Recently appeared in a worm for the iPhone mobile phone, and earlier we reported the first wallpaper of the iPhone will only change the mobile phone worm is different is that this virus can be not so "good", it can be used to iPhone users to obtain sensitive information.
According to security firm Sophos reported that late last week, a Dutch operator found a special attack on iPhone / iPod Touch a new worm. This virus has two startup scripts configuration, in which a script is used in the device starts loading the virus, while a script is responsible for the iPhone / iPod to connect to a server located in the territory of Lithuania, and then the machine's sensitive data Through this server, sent to the hands of criminals.
According to Sophos reported that this worm has a number of network operators began to unfold, including the Netherlands, UPC, Austria Optus, as well as T-Mobile is located in a multi-country network. To make matters worse, this spread of the virus in the WiFi network, the speed faster than 3G networks. Infected with the virus, users will find using the WiFi connection, mobile phone battery life was significantly shorter, which is obviously due to the virus at this time due to an extremely active period.
Cell phone virus infection, will be infected objects automatically numbers, so an attacker can identify a particular mobile phones. The virus also took aim at the same time, those who use text messages for authentication of the trading system, such as mTAN, which is a bank is often used to validate the user's mobile phones send and receive a password system, users can log on using this system, Internet Banking Account .
Sophos recommends infected with the virus iPhone / iPod touch users would be better to restore the phone's firmware into the latest release of Apple's firmware version. So far, there has not been found to remove the virus to other appropriate method.
Monday, December 31, 2007
2 Coup "forced" to kill the virus process
According to the process of killing people
This method is through the command taskkill under WinXP system achieved in the use of this method, first need to open the system processes the list interface, the process of finding the virus corresponding to a specific process name.
Then Click "Start → Run" command, the system is running in the pop-up box, run "cmd" command; and then at the DOS command line, type "taskkill / im aaa" format string command, click the Enter key after the , the persistence of the virus process, "aaa" have been forcibly killed. For example, to force kill "conime.exe" viral process, as long as the command prompt implementation of the "taskkill / im conime.exe" command, or else how long the system will automatically return to the results shown in the figure.
No. According to the process of killing
The above method, only part of the virus, the process of effective and encountered some more "stubborn" the virus processes, may be futile. At this point you can more than Win2000 system, built-in command - ntsd, to forcibly kill all the virus processes, because the order inter System process, SMSS.EXE process, CSRSS.EXE process can not "against" things, can be basically against other all the process. But in the process of using the command to kill the virus before the virus need to find the corresponding process in the specific process ID.
System process taking into account the list of interfaces in the default state, it is not show a specific process ID, so you can first open the Windows Task Manager window, and then click the "View" menu item below "Choose Columns" command, in the pop-up settings box, "PID (Process Identifier)" option is selected, click "OK" button. Return to the system processes the list page, you will be able to see into the process of the corresponding virus in a specific PID.
Then open the Run dialog box system, in which run the "cmd" command, at the command prompt, enter "ntsd-cq-p PID" command, you can specify the PID of the virus forced the process of killing. For example, a virus found in the process PID is "444", then you can perform "ntsd-cq-p 444" command to kill the virus process.
This method is through the command taskkill under WinXP system achieved in the use of this method, first need to open the system processes the list interface, the process of finding the virus corresponding to a specific process name.
Then Click "Start → Run" command, the system is running in the pop-up box, run "cmd" command; and then at the DOS command line, type "taskkill / im aaa" format string command, click the Enter key after the , the persistence of the virus process, "aaa" have been forcibly killed. For example, to force kill "conime.exe" viral process, as long as the command prompt implementation of the "taskkill / im conime.exe" command, or else how long the system will automatically return to the results shown in the figure.
No. According to the process of killing
The above method, only part of the virus, the process of effective and encountered some more "stubborn" the virus processes, may be futile. At this point you can more than Win2000 system, built-in command - ntsd, to forcibly kill all the virus processes, because the order inter System process, SMSS.EXE process, CSRSS.EXE process can not "against" things, can be basically against other all the process. But in the process of using the command to kill the virus before the virus need to find the corresponding process in the specific process ID.
System process taking into account the list of interfaces in the default state, it is not show a specific process ID, so you can first open the Windows Task Manager window, and then click the "View" menu item below "Choose Columns" command, in the pop-up settings box, "PID (Process Identifier)" option is selected, click "OK" button. Return to the system processes the list page, you will be able to see into the process of the corresponding virus in a specific PID.
Then open the Run dialog box system, in which run the "cmd" command, at the command prompt, enter "ntsd-cq-p PID" command, you can specify the PID of the virus forced the process of killing. For example, a virus found in the process PID is "444", then you can perform "ntsd-cq-p 444" command to kill the virus process.
Guard against evil "image killer" virus
The virus is running, will try to destroy all the pictures on the computer files, and those damaged irreparably. The virus sample was taken on October 20 was not yet detected the serious spread of the virus.
The virus aims to brush shells advertising traffic, pop-up a large number of sex and violence sites, but its destruction will lead poisoning in the computer losses.
Virus Behavior:
1. The virus by examining the window, the window name in the security software to its list of the name of the same name, then send the message, close the window (such as cleaning, process, warning, etc. keywords), so that antivirus software will not work properly.
2. Release% sys32dir% \ Com \ LSASS.EXE,% sys32dir% \ Com \ SMSS.EXE,% sys32dir% \ xpserver.dll and other documents, add the registry to start the project, delete IFEO, destruction of safe mode
The virus acts of vandalism:
1. Destroy all the photo files, the virus load, it will traverse and modify the drive except C drive other than the existence of GIF, gif, jpg, JPG format, such as 1.gif, changed its name to "1. (A large segment space). exe ", the contents of the file has been virus program to read:
Connect to the network when the virus downloaded the new version of the virus, pictures have been destroyed;
No clusters for the current version of the virus, the original image file is completely destroyed.
2: Malicious destruction of executable program
In addition to C-virus will attempt to overwrite the disk drive other than the sub-region of all exe files will be re-written for the virus, the head of data, the executable file is corrupted. If there is no backup, will not be restored.
3: The virus will search deleted gho file
This virus will search the suffix of. GHO,. Gho file and then delete (gho format is a key ghost backup of the file, delete this file to restore the system through the ghost that is not possible)
The virus aims to brush shells advertising traffic, pop-up a large number of sex and violence sites, but its destruction will lead poisoning in the computer losses.
Virus Behavior:
1. The virus by examining the window, the window name in the security software to its list of the name of the same name, then send the message, close the window (such as cleaning, process, warning, etc. keywords), so that antivirus software will not work properly.
2. Release% sys32dir% \ Com \ LSASS.EXE,% sys32dir% \ Com \ SMSS.EXE,% sys32dir% \ xpserver.dll and other documents, add the registry to start the project, delete IFEO, destruction of safe mode
The virus acts of vandalism:
1. Destroy all the photo files, the virus load, it will traverse and modify the drive except C drive other than the existence of GIF, gif, jpg, JPG format, such as 1.gif, changed its name to "1. (A large segment space). exe ", the contents of the file has been virus program to read:
Connect to the network when the virus downloaded the new version of the virus, pictures have been destroyed;
No clusters for the current version of the virus, the original image file is completely destroyed.
2: Malicious destruction of executable program
In addition to C-virus will attempt to overwrite the disk drive other than the sub-region of all exe files will be re-written for the virus, the head of data, the executable file is corrupted. If there is no backup, will not be restored.
3: The virus will search deleted gho file
This virus will search the suffix of. GHO,. Gho file and then delete (gho format is a key ghost backup of the file, delete this file to restore the system through the ghost that is not possible)
Subscribe to:
Comments (Atom)