, it may be that the data of HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\explorer\Advanced\Folder\Hidden is lost or corrupted. In this case, please find it on the Windows XP installation CD, double-click it, and then click the "OK" button to add the complete registry data to the registry of the current system. (Note: But I have searched for the XP installation CD on my hand but didn't have this thing. If you unfortunately encounter this situation, you can try this method: find a computer with no problems, and
HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\explorer\Advanced\Folder\Hidden This branch is exported (if named); then back up the registry branch of the computer in question; finally import it to see if it can solve the problem. I haven't tried it, so I don't know if there will be any accidents. Good luck to everyone! If someone can find this thing in the XP installation disk, please copy the contents in the file into the comments and indicate whether the XP installation disk has been SP1 or SP2. Thank you!)
I saw that in my D:E:F: (except for the c drive), there were two files, deleted and regenerated. And these two files also appeared when connected to the USB drive. At this time, the antivirus software has not been started. I replaced Kingsoft with Jiangmin's, but it was still useless. It seems that the virus restricts the operation of the antivirus software, so the first thing to do is to turn off the automatic operation of the virus. I also looked for information online, but I tried it, it was useless and I couldn't find it. I provided it to you, and I will try it myself!
This is your modified ROSE virus
You can end the process deletion of SXS. Remember to enter the hard disk with the right mouse button.
Press Ctrl+Shift+Esc at the same time to open the windows task manager
Select the "Process" tab in it
Find "" under "Image Name" but click it and select "End Process"
Be sure to end all "" processes
Open My Computer Click "Folder Options" under the Tools menu
Click the "View" tab to put the "Advanced Settings" in
Checklist before "Hide protected operating system files (recommended)"
And select the "Show all files and folders" option below
Click OK
Right-click the C drive (no double-click!) and select "Open"
Delete the "" file and "" file under the C drive
Right-click on disk D and select "Open"
Delete the "" file and "" file under D disk (there is another file, which is also a .exe. It also deleted it)
……
And so on Delete all files and "" files on disk
Click Start, select "Run" and enter "regedit" (no quotes) and enter
Expand My Computer > HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows > CurrentVersion > Run
Delete the ROSE (c:\windows\system32\) project in the Run item
Close the Registry Editor
Then restart the computer
Delete the hard disk and it is ROSE:
Press the shift key and insert the USB flash drive until the computer prompts "new hardware can be used"
Turn on my computer
At this time, right-click the icon on the USB flash drive and select "Open" (don't click Automatic Play or double-click!)
Delete and file viruses are gone
I said above that this method is useless to me! There is no special killing, now I can only use the registry to kill the virus.
Open the registry "regedit" and find HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Some netizens said that they would delete the ROSE (c:\windows\system32\) project in the Run item.
I searched for a while but couldn't find the Run project, but I looked at the two "SoundMam" in Run, and the values given behind were different. One was "C:\\WINDOWS\\system32\\" and the other was "" I think everyone has discovered it, there must be a problem. I looked at it and found that only the latter one is correct, and the previous one is the "autoplay server" program of Haojie Super Resolver. It seems that the virus has been added to this. With the help of automatic playback, it spreads everywhere! (I think this is what I don’t know if it’s right). So I deleted this item, exited the registry, opened the antivirus software, and it was ready to use it, but it still couldn’t be found during normal antivirus. I used Jiang Min’s, and he had an unknown virus scan. It can be found there. It is a kind of "hard disk worm virus", just delete it. I originally wanted to take a screenshot for everyone, but unfortunately I restarted it and didn’t copy it. Which friend will add it below! Thanks!
Then there is still some left. Just go to each hard disk to delete it, and then clear the recycling bin. The others are normal. Some netizens may have some problems in the system, such as the "autoplay server" of Haojie Super Removal Bass cannot be used. My suggestion is: Don't use it, it's a bad thing! If you have to use it, reinstall it! Finally, restart it, it's OK!
* remotely controls the victim computer. Please pay attention to password security
Zhongguancun Online
Author: Zhongguancun Online sheyin
CNET China.ZOL reported on October 8: Beijing Information Security Assessment Center and Kingsoft Antivirus jointly released the popular virus on October 8, 2006.
Today, users are reminded to pay special attention to the following viruses: "Gray Dove Variety ir"() and "Downloader Variety cy"().
"Gray Dove Variety ir"() hacking virus, connecting to remote host port 8000 waiting for hacker commands.
"Downloader variant cy"() * virus, web page pops up regularly and downloads plug-in to run.
According to Rising Global Anti-Virus Monitoring Network, there are two viruses that are particularly noteworthy today, namely: the "Missey * variant KEV()" and the "Mysterious Release Variable BQO()" virus. "Missey * variant KEV" is a * stolen account and passwords, which can steal the accounts and passwords of a variety of online games, causing losses to gamers. The "Mysterious Release Variable BQO" virus will release other viruses and malicious programs, which will pose a threat to the user's information security.
/ (Kingsoft Antivirus), (Rising)
Kingsoft's popular virus today:
"Gray Dove Variety ir" () Threat level: ★★
According to Kingsoft Antivirus Antivirus Engineer, the virus is a hacker virus. The virus will copy itself to %systemroot% and run it, delete the original virus file; modify the registry to add the system service named Windows Update, and set it to boot up automatically. The infected host can connect to the remote host's port 8000 waiting for hacker commands, leaving the user host completely under the hacker's control.
"Downloader variant cy"() Threat level: ★
According to Kingsoft Antivirus Antivirus Engineer, the virus is a * virus. After the virus runs, it will be released to the %system% directory to disguise itself. This virus starts up automatically by modifying the registry and adding ServiceRemote's system service. After the virus runs, a configuration file will be downloaded from the network, and web pages will be popped up regularly and plug-ins will be downloaded.
Kingsoft Anti-Virus Engineers Recommend:
1. Please do not easily run files that have not been processed by antivirus software after downloading from the Internet. It is strongly recommended that you first use the latest virus database to scan and then decide whether to run it.
2. When the operator controls the user's computer, the user's information can be directly leaked. For the security of your system and personal information, experts recommend that users use the latest virus database to scan when opening a strange file.
Rising's Popular Viruses Today:
"Missey * variant KEV()" virus: degree of vigilance ★★★, account burglary, spread through the Internet, relying on system: WIN 9X/NT/2000/XP.
This is a troll horse. After running it, it will copy itself to the system directory and modify the registry startup project to achieve automatic operation as the system starts. The account-stealing * will run in the background and try to steal the accounts and passwords of online games such as Legend, Legend World, and Warcraft, causing losses to gamers.
"Mysterious Release Variable BQO()" virus: degree of vigilance ★★★, virus releaser, spread through the network, dependent system: WIN9X/NT/2000/XP.
After the virus is started, the virus files will be released from the body. Other viruses released by this virus may steal information such as the user's bank account, password, etc. A virus-infected computer may also be remotely controlled by hackers, such as adding and deleting files, restarting the computer, etc.
Rising anti-virus experts recommend:
1. Establish good safety habits and do not open suspicious emails and suspicious websites;
2. Many viruses use vulnerabilities to spread, so you must patch the system in time;
3. Install professional antivirus software to upgrade to the latest version and open the real-time monitoring program;
4. Install personal firewall software with the "* Wall" function to prevent password loss.
Stay away from danger and teach you how to use the LAN "stealing technique"
As the saying goes, "It is difficult to guard against a thief at home." In the local area network, it is not the distant hacker that truly poses a threat to your information security, but the "people" around you. Since online neighbors share files are widely used in LANs, in order to better protect ourselves, we need the help of invisibility when sharing files to prevent malicious attacks within.
Elementary Hide Hide Shared Folders
Don't think that adding a password to a shared folder can ensure security. Windows has many vulnerabilities, and it is easy to download a "password cracker" on the Internet. If others can't see your shared folder from their online neighbors, it will be much safer. It is not difficult to achieve this effect at all: right-click the folder you want to hide the shared, click the "Share" option, fill in the name of the shared folder in the share name, then add the dollar sign "$" afterwards, such as "Share File $", and then fill in the password. If someone wants to access your shared file, you must enter "\\Computer name (or IP address)\Shared file $ in the address bar, enter, and fill in your password to confirm to access your folder.
Advanced Hide Shared No Shared Logo
Using the method introduced above, others cannot see the folders you share through your online neighbors. However, if one day he finds that there are still shared folders on your computer (the shared folder has a special sign of being shared, and there is a small hand holding it under it, which is obviously different from ordinary folders), but he cannot see the folders you share from the online neighbors, then he may show his own research spirit and try his best to open the folders you share. If you can remove the small hand logo of the shared folder, so that the shared folder is the same as a normal folder, so that others cannot see that it is shared, then the security will be even more guaranteed. Let’s talk about the specific practices using the D disk without sharing flags as an example: First, use the primary invisibility technique introduced at the beginning of this article - the method of hiding shared folders to set the D disk to hidden sharing, then open the registry editor, and then open "HKEY_LOCAL_MACHINE\SoftWare\Microsoft\Windows\CurrentVersion\Network\LanMan\d$" in turn (you can also use the registry search function to directly find the primary key "d$"). Change the key value of the DWORD value "Flags" from "192" to "302", and restart Windows to take effect. If you want to access, just enter "\\Computer Name\d$" in the address bar and you can see the content shared by D disk. At this time, you will find that even in the resource browser of this machine, you can't see that the D drive is shared. Isn't it amazing? Apart from yourself, who else knows that your D drive is shared?
360 Safety Guard raises the level of hundreds of dogs to kill 39/40 weeks
360 Security Center (http://) released: Around the National Day holiday, the domestic malware market was relatively stable. No major "epidemic" was found in the two weeks between September 26 and October 8. In addition to intercepting the 3721.*.dll variant and LinkMedia and processing it in a targeted manner, 360 Security Guard also adjusted the level of the detection and killing of Baigou software, which is currently publicly concerned, from the previous plug-in-level detection and killing to the malware-level detection and killing; Yahoo software ranked first with 1.4 million uninstalls per week.
Data from the 360 Security Center Operation and Maintenance Team shows that the cumulative installation volume of 360 Security Guards is more than 5.8 million. Due to the impact of the National Day period, netizens' installation speed has slowed down slightly. It is expected that with the release of the official version of 360 Security Guards 2.0 after the holiday, there will be a new round of rapid growth.
Here we recommend that netizens establish good software installation habits, try to download it from the official website and regular download site when installing and downloading software; promptly apply security patches to the system; and regularly use 360 Security to check your computer.
[Key malware broadcast]
Hundred Dogs
Malware name: Baigou
Hazard level: ★★★★
Malware Type: Browser Hijacking
Company:
Malicious behavior: Forced installation
Transmission method: bundled installation
3721.*.dll variant
Malware name: 3721.*.dll variant
Hazard level: ★★★★★★★
Malware Type: *
Company: Unknown
Malicious behavior: Forced installation, cannot be completely deleted, add favorites, and automatically deformed
Transmission method: bundled installation
LinkMedia
Malware name: LinkMedia
Hazard level: ★★★★★★★
Malware Type: Adware
Company: Unknown
Malicious behavior: Forced installation, pop-up advertisements, and cannot be completely deleted
Transmission method: bundled installation
[User checking and killing malware reports]
Yahoo Assistant
Malware Name: Yahoo Assistant
Hazard level: ★★★★★★★
Company: Yahoo China
User-independent weekly unloading: 707423
Real-name of the network
Malware name: network real name
Hazard level: ★★★★★★★
Company: Yahoo China
User-independent weekly unloading: 699885
Cnnic Chinese Internet
Malware name: Cnnic Chinese Internet
Hazard level: ★★★★★★★
Company: China Internet Information Center
User-independent weekly unloading: 608226
Cnnic worry-free Internet access toolbar
Malware name: Cnnic worry-free Internet toolbar
Hazard level: ★★★★★★★
Company: China Internet Information Center
User-independent weekly unloading: 555081
Baidu Super Search
Malware name: Baidu Super Search
Hazard level: ★★★★★★★
Company: Baidu
User-independent weekly unloading: 439444
u1.
Malware name: u1.
Hazard level: ★★★★★★★
Company: Unknown
User self-operated weekly unloading: 291021
eBay Shopping Button
Malware Name: EBay Shopping Button
Hazard level: ★★★★
Company: eBook
User-independent weekly unloading: 271056
Baidu search partner
Malware Name: Baidu Search Companion
Hazard level: ★★★★★★★
Company: Baidu
User-independent weekly unloading: 256091
Search the address bar
Malware name: Zhongsou Address Bar Search
Hazard level: ★★★★★★★
Company: Zhongsou
User-independent weekly unloading: 247445
DMCast Desktop Media/IE-BAR
Malware name: DMCast Desktop Media/IE-BAR
Hazard level: ★★★★★★★
Company: Qiangu
User-independent weekly unloading: 242774
In this:HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\explorer\
Advanced\Folder\Hidden\SHOWALL, change the CheckedValue key value to 1
It is still useless, and the hidden file is still not displayed. After careful observation, it found that the virus has a more ruthless trick: after modifying the registration expression to the purpose of the hidden file, for the sake of safety, it deleted the originally valid DWORD value CheckedValue, created an invalid string value CheckedValue, and changed the key value to 0 (as shown in the figure). In this way, you think that changing 0 to 1 will make everything go well, but the fault is still the case! It is no wonder that the above phenomenon occurs.
The correct way is: first check whether the type of CheckedValue is REG_DWORD, and if not, delete the "little ghost" CheckedValue (for example, in this "case", the CheckedValue of type REG_SZ should be deleted). Then right-click "New" --> "Dword Value", name it CheckedValue, and modify its key value to 1, so you can select "Show all hidden files".
After some operation just now, I can see the hidden files in my computer. If the above method is invalid, it may be that the data of HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\explorer\Advanced\Folder\Hidden is lost or corrupted. In this case, please find it on the Windows XP installation CD, double-click it, and then click the "OK" button to add the complete registry data to the registry of the current system. (Note: But I have searched for the XP installation CD on my hand but didn't have this thing. If you unfortunately encounter this situation, you can try this method: find a computer with no problems, and
HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\explorer\Advanced\Folder\Hidden This branch is exported (if named); then back up the registry branch of the computer in question; finally import it to see if it can solve the problem. I haven't tried it, so I don't know if there will be any accidents. Good luck to everyone! If someone can find this thing in the XP installation disk, please copy the contents in the file into the comments and indicate whether the XP installation disk has been SP1 or SP2. Thank you!)
I saw that in my D:E:F: (except for the c drive), there were two files, deleted and regenerated. And these two files also appeared when connected to the USB drive. At this time, the antivirus software has not been started. I replaced Kingsoft with Jiangmin's, but it was still useless. It seems that the virus restricts the operation of the antivirus software, so the first thing to do is to turn off the automatic operation of the virus. I also looked for information online, but I tried it, it was useless and I couldn't find it. I provided it to you, and I will try it myself!
This is your modified ROSE virus
You can end the process deletion of SXS. Remember to enter the hard disk with the right mouse button.
Press Ctrl+Shift+Esc at the same time to open the windows task manager
Select the "Process" tab in it
Find "" under "Image Name" but click it and select "End Process"
Be sure to end all "" processes
Open My Computer Click "Folder Options" under the Tools menu
Click the "View" tab to put the "Advanced Settings" in
Checklist before "Hide protected operating system files (recommended)"
And select the "Show all files and folders" option below
Click OK
Right-click the C drive (no double-click!) and select "Open"
Delete the "" file and "" file under the C drive
Right-click on disk D and select "Open"
Delete the "" file and "" file under D disk (there is another file, which is also a .exe. It also deleted it)
……
And so on Delete all files and "" files on disk
Click Start, select "Run" and enter "regedit" (no quotes) and enter
Expand My Computer > HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows > CurrentVersion > Run
Delete the ROSE (c:\windows\system32\) project in the Run item
Close the Registry Editor
Then restart the computer
Delete the hard disk and it is ROSE:
Press the shift key and insert the USB flash drive until the computer prompts "new hardware can be used"
Turn on my computer
At this time, right-click the icon on the USB flash drive and select "Open" (don't click Automatic Play or double-click!)
Delete and file viruses are gone
I said above that this method is useless to me! There is no special killing, now I can only use the registry to kill the virus.
Open the registry "regedit" and find HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Some netizens said that they would delete the ROSE (c:\windows\system32\) project in the Run item.
I searched for a while but couldn't find the Run project, but I looked at the two "SoundMam" in Run, and the values given behind were different. One was "C:\\WINDOWS\\system32\\" and the other was "" I think everyone has discovered it, there must be a problem. I looked at it and found that only the latter one is correct, and the previous one is the "autoplay server" program of Haojie Super Resolver. It seems that the virus has been added to this. With the help of automatic playback, it spreads everywhere! (I think this is what I don’t know if it’s right). So I deleted this item, exited the registry, opened the antivirus software, and it was ready to use it, but it still couldn’t be found during normal antivirus. I used Jiang Min’s, and he had an unknown virus scan. It can be found there. It is a kind of "hard disk worm virus", just delete it. I originally wanted to take a screenshot for everyone, but unfortunately I restarted it and didn’t copy it. Which friend will add it below! Thanks!
Then there is still some left. Just go to each hard disk to delete it, and then clear the recycling bin. The others are normal. Some netizens may have some problems in the system, such as the "autoplay server" of Haojie Super Removal Bass cannot be used. My suggestion is: Don't use it, it's a bad thing! If you have to use it, reinstall it! Finally, restart it, it's OK!
* remotely controls the victim computer. Please pay attention to password security
Zhongguancun Online
Author: Zhongguancun Online sheyin
CNET China.ZOL reported on October 8: Beijing Information Security Assessment Center and Kingsoft Antivirus jointly released the popular virus on October 8, 2006.
Today, users are reminded to pay special attention to the following viruses: "Gray Dove Variety ir"() and "Downloader Variety cy"().
"Gray Dove Variety ir"() hacking virus, connecting to remote host port 8000 waiting for hacker commands.
"Downloader variant cy"() * virus, web page pops up regularly and downloads plug-in to run.
According to Rising Global Anti-Virus Monitoring Network, there are two viruses that are particularly noteworthy today, namely: the "Missey * variant KEV()" and the "Mysterious Release Variable BQO()" virus. "Missey * variant KEV" is a * stolen account and passwords, which can steal the accounts and passwords of a variety of online games, causing losses to gamers. The "Mysterious Release Variable BQO" virus will release other viruses and malicious programs, which will pose a threat to the user's information security.
/ (Kingsoft Antivirus), (Rising)
Kingsoft's popular virus today:
"Gray Dove Variety ir" () Threat level: ★★
According to Kingsoft Antivirus Antivirus Engineer, the virus is a hacker virus. The virus will copy itself to %systemroot% and run it, delete the original virus file; modify the registry to add the system service named Windows Update, and set it to boot up automatically. The infected host can connect to the remote host's port 8000 waiting for hacker commands, leaving the user host completely under the hacker's control.
"Downloader variant cy"() Threat level: ★
According to Kingsoft Antivirus Antivirus Engineer, the virus is a * virus. After the virus runs, it will be released to the %system% directory to disguise itself. This virus starts up automatically by modifying the registry and adding ServiceRemote's system service. After the virus runs, a configuration file will be downloaded from the network, and web pages will be popped up regularly and plug-ins will be downloaded.
Kingsoft Anti-Virus Engineers Recommend:
1. Please do not easily run files that have not been processed by antivirus software after downloading from the Internet. It is strongly recommended that you first use the latest virus database to scan and then decide whether to run it.
2. When the operator controls the user's computer, the user's information can be directly leaked. For the security of your system and personal information, experts recommend that users use the latest virus database to scan when opening a strange file.
Rising's Popular Viruses Today:
"Missey * variant KEV()" virus: degree of vigilance ★★★, account burglary, spread through the Internet, relying on system: WIN 9X/NT/2000/XP.
This is a troll horse. After running it, it will copy itself to the system directory and modify the registry startup project to achieve automatic operation as the system starts. The account-stealing * will run in the background and try to steal the accounts and passwords of online games such as Legend, Legend World, and Warcraft, causing losses to gamers.
"Mysterious Release Variable BQO()" virus: degree of vigilance ★★★, virus releaser, spread through the network, dependent system: WIN9X/NT/2000/XP.
After the virus is started, the virus files will be released from the body. Other viruses released by this virus may steal information such as the user's bank account, password, etc. A virus-infected computer may also be remotely controlled by hackers, such as adding and deleting files, restarting the computer, etc.
Rising anti-virus experts recommend:
1. Establish good safety habits and do not open suspicious emails and suspicious websites;
2. Many viruses use vulnerabilities to spread, so you must patch the system in time;
3. Install professional antivirus software to upgrade to the latest version and open the real-time monitoring program;
4. Install personal firewall software with the "* Wall" function to prevent password loss.
Stay away from danger and teach you how to use the LAN "stealing technique"
As the saying goes, "It is difficult to guard against a thief at home." In the local area network, it is not the distant hacker that truly poses a threat to your information security, but the "people" around you. Since online neighbors share files are widely used in LANs, in order to better protect ourselves, we need the help of invisibility when sharing files to prevent malicious attacks within.
Elementary Hide Hide Shared Folders
Don't think that adding a password to a shared folder can ensure security. Windows has many vulnerabilities, and it is easy to download a "password cracker" on the Internet. If others can't see your shared folder from their online neighbors, it will be much safer. It is not difficult to achieve this effect at all: right-click the folder you want to hide the shared, click the "Share" option, fill in the name of the shared folder in the share name, then add the dollar sign "$" afterwards, such as "Share File $", and then fill in the password. If someone wants to access your shared file, you must enter "\\Computer name (or IP address)\Shared file $ in the address bar, enter, and fill in your password to confirm to access your folder.
Advanced Hide Shared No Shared Logo
Using the method introduced above, others cannot see the folders you share through your online neighbors. However, if one day he finds that there are still shared folders on your computer (the shared folder has a special sign of being shared, and there is a small hand holding it under it, which is obviously different from ordinary folders), but he cannot see the folders you share from the online neighbors, then he may show his own research spirit and try his best to open the folders you share. If you can remove the small hand logo of the shared folder, so that the shared folder is the same as a normal folder, so that others cannot see that it is shared, then the security will be even more guaranteed. Let’s talk about the specific practices using the D disk without sharing flags as an example: First, use the primary invisibility technique introduced at the beginning of this article - the method of hiding shared folders to set the D disk to hidden sharing, then open the registry editor, and then open "HKEY_LOCAL_MACHINE\SoftWare\Microsoft\Windows\CurrentVersion\Network\LanMan\d$" in turn (you can also use the registry search function to directly find the primary key "d$"). Change the key value of the DWORD value "Flags" from "192" to "302", and restart Windows to take effect. If you want to access, just enter "\\Computer Name\d$" in the address bar and you can see the content shared by D disk. At this time, you will find that even in the resource browser of this machine, you can't see that the D drive is shared. Isn't it amazing? Apart from yourself, who else knows that your D drive is shared?
360 Safety Guard raises the level of hundreds of dogs to kill 39/40 weeks
360 Security Center (http://) released: Around the National Day holiday, the domestic malware market was relatively stable. No major "epidemic" was found in the two weeks between September 26 and October 8. In addition to intercepting the 3721.*.dll variant and LinkMedia and processing it in a targeted manner, 360 Security Guard also adjusted the level of the detection and killing of Baigou software, which is currently publicly concerned, from the previous plug-in-level detection and killing to the malware-level detection and killing; Yahoo software ranked first with 1.4 million uninstalls per week.
Data from the 360 Security Center Operation and Maintenance Team shows that the cumulative installation volume of 360 Security Guards is more than 5.8 million. Due to the impact of the National Day period, netizens' installation speed has slowed down slightly. It is expected that with the release of the official version of 360 Security Guards 2.0 after the holiday, there will be a new round of rapid growth.
Here we recommend that netizens establish good software installation habits, try to download it from the official website and regular download site when installing and downloading software; promptly apply security patches to the system; and regularly use 360 Security to check your computer.
[Key malware broadcast]
Hundred Dogs
Malware name: Baigou
Hazard level: ★★★★
Malware Type: Browser Hijacking
Company:
Malicious behavior: Forced installation
Transmission method: bundled installation
3721.*.dll variant
Malware name: 3721.*.dll variant
Hazard level: ★★★★★★★
Malware Type: *
Company: Unknown
Malicious behavior: Forced installation, cannot be completely deleted, add favorites, and automatically deformed
Transmission method: bundled installation
LinkMedia
Malware name: LinkMedia
Hazard level: ★★★★★★★
Malware Type: Adware
Company: Unknown
Malicious behavior: Forced installation, pop-up advertisements, and cannot be completely deleted
Transmission method: bundled installation
[User checking and killing malware reports]
Yahoo Assistant
Malware Name: Yahoo Assistant
Hazard level: ★★★★★★★
Company: Yahoo China
User-independent weekly unloading: 707423
Real-name of the network
Malware name: network real name
Hazard level: ★★★★★★★
Company: Yahoo China
User-independent weekly unloading: 699885
Cnnic Chinese Internet
Malware name: Cnnic Chinese Internet
Hazard level: ★★★★★★★
Company: China Internet Information Center
User-independent weekly unloading: 608226
Cnnic worry-free Internet access toolbar
Malware name: Cnnic worry-free Internet toolbar
Hazard level: ★★★★★★★
Company: China Internet Information Center
User-independent weekly unloading: 555081
Baidu Super Search
Malware name: Baidu Super Search
Hazard level: ★★★★★★★
Company: Baidu
User-independent weekly unloading: 439444
u1.
Malware name: u1.
Hazard level: ★★★★★★★
Company: Unknown
User self-operated weekly unloading: 291021
eBay Shopping Button
Malware Name: EBay Shopping Button
Hazard level: ★★★★
Company: eBook
User-independent weekly unloading: 271056
Baidu search partner
Malware Name: Baidu Search Companion
Hazard level: ★★★★★★★
Company: Baidu
User-independent weekly unloading: 256091
Search the address bar
Malware name: Zhongsou Address Bar Search
Hazard level: ★★★★★★★
Company: Zhongsou
User-independent weekly unloading: 247445
DMCast Desktop Media/IE-BAR
Malware name: DMCast Desktop Media/IE-BAR
Hazard level: ★★★★★★★
Company: Qiangu
User-independent weekly unloading: 242774