Editor's note: the last issue we introduced is the "million Valley of Flowers" virus conflicts have, in fact, similar sites on the Internet are still many, as long as the site with a new virus appears, we have an obligation to inform everyone.If you have network security articles, please xiongjie @ cpcw.com mail, we will be the fastest speed of the practicability of articles published in it.
First, personal experience
Trojan Web page into the process, the mouse strangely into an hourglass shape, does seem to have the program running.Open the computer's task manager, you can see one more wincfg.exe process.Process under the corresponding file in Win2000 is c \ winnt \ wincfg.exe, under the Win98 is c \ windows \ wincfg.exe.
Run Registry Editor regedit, in the "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVerion \ Run" found under wincfg.exe, it will own the original boot entry registered in the registry, so that will automatically run each boot wincfg.exe.(Pictured)
Note: The next set of people you can be set for the start of this trojan registration key name and file name, file name registration process is running in the name, so we see that the results may not be the same.
Run Kingsoft, the report found "backdoor bnlite", Oh, is that the server was renamed Trojan bnlite wincfg.exe.Although the Trojan server application is not (only 6.5K), but its function can be a lot: ICQ notification function with the remote server function to delete, set port and operation name, and upload and download ... ... If you in thethe Trojan, the Trojan can completely control the end of the Trojan on your computer to create a hidden FTP server, most people have permission to access your computer again!This control of your computer will be very easy!
Trojan is downloaded to the browser to the home computer, and run up it?In IE, click on "Tools" → "Internet Options" → "Security" → "Custom Security Level", will disable all ActiveX related options, and then visit the website, wincfg.exe or download and run!This has nothing to do seems to ActiveX.In the "Custom Security Level" on a file download options are disabled, then browse the web, this time wincfg.exe will not download.
Second, the problem reveals
We look wincfg.exe is downloaded to the viewer how to on your computer, click the right mouse button on that page, select one of the "view source" code in the page last found a suspicious plane statement: