Virus name: N/A (Kaspersky)
Virus alias: .65536 [dll] (Ugly)
Virus size: 9,420 bytes
Boxing method: PE_Patch UPack
Sample MD5: e14c15ece526b8dea5347b1bdad8afe0
Sample SHA1:31bd81eaf9182e9f87a9c2df55fa748a8c1ce0ad
Discovery time: 2007.8
Updated: 2007.8
Related Viruses:
Dissemination method: spread through malicious websites, download other *s
Technical Analysis
==========
Online game *, after running it, copy itself to the system directory:
%System%\
And release the dll injection process:
%System%\
Create a startup item:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RAV0088"="%System%\"
Clear steps
==========
1. Delete the * startup item (to down. Download IceSword120_cn.zip to delete it in turn):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RAV0088"="%System%\"
2. Restart the computer
3. Delete * file:
%System%\
%System%\
Virus alias: .65536 [dll] (Ugly)
Virus size: 9,420 bytes
Boxing method: PE_Patch UPack
Sample MD5: e14c15ece526b8dea5347b1bdad8afe0
Sample SHA1:31bd81eaf9182e9f87a9c2df55fa748a8c1ce0ad
Discovery time: 2007.8
Updated: 2007.8
Related Viruses:
Dissemination method: spread through malicious websites, download other *s
Technical Analysis
==========
Online game *, after running it, copy itself to the system directory:
%System%\
And release the dll injection process:
%System%\
Create a startup item:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RAV0088"="%System%\"
Clear steps
==========
1. Delete the * startup item (to down. Download IceSword120_cn.zip to delete it in turn):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RAV0088"="%System%\"
2. Restart the computer
3. Delete * file:
%System%\
%System%\