|Typical Symptoms||Changes registry,Place malicious code|
|Discovered|| [korea] 2009-06-03
|Scan engine needed||
2009-06-04 [Able to detect & repair]
1. This malicious code shows a fake Anti-Virus program install feature and induces users to install, but if Internet is connected, even user cancels the installation, it downloads and executes the fake Anti-Virus program automatically.
2. It downloads the malicious codes from Webserver, getxxxivirusxxusnxx.com (9x.2xx.4x.1xx) and executes them.
3. It adds registry for automatic execution on system reboot, and by registering Explorer BHO, it blocks normal Internet use.
[How to repair]
1. If you are WinXP/ME users, please be inactivate System Recovery Function.
The reason why being inactivate of the system recovery is to clean the virus completely.
- Use the trial version of ViRobot products (30days only)
a. Run your ViRobot, and choose "all files" in scan option.
- ViRobot Desktop 5.5 : [Tools] -> [Configuration] -> [Virus Scan] : Check all files
- LiveCall (Free Scan) : [Advanced Scan] : Check