The National Computer Virus Emergency Response Center discovered through the monitoring of the Internet that a malicious backdoor program variant Backdoor_Poison.SAK has recently emerged to remind users to beware of caution.
This variant is loaded into the memory by DLL hijacking of the signed executable file, so that it is not detected by the anti-virus software to detect its internal structure, and it is mistaken for the process of this executable file to be safe.
After the variant is run, it detects the infected system environment, obtains a temporary directory name, and releases the temporary file. At the same time, it will release multiple malicious program files in its system directory, then inject the malicious program files into the system file process and create a thread to execute code remotely, dynamically load the system drivers, and create new registry related key value entries.
In addition, a system file injected with a malicious program will create a browser IE process and load itself into the IE process to communicate with the remotely-specified host. In the IE process will modify the registry-related operations, so that each time the system service starts, it will automatically load and run remote control software, and connect with the server.
For computer users who have infected the variant of the malicious backdoor program, the National Computer Virus Emergency Response Center recommends that the anti-virus software in the system be immediately upgraded to perform a full-scale antivirus. For uninfected users, it is recommended to open the "system monitoring" function of the anti-virus software in the system and actively defend various operations from various aspects such as the registry, system processes, memory, and network.
Bulk usb drives for sale,Bulk USB Drives - Premium USB,custom USB drives,Amazon flash drive,USB memory direct,Promotional USB drives
Shenzhen Konchang Electronic Technology Co.,Ltd , https://www.konchangs.com