Xinhua News Agency, Tianjin, April 13th (reporters Zhang Jianxin, Wang Yudan) - The National Computer Virus Emergency Response Center has discovered through internet monitoring that a new variant of "Trojan Downloader" (Trojan_Downloader.AH) has recently emerged. Users must be cautious.
Experts say that this variant spreads through USB drives or other mobile storage devices and terminates the processes of antivirus software in the system, preventing it from functioning properly. Computer users are easily subject to repeated infections, and it is quite difficult to completely remove the virus.
After infiltrating and infecting a computer system, the variant copies itself to a specified system directory. At the same time, the variant also replicates itself into the root directories of all disk partitions in the system, adding an autorun configuration file (autorun.inf), which causes the Trojan variant program to automatically run when users open each disk partition. In addition, the variant modifies the system's registry startup items, allowing the Trojan to automatically run when the computer system starts.
Moreover, this variant infects script files within the computer system, adding some malicious Web page addresses at the end of the script files. Once users click on and open infected script files, other virus scripts will be downloaded, re-infecting the computer system. A computer system infected by this variant will actively connect to a designated Web server on the network, downloading other Trojans, viruses, and malicious programs, ultimately turning the infected computer system into a "network zombie." If malicious attackers use this variant to remotely control infected computers, they can steal confidential information from the user’s system by recording keyboard and mouse operations, uploading the stolen information to a designated server.
Experts recommend that computer users who have already been infected with this variant immediately upgrade their antivirus software and perform a full system scan. For those who have not yet been infected, they should enable the "system monitoring" function of their antivirus software, providing active defense against various operations from the registry, system processes, memory, network, and other aspects. This allows for real-time monitoring of unknown virus intrusion activities.