Yesterday, NetSky-V distributed e-mail viruses carry code in the message body to execute the download and run a file on the remote machine. From there, the hacker can control the infected machine.
According to security vendor Trend Micro and Sophos, Netsky-V automatically enters the Windows directory with the name KasperskyAVEng.exe and insert the following entry into the registry section of the system:
HKLMSoftwareMicrosoftWindowsCurrentVersion
RunKasperskyAVEng = KasperskyAVEng.exe.
Then, when the user accesses the system, the virus will automatically activate. This worm opens the port 5557 and 5558 of the TCP protocol of the infected machine.
Prevention measures are as usual to not open unsolicited bulk email, subject matter with generic content. In particular, organizations and agencies that have electronic mail system should blockade, not allow, send mail carrying attachments pif, scr, com and close the port service unnecessary. Delete the file KasperskyAVEng.exe in the Windows directory as well as the entry by the virus into the registry mentioned above. Use the latest antivirus programs to scan the system. A free virus scanner from Trend Micro is available at & nbsp; http://housecall.trendmicro.com/
In Vietnam, BKIS Network Security Center has just announced another variant from the NetSky version of P. The experts here named the variant SkyNet.PN, a virus that exploits vulnerabilities in both versions 5.01 and 5.5 of the Internet Explorer web browser. (Download one by two. version name above).
According to Nguyen Tu Quang, Director of BKIS, in the past few days, especially on April 12, the volume of e-mail magirus spike and the main cause is still some variant of their NetSky, including sessions T and PN above. Mr. Quang said that the number of sudden increases may be due to the source of the virus has updated a new mailing list. To handle the SkyNet.PN virus, you can download the BKAV version 512 here
BKAV 512 more virus update W32.SkyNet.PN
Bkav512 W32.SkyNet.PN virus update. This is a new variant of the W32.SkyNet.P virus. & Nbsp; & nbsp;
To kill the W32.SkyNet.PN virus, you need to follow these steps: & nbsp;
. Download Bkav software version Bkav512 about a folder on the machine.
. If you use Windows Me or XP must turn off System Restore of the operating system go.
. If your computer has installed other anti-virus programs such as NAV, McAffe must be temporary Turn off the Auto Protect function of those programs.
. Running Bkav512, Select to scan all files, all drives.
Restart computer to complete.
Fix the problem for your Internet Explorer if necessary (Virus exploit vulnerabilities of IE 5.01 and IE 5.5) at the following links:
Download BKAV 512
