According to the BKIS Network Security Center, the Mydoom.F virus variant, which appeared in February, was joined by a new variant, .D of the Netsky virus, which severely damaged computer networks at VN.
Nguyen Tu Quang, director of BKIS, said at least 2,000 e-mails contain virus samples sent to the center every day, indicating a high probability of spreading the virus. Meanwhile, foreign security firms have begun warning the appearance of Netsky's E, F, G, H, I, J, K variants.
The destructive ability of these viruses is also quite serious, it can erase the data on the hard drive of the infected machine.
BKAV 505 updated W32.SkyNet.D virus
Bkav505 new virus update W32.SkyNet.D. This is a fast-spreading virus that spreads rapidly. Be alert when receiving the letter there Attach a .pif file of about 17 KByte . & nbsp;
To kill the W32.SkyNet.D virus you need to follow these steps:
-
Download Bkav software version Bkav505 about a folder on the machine.
-
If you use Windows Me or XP must turn off System Restore of the operating system go.
-
If your computer has installed other anti-virus programs such as NAV, McAffe must be temporary Turn off the Auto Protect function of those programs.
-
Running Bkav505, Select to scan all files, all drives.
-
Restart computer to complete.
W32.SkyNet.D virus specification
When enabled, W32.SkyNet.D will perform the following tasks:
-
Create a Mutex named [SkyNet.cz] SystemsMutex To check the earness of the virus in the memory of the computer.
-
Copy itself to the Windows directory (or WinNT) as an .exe file named winlogon.exe.
-
Generate the "ICQ Net" key in the registry key:
HKEY_LOCAL_MACHINESOFTWAREMicrosoft
WindowsCurrentVersionRun so that the virus is automatically activated every time the system boots. . Proceed to delete some keys in the registry:
& gt; Key HKEY_LOCAL_MACHINESOFTWAREMicrosoft
WindowsCurrentVersionRun, the virus delete the following keys:
Taskmon
Explorer
KasperskyAv
system.
msgsvr32
DELETE ME
service
Sentry
Windows Host Services
In HKEY_CURRENT_USERSOFTWAREMicrosoft key
WindowsCurrentVersionRun, the virus will delete the following keys:
Taskmon
Explorer
KasperskyAv
d3dupdate.exe
OLE
au.exe
Windows Host Services
The virus also deletes the following keys:
"system." in: KEY_LOCAL_MACHINESOFTWAREMicrosoft
WindowsCurrentVersion
RunServices
HKEY_CLASSES_ROOTCLSID
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} InProcServer32
HKEY_CURRENT_USERSoftwareMicrosoftWindows
CurrentVersionExplorerPINF
HKEY_LOCAL_MACHINESystem
CurrentControlSetServicesWksPatch
. Take the time of the system. If from 6:00 am to 9:00 am on March 2, 2004, the virus will emit sound from the PC speaker of the computer, the frequency of the sound is used by the virus time system to calculate.
Find the address of the file in the extension file as follows:
.eml
.txt
.php
.pl
.htm
.html
.vbs
.rtf
.in
.asp
.wab
.doc
.adb
.bb
.dbx
.sht
.oft
.msg
.shtm
.cgi
.dhtm
Send mail to email addresses found with
Title:
Re: Your website
Re: Your product
Re: Your letter
Re: Yourarchive
Re: Your Text
Re: Your bill
Re: Your details
Re: My details
Re: Word file
Re: Excel file
Re: Details
Re: Approved
Re: Your software
Re: Your music
Re: Here
Re:
Re: Hello
Re: Hi
Re:
Re: Your picture
Re: Here is the document
Re: Your document
Re: Thanks!
Re: Thanks!
Re:
Re: DocumentContent :
Your file is attached
Hãy đọc tập tin kèm
Hãy tìm thấy tập tin kèm theo
See attached file for details
Đây là tập tin
Your document is attachedAttachment with name:
your_website.pif
your_product.pif
your_letter.pif
your_archive.pif
your_text.pif
your_bill.pif
your_details.pif
document_word.pif
document_excel.pif
my_details.pif
all_document.pif
application.pif
mp3music.pif
yours.pif
document_4351.pif
your_file.pif
message_details.pif
your_picture.pif
document_full.pif
message_part2.pif
document.pif
your_document.pifand size of attachments: About 17 KByte.
Download Bkav2002 (Version 505) & nbsp;
