The "neighboring bandit" virus can not be underestimated, beware of the emergence of another "panda burning incense"

Trend Micro issued a moderate risk virus alert in China on June 8, there is a malignant virus called "the neighbor bandit" (PE_CORELINK.C-O) is spreading rapidly on the Internet, and the current Trend Micro Shanghai MOC monitoring Center has received more than 10 requests for help from large and medium-sized enterprise users, mainly causing their network system to crash. Since Trend Micro received the first user's help on May 31, the "Neighbor Bandit" virus has rapidly spread to nearly 100,000 computers across the country. Trend Micro experts remind the majority of computer users: the "neighboring bandit" virus can not be underestimated, beware of the emergence of another "panda burning incense".

"Adjacent Bandit" virus mainly through U disk (or mobile hard disk), shared files, infection executable program three ways to spread. When a computer in the LAN is attacked by the "neighbor Bandit" virus, its neighboring computers are gradually implanted with malicious Trojan horse programs, and eventually all the user computer systems in the LAN are infected, resulting in sudden disconnection or even system collapse of the LAN. The virus mainly uses other malicious virus programs downloaded to launch "ARP spoofing", trying to intercept or alter the information of other computer systems in the local area network through this means.

Trend Micro expert Protection advice:

In view of the above virus spread situation, Trend Micro recommends that the majority of computer users can take the following measures to prevent:

1, prevent the USB file from starting:

a) Locate the key value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 using the registry editor

b) Right-click the above key value to select the property

c) Click the Advanced button in the Security options page, then deselect the inheritance check box in the dialog box, select Remove in the pop-up dialog box, and click OK to close the dialog box

2, strengthen the password setting of the machine to prevent the virus from spreading through weak passwords

3. Block access to the following urls:

cn3721.org

rm510.com

http://tj.imrw0rldwide.com/co.asp

4. Use opp or windows permission management to prevent the following files from being written

a) windows installation directory: linkinfo.dll, winnetmanager.exe and any bmp file

b) drivers directory: nvmini.sys, arp8023.sys